EASIE SSO (single sign-on) is a way for applications to provide enterprise-grade SSO through a multi-tenant OpenID provider, with initial support for

Easy and secure identity for the enterprise

submited by
Style Pass
2024-11-22 21:00:04

EASIE SSO (single sign-on) is a way for applications to provide enterprise-grade SSO through a multi-tenant OpenID provider, with initial support for Google and Microsoft OIDC. It is designed to be an easier alternative to SAML SSO.

Importantly, EASIE SSO works primarily over OpenID Connect endpoints and eliminates the usual back-and-forth associated with SAML SSO:

EASIE SSO can either be setup by application administrators or directly by the enterprise if the application provides a self-serve flow.

It is important to verify this information with an authorized party within the enterprise, usually a member of the IT department.

If an application provides a self-serve flow to setup EASIE SSO, it is critical to prompt the user with a challenge to verify their authority. Self-serve TLS certificate authorities have developed several challenge types that are acceptable for EASIE. For example, you may reference Let's Encrypt to develop a suitable challenge.

EASIE SSO does not currently support a mechanism for continuously syncing users in the enterprise's directory. In turn, there is currently no way to provision accounts proactively, before a user visits the application.

Leave a Comment