Introduction to Single Sign-On (SSO)
Table of Contents
Introduction
Workspace 365/Office 365 administrators are able to enable SSO for their Workspace 365 environment, which helps decreasing login procedures for Workspace users. There are two Single Sign-On methods which we will discuss in this article:
- Web Services Federation
- oAuth2
oAuth2
OAuth2 is an open standard for authorization, commonly used as a way for internet users to log in to third-party websites using their e.g. Microsoft, Google or Facebook accounts without exposing their password. Generally, oAuth2 provides to clients "secure delegated access" to server resources on behalf of a resource owner.
With configuration of oAuth2 in Workspace 365, you can sign in to Workspace via your current federation and you are able to use MFA, also called 2 Factor Authentication (2FA) or Multi-factor Authentication (MFA).
You can setup Single Sign-On in Workspace 365 manually or automatically. The automatic setup is recommended.
Web Services Federation
With Web Services Federation (WS-Federation or WS-Fed), you can set up a Federation with an ADFS and/or Azure. In this way the user does not directly sign in to Workspace 365 but via the federation application/server. In most cases this is Azure. This federation is based on the Web Services Federation protocol.