+91 96558 14047 (India)
+65 8237 9397 (Singapore)
+27 11 886 1707 (South Africa)
+61 8 4634 1736 (Australia)
+44 (0) 208 123 3459 (UK)
+1 315 532 7622 (USA)
Email: [email protected]
When logging into an app, many of the users don’t care about how authentication and authorization works, or how they can use the same username and password to login to multiple apps.
According to Wikipedia, the authentication mechanism using which a user can log in with a single user ID and password to any of several related, yet independent, software systems is called Single Sign-On or SSO.
To provide a user with a single sign on experience, a developer needs to implement an SSO solution.
In this article, we will discuss how apps built on Neutrinos platform can enable SSO by using its own OAuth strategy or by integrating with existing OAuth providers such as Google, Azure and AD to manage the authentication and authorization of app users.
The problem statement:
Enterprises are usually working on a platform which will have several applications. Some of these applications are web-based, others will be native, such as mobile apps.
With such a setup, to authenticate and authorize users, each client application should maintain their own database with usernames and passwords. Moreover, when employees leave the organization, the database has to be updated and the immediate changes have to be made.
This makes the IT team spend a lot of time and carry a lot of overhead in managing the user identity lifecycle.
Rather than having each client application maintain their own user database with usernames and passwords it’s more appropriate to utilize SSO.
Single sign on would allow the enterprise’s authentication system to securely store and own all of the user credentials. The applications can establish a trust relationship with the enterprise authentication server to authenticate and authorize users.
How SSO works on Neutrinos Platform
Neutrinos is a low-code, multi experience app development platform using which developers can create Enterprise level apps ranging from web apps, mobile apps, to cognitive apps with IOT capabilities.
For all the apps built on Neutrinos Platform, SSO is enabled by default, by using the Neutrinos Identity Server (IDS) which is a standards-compliant OAuth 2.0 authorization standalone and a certified OpenID Connect provider that provides authentication and authorization.
With Neutrinos IDS, a user can use the Neutrinos OAuth Strategy, or connect seamlessly with their existing OAuth strategy providers such as Google, Azure AD and Active Directory to authenticate and authorize their app users.
No configuration is required to enable the Neutrinos OAuth Strategy on Neutrinos Studio. Neutrinos handles all the configurations required to authenticate and authorize users, giving them access to perform user management on Neutrinos Console.
To enable Google or Azure authentication strategy, a user should enter their Google or Azure cloud credentials such as Client Id, client secret, and tenant ID.
If a user wants to use Active Directory to manage permissions and access to networked resources, they must enter their active directory credentials.
See the Neutrinos Identity Server [IDS] video to learn more.
This reduces a huge overhead on the developer of implementing an SSO solution. Also, enabling Auth strategies in Neutrinos Platform is seamless and takes only a few minutes.
Based on the auth strategy they choose, the end user will be displayed with options to login to the app. For example, if Google auth strategy is enabled, the app login screen will show the sign-in with Google option, which, when clicked, will allow the user to login with their Gmail credentials and logs them back to the application.
Behind the Scenes
This is what happens internally when the user tries to log in to an app or website created using Neutrinos Platform:
Step 1: The Neutrinos Identity Server [IDS] first checks to see whether they have already been authenticated. If they have, it gives them the access to the app or the website.
Step 2: If they haven’t, it asks them to log in and checks their username and password against the information in the database. Or, if they are using any external OAuth provider such as Google, the OAuth provider takes care of the authentication. After the authentication of the user, the Neutrinos IDS takes care of the authorization of the user.
Step 3: After authentication and authorization, they will be taken to the app or the website.
The authentication verification data is usually on the server side and the browser sends the cookies to the server for session validation.
Head of Product Engineering
Following an approach that boasts a nimble infrastructure and is platform agnostic allows Neutrinos to facilitate an easy-to-deploy plug-and-play capability incorporating the highest levels of data integrity and security. Applications can be deployed on any cloud or on premise or hybrid environments. 2000+ Connectors spanning across new age technologies such as Facial recognition, Optical Character Recognition (OCR), Natural Language Processing (NLP), Sentimental Analysis, Email, Chatbots, Unified Query management, Artificial Intelligence (AI), Internet of Things (IoT), Extended Reality/Mixed Reality (XR/MR) further facilitate development of multi-experience applications. The Neutrinos platform enables businesses to build applications over days and sometimes even hours.