Single Sign-On (SSO) is an authentication framework that allows users to authenticate in multiple applications using a single set of credentials. Basically, SSO centralizes authentication credentials with an identity provider.

It works based on a communication between the application where the user wants to login (the service provider) and an identity provider that will authenticate the user.

The SSO login process usually takes the following steps:

• The user goes to an application or website that requires authentication (the service provider).
• Then they are redirected to the authentication domain (the identity provider), where they may be prompted to log in.
• If the user is already logged in to the identity provider, they can be immediately redirected back to the original application without signing in again.
• The identity provider will send a token back to the service provider that confirms successful authentication.
• The user is granted access to the service provider.

The SSO mechanism was invented to solve the password problem, so people wouldn't have to remember so many passwords to log in to different applications and websites. With SSO they only need to remember one password.

But how does passwordless SSO works? It combines an SSO mechanism with passwordless or multi-factor authentication. The single sign-on (SSO) approach can be applied to both password-based and passwordless authentication. By integrating face authentication into logins, you can streamline the user experience, eliminating the hassle of repeated MFA procedures, and protect your business from phishing attacks.

There are significant benefits that businesses can gain from SSO by simplifying logins and eliminating the need to memorize multiple passwords, including:

• Increased customer acquisition and retention rates. 
• Reduced IT support costs.
• Full privacy compliance.
• Reduced fraud risk.

How to implement a passwordless SSO process in your applications

Most consumer-facing SSO applications use an authentication protocol called OpenID Connect (OIDC). This protocol handles the authentication process through JSON Web Tokens and a central identity provider, using the steps described above. In this case, after the user logs in to the identity provider, they are asked to grant specific data access to the application (service provider). An ID Token with user information is generated and sent to the application.

To achieve a truly frictionless login experience, you can now use YooniK as an Identity Provider using OIDC protocol. To log in with YooniK, you need a username and a selfie, and that's it! No more passwords to worry about. You can check here a sample Python app using YooniK's OIDC server for logging in users.

Youverse as an Enterprise Identity Provider in Auth0

If you are already using an Identity Management service in your applications like Auth0 and would like to improve your users' login experience, you can add YooniK SSO as a login option, and enable passwordless authentication with zero effort. Ready? Follow the steps below:

Prerequisites

• Register Your Application with Auth0.
  • Select an appropriate Application Type.
  • Add an Allowed Callback URL of https://YOUR_APP/callback.
  • Make sure your Application's Grant Types include the appropriate flows.

Set up your app in Youverse SSO service

To allow users to log in using Youverse SSO, you must register your application with Youverse.

Find your Auth0 domain name and redirect URI

Usually, your Auth0 domain name is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.us.auth0.com and your redirect URI would be https://exampleco-enterprises.us.auth0.com/login/callback (if your tenant is in the US and was created before June 2020, then your domain name would be https://exampleco-enterprises.auth0.com). If you are using custom domains, your redirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

Send a request to Youverse for setting up your app

For setting up your app with Youverse, please send an e-mail to support@youverse.id requesting a SSO service account and provide your app name, Auth0 domain, and redirect URI. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.

Create an enterprise connection using Auth0 Dashboard

1. Navigate to Auth0 Dashboard > Authentication > Enterprise, locate Open ID Connect, and click its +.
2. Enter the details for your connection, and select Create:
   
   • Connection name: Logical identifier for your connection: It must be unique for your tenant (e.g. "yoonik-oidc").
   • Issuer URL: https://accounts.yoonik.me/.well-known/openid-configuration
   • Client ID: Unique identifier for your registered application. Enter the saved value of the Client ID for the app you previously registered with Youverse.
   • Callback URL: URL to which Auth0 redirects users after they authenticate. Ensure that this was the value you previously provided to YooniK.
   • Sync user profile attributes at each login: When enabled, Auth0 automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Auth0.
3. In the Settings view, make the following configuration adjustments, and then click Save Changes:
   
   • Type: Set to Back Channel.
   • Client Secret: Enter the saved value of the Client Secret for the app you previously registered with Youverse.
   • Scopes: Enter "openid profile".
4. In the Login Experience view, configure how users log in with this connection and then click Save:
   
   • Check the Display connection as a button box.
   • Button display name: Youverse.
   • Button logo URL: https://yk-website-images.s3.eu-west-1.amazonaws.com/logo.png.
5. In the Applications view, enable the applications that you want to use this connection.

Before you go

At Youverse, we’re putting together the next big authentication revolution: enable anyone, anywhere, to authenticate to any device with any account. Handsfree and in full privacy. We’re integrated with Auth0, Okta, One Login, AWS Cognito, and continuously expanding this list.

To get more information and free trial licenses please contact us or join our Discord community.