SSO Authentication

Single Sign-On (SSO) is a user authentication service that allows users to use one set of login credentials (such as name and password) to access multiple applications. The beauty of SSO is that it eliminates the need for users to remember and manage multiple usernames and passwords. You can use SSO to let users login with popular existing accounts (Google, Facebook, Microsoft). If you already have an existing user database and users have logins there, you can connect those to Synap through SSO.

In short SSO offers several benefits:

1. Ease of Access: Users can easily navigate between different courses or sections of the platform without needing to repeatedly log in. This can greatly enhance user experience and efficiency.

2. Increased Productivity: With less time spent on login processes, users have more time to focus on their learning activities.

3. Improved Security: Despite reducing the number of login credentials, SSO doesn't compromise security. In fact, it reduces the risk of password-related security breaches as there are fewer passwords to manage or potentially lose. It also allows for more robust security measures to be implemented on the single sign-on point.

4. Streamlined User Management: For system administrators, SSO simplifies user management. They can monitor user activities, track progress, and enforce security policies more effectively from a single point.

Setting up SSO

If you are on a Pro or Enterprise plan with SSO enabled, from your settings go to the Authentication page and add a new configuration.

From here you'll notice an option to enable or disable local login, if disabled this means users will not be able to login outside of SSO. To manage additional registration options for new users head to the Registration settings page.

Adding a new configuration

When adding a new configuration you'll be given a choice of authentication methods. An authentication method is the specific way or protocol that SSO will use to authenticate users. The authentication method is essentially the procedure that verifies a user's identity before granting them access to the systems or applications. Synap currently supports 2 methods:

1. ADFS (Active Directory Federation Services)

2. Auth0

ADFS (Active Directory Federation Services)

ADFS, or Active Directory Federation Services, is a system developed by Microsoft to let you use a single username and password to login to multiple applications or services, even those outside of your organisation. Benefits of ADFS:

• Integration with Microsoft Products: As a Microsoft product, ADFS can seamlessly integrate with other Microsoft applications

• Claim-Based Access Control: The claims-based model allows for a high level of customisation and flexibility when it comes to authorising access.

• In-house Control: Since ADFS servers are usually hosted on-premises, organisations may prefer this if they want direct control over their identity service.

Auth0 (recommended)

A flexible, drop-in solution to add authentication and authorisation services to your applications. Auth0 is often categorised as Identity-as-a-Service (IDaaS) and is a cloud-based solution. It offers a range of services, including but not limited to, single sign-on, multi-factor authentication, password-less login and user management. Benefits of Auth0:

1. Platform Agnostic: Unlike ADFS, Auth0 is not tied to any specific operating system or suite of tools. This makes it highly versatile and suitable for a wider range of applications.

2. Cloud-Based: As a cloud-based service, it's easier to scale and has lower upfront costs compared to a self-hosted solution like ADFS.

3. Feature-Rich: Auth0 offers a host of features, including social login options, multi-factor authentication, and breach detection.

Head over to https://auth0.com/ to learn more and get started for free

SAML authentication isn't available from the list of options for SSO but is available on Enterprise and some Pro plans, get in touch with your customer success / account manager to discuss options.