Single Sign-On (SSO) is a method of authentication that allows users to access multiple systems and applications using a single set of credentials. It helps reduce the number of passwords that our customers need to remember and manage, thereby saving precious time as well as making sure that customers can focus on creating strong passwords instead of passwords that are easy to remember.
Superside’s production and staging environments run in two separate Amazon Web Services (AWS) regions and Virtual Private Cloud (VPC) networks. Superside uses AWS SSO to administer the access to the AWS regions and VPC, and Superside allows only a few selected personnel access to the production environment. AWS SSO is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. It enables users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place.
The SSO process is as follows:
- When a user signs in to an application, the app generates an SSO token and sends an authentication request to the SSO service.
- The service checks if the user was previously authenticated in the system. If yes, it sends an authentication confirmed response to the application to grant access to the user.
- If the user does not have a validated credential, the SSO service redirects the user to a central login system and prompts the user to submit their username and password.
- Upon submission, the service validates the user credentials and sends the positive response to the application.
- Otherwise, the user receives an error message and must re-enter credentials. Multiple failed login attempts could result in the service blocking the user from further attempts for a fixed period of time.
Superside utilizes SAML as our SSO protocol. SAML, or Security Assertion Markup Language, is a protocol or set of rules that applications use to exchange authentication information with the SSO service. SAML uses XML, a browser-friendly markup language, to exchange user identification data. SAML-based SSO services provide better security and flexibility, as applications don’t need to store user credentials on their systems.
Unique user identification numbers, names and passwords are required to authenticate all users to Superspace instances, infrastructure and business systems via SSO. MFA is in place requiring users to have two factors to authenticate access to systems, one being a password or encryption key. Passwords have complexity requirements and expiration settings that fit the classification of data contained within the system.