Share This Article
Cloud computing has changed the world in many ways, especially when it comes to security standards. Leading organizations are now adopting single sign-on (SSO) solutions in the face of increased security vulnerabilities brought about by remote work policies, AWS’ outsourced data center infrastructure, and disorganized password management.
SSO technology allows users to access all of their applications that support common standards with a single username and password. Not only does SSO increase employee productivity — it’s significantly easier to remember 1 password as opposed to 20 passwords — it also reduces the risk of security breaches, streamlines user provisioning/deprovisioning, and reduces help desk costs.
As an SSO Identity Provider (SSO IdP), the JumpCloud Directory Platform offers support for diverse SSO protocols, including both SAML and OpenID Connect (OIDC). Both protocols cover the vast majority of commercial web apps , while serving as the authentication protocol of choice for most proprietary applications.
Let’s explore JumpCloud support for OpenID Connect..
What is OpenID Connect?
OpenID Connect (OIDC) is an identity layer atop the OAuth 2.0 protocol , which allows client applications to verify the identity of connecting users based on authentication performed by an Authorization Server.
In addition to authentication, OIDC provides profile information about the user. This is essential information to ensure the identity and correct permissions of the user and protect access OIDC allows many types of clients, including Web-based, mobile, and JavaScript applications, to request and receive information about authenticated end-users.
Benefits of OIDC
There are numerous benefits to using OIDC as part of an SSO strategy, including:
- Improved user experience: OIDC provides greater ease of use and security for web app access as it is easier to configure and manage than SAML and is therefore a popular choice for in-house built apps. In addition, end users only need to deal with a a single password and authentication action across their SAML- and OIDC-based apps, reducing password fatigue.
SSO through JumpCloud provides many benefits:
- Unification of IT tools: IT admins gain centralized user lifecycle management with very granular control over which resources users may access.
- Decreased Help-desk tickets: IT admins generally experience a reduction in password-related help desk tickets .
- Supports Multi-factor authentication (MFA): Adoption of OIDC includes the ability to layer on strong, user-friendly multi-factor authentication (MFA), such as Push MFA, and protections against phishing.
- Embraces custom, in-house built apps: Supporting standards such as OIDC means that applications adopted outside of IT’s oversight and/or built in-house still play within IT’s security framework.
- Streamlines SSO integrations: JumpCloud offers a simple way to configure SSO integrations with OIDC-compliant applications in addition to SAML. A single console and the same strategy regardless of the standard your application supports.
For more on the differences between OIDC and SAML, see SAML vs OpenID Connect (OIDC).
Examples of OIDC in Action
Once logged into the JumpCloud portal, users can only access pre-approved applications thanks to the use of either OIDC or SAML.
Users simply select their desired application link in their unique portals. This feature allows for easy access to all essential apps in one convenient location, as shown below:
Behind the scenes, the JumpCloud admin can easily configure access to OIDC applications within the admin portal.
Moreover, OIDC apps take advantage of existing JumpCloud Directory Platform SSO capabilities to ensure that users have the access that they need by relying on attribute-based access controls (ABAC) to effectively manage the group memberships that convey the needed access.
For more information about JumpCloud’s SSO capabilities, including support for OIDC, watch this demo video:
Try JumpCloud for free – including SSO with OIDC support.
