What is single sign-on?
Single sign-on (SSO) is a form of identity and access management (IAM) that enables users to securely authenticate with multiple applications and websites by logging in only once, with just one set of credentials (username and password). With SSO, the application or website that the user is trying to access relies on a trusted third party to verify that users are who they say they are.
This means, that it is possible to give students access to the Career Center by using their institution's intranet or email credentials.
How does it work?
Authentication with SSO relies on a trust relationship between domains (websites). With single sign-on, this is what happens when you try to log in to an app or website:
- You enter the username/password that you use for accessing other parts of the institution.
- The SSO solution requests authentication from the identity provider or authentication system that your institution uses. It verifies your identity and notifies the SSO solution.
- The SSO solution passes authentication data to the website and returns you to that site. You are now able to enter the platform.
In SSO, authentication verification data takes the form of tokens.
This information is provided from https://www.onelogin.com/learn/how-single-sign-on-works (04/02/2020)
How do we set it up?
To set up an SSO connection for your Career Center, we need to exchange information with your institution, especially your IT department. You need to be sure that an identity provider (IdP or IAM) exists in your institution. We support three types of protocols to connect to IdPs:
Please share this documentation with your IT department so they can prepare the setup accordingly.
To facilitate the exchange of the necessary information for the setup and ensure its completeness, please transmit it via this form. The first part is more for careers service staff, as it is dealing with the relevant persons of contact, the permalink (URL) you have agreed on with your JobTeaser person of contact, and wich user group should have access via the SSO connection. The second part deals with technical questions around your IdP/IDM.
If you have any questions when filling it out, please contact us.