User connectivitySingle sign-on resourcesSingle sign-on

Single sign-on

Single sign-on (SSO) is a mechanism of access control that can be applied on multiple related, but independent software systems. With this mechanism a user logs in once and gains access to multiple systems without being prompted to log in again for each individual application. Conversely, single sign-off is property mechanism whereby a single action of signing out terminates access to multiple software systems.

As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.

Transact has been tested with the following SSO-related components:

  • SAML 2.0: An XML-based protocol that entails security tokens for authentication and authorization. Transact supports SAML 2.0, and has tested and certified the following identity providers that are compatible with Transact:

    • ADFS

    • Okta

    • PingFederate

    • SSOCircle

  • CAS-based SSO Framework: CAS is an Enterprise Java solution for web application authentication that also provides the benefit of SSO. For additional information about CAS-based SSO with Transact, see CAS-based SSO framework.

  • Transport Layer Security (TLS): Transactsupports TLS versions 1.0, 1.1 and 1.2.

Benefits

  • Reducing password fatigue from different user name and password combinations

  • Reducing time spent re-entering passwords for the same identity

  • Reduced logins for discreet systems:

    • Corporate systems

    • Shared intranet/web applications

    • Web logon aggregators

  • Reduced cost to reset a password

  • Reduced time spent logging into multiple systems each time

  • Reduces multiple authentication, unnecessary user clicks, forgotten passwords, multiple profiles

  • Limited time and resources to develop IT solutions

Challenges

  • Single sign-on can provide access to many resources/systems at once using a single credential, but can be misused if another person has the credentials.

  • Single sign-on also makes the authentication systems highly critical; a loss of their availability can result in denial of access to all systems unified under SSO.

Supported identity providers

Transact has been tested with the following SSO-related components:

  • SAML 2.0 with the following identify providers:

    • Okta

    • PingFederate

    • SSOCircle

  • CAS-based SSO framework

If you would like to deploy SSO with another identity provider, contact Support.