Reputation: 2449
SSO and OAuth integration
I am currently working on a project that provides a services to enterprises companies. I want companies to be able to set up an account, and link their SSO to it allowing their employees to login. Each company account must have private data, so that other employees from other companies can't access their data. I must therefore be able to identify what account/company the user is from when they log in.
I have been looking into how to set something like this up, I know I should be using OAuth and SSO. But i have been struggling to find any documentation now how SSO integrates with OAuth. Can some one point me to a good guide/documentation on this?
Upvotes: 0
Views: 139
Answers (1)
Reputation: 29291
At a high level this is federation, which should work like as follows - and nothing should need to change in your UIs and APIs:
- Your UIs and APIs use tokens from your own Authorization Server
- Your Authorization Server redirects to Company SSO Systems (Identity Providers)
- These Identity Providers can use protocols such and Open Id Connect and SAML
My visual blog post may help you to understand the overall process. Account linking is the tricky bit, where you need to identify the user - most commonly by email - then perhaps match that to data in your own system.
Upvotes: 1
Related Questions
- OAuth and SSO capability
- Use openid connect as SSO for multiple applications
- SSO with OpenID connect?
- How does SSO (Single Sign On) work
- OAuth2 based SSO
- sso login using oauth2/OIDC without redirects - possible?
- OpenId Connect, SSO and SPA
- Implementing an SSO solution
- Using Google's OpenID Connect as part of a SSO
- SSO with OpenID