What is Single Sign-On? Single Sign-On (SSO) is an authentication framework that allows users to authenticate in multiple applications using a single set of credentials. SSO works based on a communication between the application where the user wants to login (the service provider) and an identity provider that will authenticate the user. The login process usually takes the following steps: The user goes to an application or website that requires authentication (the service provider). Then they are redirected to the authentication domain (the identity provider) where they may be prompted to log in. If the user is already logged in to their identity provider, they can be immediately redirected back to the original application without signing in again. The identity provider will send a token back to the service provider that confirms a successful authentication. The user has been granted access to the service provider. OpenID Connect Most consumer-facing SSO applications use an authentication protocol called OpenID Connect (OIDC). This protocol handles the authentication process through JSON Web Tokens and a central identity provider, using the steps described above. In this case, after the user logs in to the identity provider, they are asked to grant specific data access to the application (service provider). An ID Token with user information is generated and sent to the application. To achieve a truly frictionless login experience, you can now use as an Identity Provider using the OIDC protocol. To log in with YooniK, you need a username and a selfie, and that's it! No more passwords to worry about. You can check for a sample Python app using YooniK's OIDC server for logging in users. YooniK here YooniK as an Enterprise Identity Provider for Auth0 If you are already using an Identity Management service in your applications like and would like to improve your user login experience, you can add YooniK SSO as a login option and enable passwordless authentication with zero effort. Ready? Follow the steps below: Auth0 Prerequisites . Register Your Application with Auth0 Select the appropriate . Application Type Add an to . Allowed Callback URL https://YOUR_APP/callback Make sure your Application's include the appropriate flows. Grant Types Set up your app with YooniK SSO service To allow users to log in using YooniK SSO, you must register your application with YooniK. Find your Auth0 domain name and redirect URI Usually, your Auth0 domain name is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus . For example, if your tenant name were , your Auth0 domain name would be and your redirect URI would be (if your tenant is in the US and was created before June 2020, then your domain name would be ). .auth0.com exampleco-enterprises exampleco-enterprises.us.auth0.com https://exampleco-enterprises.us.auth0.com/login/callback https://exampleco-enterprises.auth0.com If you are using , your redirect URI will have the following format: . custom domains https://<YOUR CUSTOM DOMAIN>/login/callback Send a request to YooniK for setting up your app To set up your app with YooniK, please send an e-mail to requesting an SSO service account and provide your , , and . You will receive a unique identifier for the registered app and also a secret ( and ). Make note of these values, you will need them later. support@yoonik.me app name Auth0 domain redirect URI Client ID Client Secret Create an enterprise connection using Auth0 Dashboard Navigate to , locate , and click its . Auth0 Dashboard > Authentication > Enterprise Open ID Connect + Enter the details for your connection and select : Create Logical identifier for your connection: It must be unique to your tenant (e.g., "yoonik-oidc"). Connection name: https://accounts.yoonik.me/.well-known/openid-configuration Issuer URL: Unique identifier for your registered application. Enter the saved value of the for the app you previously registered with YooniK. Client ID: Client ID URL to which Auth0 redirects users after they authenticate. Ensure that this was the value you previously provided to YooniK. Callback URL: When enabled, Auth0 automatically syncs user profile data with each user's login, thereby ensuring that changes made to the connection source are automatically updated to Auth0. Sync user profile attributes at each login: In the view, make the following configuration adjustments, and then click : Settings Save Changes Set to . Type: Back Channel Enter the saved value of the for the app you previously registered with YooniK. Client Secret: Client Secret Enter "openid profile". Scopes: In the view, configure how users log in with this connection and then click : Login Experience Save Check the box. Display connection as a button YooniK. Button display name: . Button logo URL: https://yk-website-images.s3.eu-west-1.amazonaws.com/logo.png In the view, enable the applications that you want to use this connection. Applications And it's done! After these steps, your users can log in to your app by just using their faces! For more information and free trial licenses, please or join our . contact us Discord community I am currently working with YooniK as co-founder and VP of Engineering and I have an equity portion of the company. Disclosure: Also published . here

How to Streamline your Login Experience via Passwordless SSO

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

161 Stories To Learn About Authentication

3 Reasons for B2C Enterprises to Implement Single Sign-on Authentication

4 Dangers of Sticking with Outdated MFA Methods

The Noonification: Tailwindcss? Ill Pass (8/27/2023)

80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

A Brief History in Authentication

161 Stories To Learn About Authentication

3 Reasons for B2C Enterprises to Implement Single Sign-on Authentication

4 Dangers of Sticking with Outdated MFA Methods

The Noonification: Tailwindcss? Ill Pass (8/27/2023)

80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

A Brief History in Authentication

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps