mirror of
https://github.com/ByteByteGoHq/system-design-101.git
synced 2026-04-01 16:57:23 -04:00
ee4b7305a2
This PR adds all the guides from [Visual Guides](https://bytebytego.com/guides/) section on bytebytego to the repository with proper links. - [x] Markdown files for guides and categories are placed inside `data/guides` and `data/categories` - [x] Guide links in readme are auto-generated using `scripts/readme.ts`. Everytime you run the script `npm run update-readme`, it reads the categories and guides from the above mentioned folders, generate production links for guides and categories and populate the table of content in the readme. This ensures that any future guides and categories will automatically get added to the readme. - [x] Sorting inside the readme matches the actual category and guides sorting on production
37 lines
2.1 KiB
Markdown
37 lines
2.1 KiB
Markdown
---
|
|
title: "What is SSO (Single Sign-On)?"
|
|
description: "Learn about Single Sign-On (SSO) and how it simplifies user authentication."
|
|
image: "https://assets.bytebytego.com/diagrams/0342-how-does-sso-work.jpeg"
|
|
createdAt: "2024-03-12"
|
|
draft: false
|
|
categories:
|
|
- security
|
|
tags:
|
|
- "authentication"
|
|
- "SSO"
|
|
---
|
|
|
|
|
|
|
|
A friend recently went through the irksome experience of being signed out from a number of websites they use daily. This event will be familiar to millions of web users, and it is a tedious process to fix. It can involve trying to remember multiple long-forgotten passwords, or typing in the names of pets from childhood to answer security questions. SSO removes this inconvenience and makes life online better. But how does it work?
|
|
|
|
Basically, Single Sign-On (SSO) is an authentication scheme. It allows a user to log in to different systems using a single ID.
|
|
|
|
The diagram below illustrates how SSO works.
|
|
|
|
## How SSO Works
|
|
|
|
Step 1: A user visits Gmail, or any email service. Gmail finds the user is not logged in and so redirects them to the SSO authentication server, which also finds the user is not logged in. As a result, the user is redirected to the SSO login page, where they enter their login credentials.
|
|
|
|
Steps 2-3: The SSO authentication server validates the credentials, creates the global session for the user, and creates a token.
|
|
|
|
Steps 4-7: Gmail validates the token in the SSO authentication server. The authentication server registers the Gmail system, and returns “valid.” Gmail returns the protected resource to the user.
|
|
|
|
Step 8: From Gmail, the user navigates to another Google-owned website, for example, YouTube.
|
|
|
|
Steps 9-10: YouTube finds the user is not logged in, and then requests authentication. The SSO authentication server finds the user is already logged in and returns the token.
|
|
|
|
Steps 11-14: YouTube validates the token in the SSO authentication server. The authentication server registers the YouTube system, and returns “valid.” YouTube returns the protected resource to the user.
|
|
|
|
The process is complete and the user gets back access to their account.
|