Skip to main content

Introduction to Single Sign-On (SSO)

NineData supports logging in to the NineData console via Single Sign-On (SSO) to reduce the time cost of logging in and increase efficiency. This article introduces the basic concept of SSO.

Concept

SSO (Single Sign-On) is an authentication technology that allows you to access multiple applications with a single set of credentials without having to enter your username and password every time. This reduces the risk of identity information being stolen or spied on, and improves user experience and convenience.

In an SSO system, there are usually three core roles:

  • User: an individual or entity that needs to access multiple applications or systems.
  • Service Provider (SP): provides the application or system that requires authentication, in this case NineData.
  • Identity Provider (IdP): a central identity service responsible for authentication and credential management, such as Azure AD.

When you try to access NineData, SSO will redirect your access request to the identity provider for authentication. Once authentication is successful, the identity provider will issue an assertion containing your authentication information to NineData. NineData then verifies your identity through the assertion and grants you access.

Workflow Explanation

The workflow of Single Sign-On (SSO) involves various aspects such as Service Provider (SP), Identity Provider (IdP), credential validation, and session management, which require standard authentication protocols such as SAML, OpenID Connect, etc. to achieve authentication and authorization across different systems.

  1. The user accesses NineData.
  2. NineData checks if the user is already logged in. If not, the user is redirected to the login page of the Identity Provider (IdP).
  3. The user provides their credentials (such as username and password) to log in. Once the credentials are validated, the IdP sends an assertion or token to NineData to identify the user.
  4. NineData receives the assertion or token to confirm the user has been authenticated and provides access to the user.
  5. If the user accesses another SP application, the application requests the user to provide their credentials. If the user has already been authenticated in step 3, the IdP does not require the user to provide their credentials again and sends an assertion or token directly to the SP to confirm the user's identity.
  6. If the user logs out, the IdP terminates all sessions and redirects the user back to the NineData login page for re-login.

Configuration Method

To enable enterprise users to log in to NineData via SSO, the following configuration steps are required:

  1. Add the configuration information of the identity provider (IdP) in NineData to establish trust between NineData and IdP. See Enable SSO Login for more information.

  2. Configure NineData as a trusted service provider (SP) in IdP and configure SAML assertion attributes to establish trust between IdP and NineData. See Configure IdP for more information.

  3. Create SSO users that match IdP so that enterprise users can log in to NineData via SSO. See Create SSO User for more information.

    tip

    If you have enabled the option in Step 2, the system will automatically add the user when they log in to NineData via SSO, and you do not need to perform this step again.

After completing the above steps, enterprise users can log in to NineData via SSO. See Log in to NineData via SSO for more information.