SSO Authentication

Single Sign-On (SSO) is a user authentication service that allows users to use one set of login credentials (such as name and password) to access multiple applications. The beauty of SSO is that it eliminates the need for users to remember and manage multiple usernames and passwords. You can use SSO to let users login with popular existing accounts (Google, Facebook, Microsoft). If you already have an existing user database and users have logins there, you can connect those to Synap through SSO.

In short SSO offers several benefits:

1. Ease of Access: Users can easily navigate between different courses or sections of the platform without needing to repeatedly log in. This can greatly enhance user experience and efficiency.

2. Increased Productivity: With less time spent on login processes, users have more time to focus on their learning activities.

3. Improved Security: Despite reducing the number of login credentials, SSO doesn't compromise security. In fact, it reduces the risk of password-related security breaches as there are fewer passwords to manage or potentially lose. It also allows for more robust security measures to be implemented on the single sign-on point.

4. Streamlined User Management: For system administrators, SSO simplifies user management. They can monitor user activities, track progress, and enforce security policies more effectively from a single point.

Setting up SSO

If you are on a Business or Enterprise plan with SSO enabled, from your settings go to the Authentication page and add a new configuration.

From here you'll notice an option to enable or disable local login, if disabled this means users will not be able to login outside of SSO. To manage additional registration options for new users head to the Registration settings page.

Adding a new configuration

When adding a new configuration you'll be given a choice of authentication methods. An authentication method is the specific way or protocol that SSO will use to authenticate users. The authentication method is essentially the procedure that verifies a user's identity before granting them access to the systems or applications. Synap currently supports 4 methods out of the box

1. ADFS (Active Directory Federation Services)

2. Auth0

3. JWT

4. SAML

ADFS (Active Directory Federation Services)

ADFS, or Active Directory Federation Services, is a system developed by Microsoft to let you use a single username and password to login to multiple applications or services, even those outside of your organisation. Benefits of ADFS:

• Integration with Microsoft Products: As a Microsoft product, ADFS can seamlessly integrate with other Microsoft applications

• Claim-Based Access Control: The claims-based model allows for a high level of customisation and flexibility when it comes to authorising access.

• In-house Control: Since ADFS servers are usually hosted on-premises, organisations may prefer this if they want direct control over their identity service.

Auth0 (recommended)

A flexible, drop-in solution to add authentication and authorisation services to your applications. Auth0 is often categorised as Identity-as-a-Service (IDaaS) and is a cloud-based solution. It offers a range of services, including but not limited to, single sign-on, multi-factor authentication, password-less login and user management. Benefits of Auth0:

1. Platform Agnostic: Unlike ADFS, Auth0 is not tied to any specific operating system or suite of tools. This makes it highly versatile and suitable for a wider range of applications.

2. Cloud-Based: As a cloud-based service, it's easier to scale and has lower upfront costs compared to a self-hosted solution like ADFS.

3. Feature-Rich: Auth0 offers a host of features, including social login options, multi-factor authentication, and breach detection.

Head over to https://auth0.com/ to learn more and get started for free

SAML authentication isn't available from the list of options for SSO but is available on Business and Enterprise plans, get in touch with your customer success / account manager to discuss options.

JTW

A lightweight, stateless method for securely transmitting information between parties as a JSON object. JWTs are widely used for modern web and mobile applications where simplicity, speed, and scalability are key. They allow you to authenticate users without maintaining server-side session storage, making them ideal for distributed or microservice-based architectures. Benefits of JWT:

1. Stateless & Scalable: Authentication data is stored within the token itself, removing the need for server-side session storage and simplifying horizontal scaling.

2.Widely Supported: JWTs are an open standard (RFC 7519) and are compatible with virtually every modern framework and programming language. 3. Flexible & Lightweight: Tokens can contain custom claims, allowing systems to pass additional user or permission data efficiently. 4. Secure: When signed (and optionally encrypted), JWTs provide a tamper-resistant mechanism for verifying identity and authorisation.

JWT-based authentication is suitable for applications that need a fast, simple, and scalable method for verifying users without relying on a central session store. It is often used in APIs, SPAs, mobile apps, and microservices.

Head over to https://jwt.io/ to learn more, explore libraries, and experiment with tokens in the debugger.

SAML

A widely adopted, XML-based standard used to enable Single Sign-On (SSO) across different systems, typically between an Identity Provider (IdP) and a Service Provider (SP). SAML is commonly used in enterprise environments and is especially popular for integrating with large organisations that rely on established identity systems such as Azure AD, Okta, or ADFS. Benefits of SAML:

1.Enterprise Ready: Designed for large organisations with mature identity infrastructures. SAML supports advanced access policies, group/role mapping, and robust identity governance. 2. Single Sign-On Across Systems: SAML allows users to authenticate once with their organisation’s IdP and seamlessly access multiple applications without re-entering credentials. 3. Secure & Standardised: Being an established open standard, SAML provides strong security guarantees through signed and encrypted XML assertions. 4. Widely Supported: Most enterprise IdPs support SAML out of the box, making it a reliable choice when integrating with corporate clients.

SAML authentication is suitable for organisations that need a secure, standardised method of SSO—particularly in enterprise or government settings where established IdPs and strict security models are required.

Head over to https://saml.xml.org/ to learn more about the standard and its ecosystem.

SAML authentication is available on Business and Enterprise plans—get in touch with your customer success or account manager to discuss implementation options.