SSO interface

How the SSO interface works

1. Login via the identity provider:
   
   • The user attempts to log in to the ExpoCloud Portal. Instead of entering a password directly in the portal, the user is forwarded to the identity provider (e.g. Azure AD or Okta).
2. Centralised authentication:
   
   • The identity provider verifies the user's identity, either through a password, multi-factor authentication or other authentication mechanisms.
3. Token generation and forwarding:
   
   • After successful authentication, the identity provider generates an authentication token (e.g. a JWT token) that confirms the user's identity and is returned to the ExpoCloud portal.
4. Verification of the token in the ExpoCloud Portal:
   
   • The ExpoCloud Portal receives the authentication token and validates it. If the token is valid, the user is authorised to access the portal without further login.
5. Access rights:
   
   • After the user has been authenticated, the ExpoCloud Portal checks the user's corresponding access rights based on the authorisations and roles stored in the identity provider.

Technical implementation

• The ExpoCloud Portal supports common authentication protocols such as SAML 2.0, OAuth 2.0 and OpenID Connect. These protocols enable secure and reliable communication between the identity provider and the ExpoCloud Portal.
• The SSO interface is compatible with common identity providers such as Microsoft Azure Active Directory, Okta, Google Identity and others.
• All connections between the identity provider and the ExpoCloud Portal are secured by SSL/TLS.

Advantages of SSO integration

• You do not have to log in or enter passwords repeatedly, which speeds up and simplifies the login process.
• The integration of SSO centralises the management of user accounts.
• Authentication is carried out by a secure, centralised identity provider that is secured by modern authentication protocols such as SAML, OAuth 2.0 or OpenID Connect.