Skip to main content

Introduction to Single Sign-On (SSO)

NineData supports logging in to the NineData console via Single Sign-On (SSO) to reduce the time cost of logging in and increase efficiency. This article introduces the basic concept of SSO.

Concept

SSO (Single Sign-On) is an authentication technology that allows you to access multiple applications with a single set of credentials without having to enter your username and password every time. This reduces the risk of identity information being stolen or spied on, and improves user experience and convenience.

In an SSO system, there are usually three core roles:

  • User: an individual or entity that needs to access multiple applications or systems.
  • Service Provider (SP): provides the application or system that requires authentication, in this case NineData.
  • Identity Provider (IdP): a central identity service responsible for authentication and credential management, such as Azure AD.

When you try to access NineData, SSO will redirect your access request to the identity provider for authentication. Once authentication is successful, the identity provider will issue an assertion containing your authentication information to NineData. NineData then verifies your identity through the assertion and grants you access.

Workflow Explanation

The workflow of Single Sign-On (SSO) involves various aspects such as Service Provider (NineData), Identity Provider (IdP), credential validation, and session management, which require standard authentication protocols such as SAML, OpenID Connect, etc. to achieve authentication and authorization across different systems.

sso_structure

Configuration Method

To enable enterprise users to log in to NineData via SSO, the following configuration steps are required:

  1. Add the configuration information of the identity provider (IdP) in NineData to establish trust between NineData and IdP. See Enable SSO Login for more information.

  2. Configure NineData as a trusted service provider (SP) in IdP and configure SAML assertion attributes to establish trust between IdP and NineData. See Configure IdP for more information.

  3. Create SSO users that match IdP so that enterprise users can log in to NineData via SSO. See Create SSO User for more information.

    tip

    If you have enabled the option in Step 2, the system will automatically add the user when they log in to NineData via SSO, and you do not need to perform this step again.

After completing the above steps, enterprise users can log in to NineData via SSO. See Log in to NineData via SSO for more information.

Last updated on