An event familiar to millions of web users is being signed out from websites we use daily, and the fix is time-consuming - typing in the make and model of your car or trying to remember old, long passwords. To prevent getting in predicaments like the one above, SSO allows users or applications to log in to multiple applications to use the same authentication session.

Example - Gmail

1. A user, Cloudy, visits Gmail, and it turns out that Cloudy is not logged in, so Gmail redirects them to the SSO authentication server. But unfortunately, it turns out that Cloudy is not logged in

2. Since Cloudy is not logged in, they are redirected to the SSO login screen, where they are prompted to enter their login credentials

3. At this point, the SSO authentication server validates the credentials, creates a global session for Cloudy, and creates a token

4. Gmail validates the token created previously in the SSO authentication server. The authentication server registers Gmail and returns "valid." Gmail returns the protected resource to Cloudy

Google Drive

5. Let's take this up a notch. From Gmail, Cloudy wants to navigate to Google Drive

6. Google Drive recognizes that Cloudy is not logged in and then requests authentication. However, the SSO authentication knows that Cloudy is already logged in and returns a token to Google Drive

7. Google Drive validates the token in the SSO authentication server. The authentication server registers Google Drive and returns "valid." Now Cloudy can access the files in their Google Drive.

Share: