Synap Academy

Single Sign On (SSO)

What is Single Sign On (SSO)

Single sign-on is a way of authenticating users securely that lets them login to multiple applications / websites using one set of credentials. Whether you need SSO or not depends on what you want your user journey to look like. Have a think about where in your users process people go from visitors to users.
The way you access different Google services is example of SSO. With one account you can access, Youtube, Adwords, Analytics, Gmail and more.

Users vs Visitors

Visitors = browser your website Users = have an account and password they login with
One example of a user journey:
  • Visitor creates an account on your website, becomes a user
  • User purchases products, one product is one Synap
  • User is invited to create an account on Synap

When to consider SSO

In the above example a user could end up with two accounts with two different passwords and even two emails. When you're managing thousands of users this can lead to an increase in support overheads of users not realising their accounts aren't linked / forgetting passwords. Managing two accounts across two platforms is manageable, however there are times when users already have a lot of accounts :
  • University / School students with an LMS account (Blackboard / Moodle)
  • Work email accounts linked up to other Systems (want to avoid giving staff to many different accounts)
  • Complex online service that users many platforms to deliver training
Consider implementing SSO to reduce a users management overhead.

How SSO works

Single Sign On is an agreed identity management arrangement (Federated identity management). A framework called OAuth (Open Authorization) is used so that a user's account information can be shared across authorised applications, without their password being exposed.
When a user logs in to any one of the authenticated apps/sites where OAuth is set up. Instead of logging in directly to that platform they are redirected to a central login service, where they enter their username and password. This then provides them with the authentication to login to the other connected apps/sites without having to enter their password again.
Overview of single sign on
Currently SSO integrations on Synap are only available on our Pro plan and are charged as a one off piece of work. Talk to your account manager if you're interested in setting up an SSO integration, we'll help you set up and test a user signup flow with SSO. Your account manager will ask about:
  • Applications you want Synap to be connected to
  • First point a visitor becomes a user
  • What additional data you want associated with the user (Product user groups, attributes, profile picture etc)
  • Rules - when a user deletes their account off one application what happens? What groups should a new user go into ?
By the time you're considering SSO, you'll probably thinking about scaling and automating. See below for our recommended tools.
Talk to your account manager about SSO