OpenID Connect Single Sign-On (SSO)
One flexible login for all your users and applications
Providing Single Sign-On (SSO) to applications is a key aspect of the Connect2id server. The enterprise earns the benefits of a centralised login while being able to establish segmented login channels and experiences, depending on the type of user, device and application.
Highly-available login for web, mobile and desktop apps.
Handle on-premise, cloud-based and third-party SaaS applications.
Authentication flows tailored to the security and verification requirements for each class of users, whether employees, contractors, partners or customers / consumers.
ID token based integration
The ID token provides a unified object for signing users into applications (relying parties). It is compact, JSON-based and URL-safe, and can be protected by a range of cryptographic algorithms, such as HMAC, RSA and EC signatures. ID tokens are also easier to consume, compared to SAML.
{
"sub" : "alice",
"iss" : "https://c2id.com",
"aud" : "app-123",
"auth_time" : 1311280969,
"acr" : "https://loa.c2id.com/high",
"iat" : 1311280970,
"exp" : 1311281970
}
Logout
Applications can subscribe to be notified of user logout via standard OpenID Connect front and back-channel mechanisms. Application-initiated logout at the Connect2id server is also supported.
Managing a sea of sessions
The built-in session store of the Connect2id server has been optimised over the years to handle millions of concurrent sessions with low latency and presents a comprehensive web API to manage and monitor them.
Users can have multiple concurrent login sessions, across multiple devices.
Each user session can be established at a specific authentication level (LoA) to match the application's security requirements. For instance, a fintech or sysadmin application could require a session with strong two-factor authentication, while password-based authentication could be sufficient for less sensitive applications.
Selected session attributes can be fed automatically into the issued ID tokens.
The web API provides calls to check who is online and collect various metrics.