Member-only story

Authentication and Authorization: Where Does SSO Fit In?

:/Jenn
Dark Roast Security
2 min readOct 17, 2022

--

Secure environments follow a set of steps to separate the users who have access to network resources from those who do not. Identification, authorization, and authenticity are the three foundational verification processes; Yet, despite having similar names, authentication and authorization are separate phases in the security process — distinguishing between the two is essential for a firm understanding of the subject.

Authentication: validating that users are who they claim to be. This process is often completed through passwords, one-time pins, authentication apps, biometrics, and others.

Authorization: giving the user permission to access a specific resource. This is directly related to access controls or client privilege.

Authentication v. Authorization | Image adapted from Okta

Single sign-on (SSO) is an authentication method that enables users to securely authenticate using just one set of credentials with multiple applications and websites (OneLogIn Inc). This service is based on trust relationships established through the exchange of certificates between a service provider and an identity provider. The certificate validates the source’s identity trustworthiness, in this case, the service provider, and grants them access to the resources. In SSO, this identity data forms tokens containing identifying information about the user’s credentials.

--

--

Dark Roast Security
Dark Roast Security

Published in Dark Roast Security

Dark Roast Security’s mission is to inspire, educate, and share ideas about InfoSec. Follow to join our community!

:/Jenn
:/Jenn

Written by :/Jenn

Cybersecurity Doctoral Student. Forever curious;; Ask the questions, follow the trail, and #ShareTheKnowledge

No responses yet