Single Sign-on (SSO)
With the number of user accessible applications, resources, and tools growing within the
education domain, we realize how critical it is to effectively integrate and offer
secure and fine-grain access via a true SSO (single sign-on) environment.
We have been developing and deploying SSO solutions within the P-20
space for the past ten years and understand what makes these solutions work.
At Choice we view systems integration from a global perspective. Single sign-on fits
in well with other aspects of a ‘one stop shopping’ environment. We believe there are
5 levels of integration.
The Choice Solutions "5 Levels of Integration"
- LEVEL 1: Application URL
This is a link to a URL embedded on an application page that passes no
credentials. It simply requests information from a remote site. It can be within
a portal frame, or spawn a new browser session. This takes little to no
development and can usually be accomplished through administrative management
tools. This in fact, is not actually SSO as there is no credentialing being
passed or authorization required.
- LEVEL 2: Single Sign-On
This is a Link, Tab or other access method which, when clicked, either launches
a new browser or stays in a portal frame while also authenticating the user into
an external or 3rd party application or service without having to
re-authenticate. Encrypted passwords are stored and mapped to appropriate users
with reset capabilities.
- LEVEL 3: Single Sign-on with Provisioning
This constitutes a trust of one or more unique systems with
authentication/authorization information, and may include reciprocal
provisioning, requests for user lifecycle workflows, etc. User, organization,
role, and application (create, edit, delete) information can be managed in one
place for both the portal and the application or service being connected. A
portal can use a variety of methods to perform the SSO ranging from standard
LDAP integration using Active Directory to Web Services to trust relationships
built and defined by SAML or other protocols.
- LEVEL 4: Integration Service with SSO
At this level the integration can have multiple instantiations within a portal
and the portal may control any detailed authorization and permissions specific
to the external system. At this point the service or application is fully
embedded in the portal. The portal and the application may even share other
transactional data, services or widgets.
- LEVEL 5: Full Integration
The application or service becomes a fully meshed part of an authority portal
environment. Presentation layer, identity, security, data, and access services
are all shared by the application components and the portal components. The only
existence or trace of disparity is as prescribed by policy or
system intellectual property, ownership, or licensing restrictions. Achieving
Level 5 integration requires a driven partnership of all involved systems
We support all 5 levels and understand how to make SSO an integral and
impactful component of your enterprise architecture.