From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Single sign-on

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Single sign-on

- [Instructor] Single sign-on is a way to allow a user to enter their username and password once, and then when they open applications, the credentials get passed on to the application, where it logs the user in without having to enter their credentials again. Single sign-on is already available when you have a Microsoft 365 account. You can use your Azure credentials to open Outlook, Teams, SharePoint, and OneDrive, all with a single login the first time you use it. There are already dozens of third-party applications that can work with single sign-on due to the compatibility of several products, such as SAML, OAuth, and OpenID Connect. When you set up single sign-on to work between multiple identity providers, it's called federation. With federated single sign-on, Azure Active Directory authenticates the user to the application by using their Azure AD account. Single sign-on is not available when an application is hosted in another tenant, or if your account doesn't have the required permissions. On-premises applications can use a password-based method for single sign-on. This choice works when applications are configured for application proxy. With password-based SSO, users sign in to the applications with the username and password the first time they access it. After the first sign-on, Azure AD provides the username and password to the application. If you're migrating applications to Azure Active Directory, you can use link-based SSO to quickly publish links to all the applications you intend to migrate. Users can find all the links in the MyApps or Microsoft 365 portals. After a user has authenticated with a linked application, an account needs to be created before the user is provided single sign-on access. Provisioning this account can either occur automatically or it can occur manually by an administrator. When you configure a linked application, you are simply adding a link that appears for launching the application. To enable SSO for an application, you can do so in the Azure AD Admin Center and select Enterprise Applications and follow the directions for registering your app with Azure SSO. SSO is easier on the user, can add better security, and keeps login issues to a minimum with a single way into an application.

Contents