SSO and authentication methods

SSO and authentication methods

develop

Adapting SSO to authentication methods

Overview

This article deals with some cases where you might want to consider using a SSO solution where behavior is dependent on the authentication method.


Authentication Methods and their limitations

Different authentication methods may be considered more secure than others, or one method may be considered too cumbersome to be used often. In such situations it may be valuable to be able to define different behaviors for SSO depending on which authentication method that is in play.

Improving experience and security

An important part of SSO is to provide a smooth user experience. This is often hard to do when that need conflicts with security requirements. In such situations it becomes important to be able to provide a reasonable compromise between stricter (and possibly more cumbersome) authentication methods at longer intervals, while maintaining a shorter interval for less involved methods.

Using SSO expiration times

The SSO session in Curity is valid for until the configured expiration time occurs. This is a profile wide setting but can be overridden for each authenticator.

Example

LocationExpirationComment
Profile3600 secondsIf not configured on an authenticator this applies
Username / Password Authenticator1 dayRequire password every day
SMS Second factor30 daysRequire second factor every month

With the above configuration for SSO expiration we can achieve a more user friendly login flow.

  • Day 1: The user accesses the site for the first time and is prompted with both Username/Password and SMS
  • Day 2: The user (using the same browser) returns to work, but since it's the same browser we now only request the Username/Password again
  • Day 31: The user now needs to re-authenticate using both factors

This is a common setup for sites that the user accesses frequently.

Benefits

The SSO is governed using the expiration settings in Curity's configuration. This can be elaborately tweaked to accommodate numerous use-cases.


More information

For more information, see the Curity Developer Portal on SSO.

Was this page helpful?