Simplifying Single Sign-on with Neutrinos Identity Server

When logging into an app, many of the users don’t care about how authentication and authorization works, or how they can use the same username and password to login to multiple apps.

According to Wikipedia, the authentication mechanism using which a user can log in with a single user ID and password to any of several related, yet independent, software systems is called Single Sign-On or SSO.

To provide a user with a single sign on experience, a developer needs to implement an SSO solution.

In this article, we will discuss how apps built on Neutrinos platform can enable SSO by using its own OAuth strategy or by integrating with existing OAuth providers such as Google, Azure and AD to manage the authentication and authorization of app users.

The need for SSO

The problem statement:

Enterprises are usually working on a platform which will have several applications. Some of these applications are web-based, others will be native, such as mobile apps.

With such a setup, to authenticate and authorize users, each client application should maintain their own database with usernames and passwords. Moreover, when employees leave the organization, the database has to be updated and the immediate changes have to be made.

This makes the IT team spend a lot of time and carry a lot of overhead in managing the user identity lifecycle.

Solution:

Rather than having each client application maintain their own user database with usernames and passwords it’s more appropriate to utilize SSO.

Single sign on would allow the enterprise’s authentication system to securely store and own all of the user credentials. The applications can establish a trust relationship with the enterprise authentication server to authenticate and authorize users.

How SSO works on Neutrinos Platform

Neutrinos is a low-code, multi experience app development platform using which developers can create Enterprise level apps ranging from web apps, mobile apps, to cognitive apps with IOT capabilities.

For all the apps built on Neutrinos Platform, SSO is enabled by default, by using the Neutrinos Identity Server (IDS) which is a standards-compliant OAuth 2.0 authorization standalone and a certified OpenID Connect provider that provides authentication and authorization.

With Neutrinos IDS, a user can use the Neutrinos OAuth Strategy, or connect seamlessly with their existing OAuth strategy providers such as Google, Azure AD and Active Directory to authenticate and authorize their app users.

No configuration is required to enable the Neutrinos OAuth Strategy on Neutrinos Studio. Neutrinos handles all the configurations required to authenticate and authorize users, giving them access to perform user management on Neutrinos Console.

To enable Google or Azure authentication strategy, a user should enter their Google or Azure cloud credentials such as Client Id, client secret, and tenant ID.

If a user wants to use Active Directory to manage permissions and access to networked resources, they must enter their active directory credentials.

See the Neutrinos Identity Server [IDS] video to learn more.

This reduces a huge overhead on the developer of implementing an SSO solution. Also, enabling Auth strategies in Neutrinos Platform is seamless and takes only a few minutes.

The development efforts of integrating Active Directory and Azure AD to the user’s application is reduced from 5 working days to just 10 minutes.
The development efforts of Integrating their app with Google Authentication is reduced from 10 working days to 10 minutes.

Based on the auth strategy they choose, the end user will be displayed with options to login to the app. For example, if Google auth strategy is enabled, the app login screen will show the sign-in with Google option, which, when clicked, will allow the user to login with their Gmail credentials and logs them back to the application.

Behind the Scenes

This is what happens internally when the user tries to log in to an app or website created using Neutrinos Platform:

Step 1: The Neutrinos Identity Server [IDS] first checks to see whether they have already been authenticated. If they have, it gives them the access to the app or the website.

Step 2: If they haven’t, it asks them to log in and checks their username and password against the information in the database. Or, if they are using any external OAuth provider such as Google, the OAuth provider takes care of the authentication. After the authentication of the user, the Neutrinos IDS takes care of the authorization of the user.

Step 3: After authentication and authorization, they will be taken to the app or the website.

The authentication verification data is usually on the server side and the browser sends the cookies to the server for session validation.

Why enable SSO using Neutrinos Identity Server:

Accelerates your app development experience by allowing seamless integration to any external OAuth provider.
Accelerates user adoption of apps by providing a more positive experience and reducing password fatigue.
Reduces overhead on the developer of implementing an SSO solution for the enterprise apps.
Lowers customer support costs by dramatically reducing password-related support calls.
Simplifies username and password management by reducing both IT efforts and opportunities for mistakes.

Author:

Nisarg Tuli
Head of Product Engineering
Neutrinos

Try Neutrinos Today! Ask for a Free Trial!

Following an approach that boasts a nimble infrastructure and is platform agnostic allows Neutrinos to facilitate an easy-to-deploy plug-and-play capability incorporating the highest levels of data integrity and security. Applications can be deployed on any cloud or on premise or hybrid environments. 2000+ Connectors spanning across new age technologies such as Facial recognition, Optical Character Recognition (OCR), Natural Language Processing (NLP), Sentimental Analysis, Email, Chatbots, Unified Query management, Artificial Intelligence (AI), Internet of Things (IoT), Extended Reality/Mixed Reality (XR/MR) further facilitate development of multi-experience applications. The Neutrinos platform enables businesses to build applications over days and sometimes even hours.

Posted inCitizen Developers, Enterprise Apps, Single Sign On

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_BB4N5RC9E7	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_141907361_5	1 minute	Set by Google to distinguish users.
_gat_UA-141907361-5	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_svisitor	2 years	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_gd_visitor	2 years	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_an_uid	7 days	No description available.
_lfa_test_cookie_stored	past	No description
apbct_cookies_test	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
apbct_pixel_url	session	No description
apbct_site_landing_ts	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
apbct_timestamp	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
ct_fkp_timestamp	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.