Single Sign-On (SSO) is an authentication framework that allows users to authenticate in multiple applications using a single set of credentials.
SSO works based on a communication between the application where the user wants to login (the service provider) and an identity provider that will authenticate the user.
The login process usually takes the following steps:
Most consumer-facing SSO applications use an authentication protocol called OpenID Connect (OIDC). This protocol handles the authentication process through JSON Web Tokens and a central identity provider, using the steps described above. In this case, after the user logs in to the identity provider, they are asked to grant specific data access to the application (service provider). An ID Token with user information is generated and sent to the application.
To achieve a truly frictionless login experience, you can now use
If you are already using an Identity Management service in your applications like
To allow users to log in using YooniK SSO, you must register your application with YooniK.
Usually, your Auth0 domain name is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus
.auth0.com. For example, if your tenant name were
exampleco-enterprises, your Auth0 domain name would be
exampleco-enterprises.us.auth0.com and your redirect URI would be
https://exampleco-enterprises.us.auth0.com/login/callback (if your tenant is in the US and was created before June 2020, then your domain name would be
If you are using
https://<YOUR CUSTOM DOMAIN>/login/callback.
To set up your app with YooniK, please send an e-mail to [email protected] requesting an SSO service account and provide your app name, Auth0 domain, and redirect URI. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.
Connection name: Logical identifier for your connection: It must be unique to your tenant (e.g., "yoonik-oidc").
Issuer URL: https://accounts.yoonik.me/.well-known/openid-configuration
Client ID: Unique identifier for your registered application. Enter the saved value of the Client ID for the app you previously registered with YooniK.
Callback URL: URL to which Auth0 redirects users after they authenticate. Ensure that this was the value you previously provided to YooniK.
Sync user profile attributes at each login: When enabled, Auth0 automatically syncs user profile data with each user's login, thereby ensuring that changes made to the connection source are automatically updated to Auth0.
And it's done! After these steps, your users can log in to your app by just using their faces!
Disclosure: I am currently working with YooniK as co-founder and VP of Engineering and I have an equity portion of the company.
Also published here.