This function is only available to users with the System Administrator roleSingle Sign-On
Seamless access for authority and public users
The purpose of ASSURE Single Sign-On (SSO) is to provide seamless access to ASSURE for both authority users and public users without the need for them to sign on specifically using a separate ASSURE username and password.
Instead, if the user is either signed in to your authority’s corporate network, or signed in to your authority’s public website, there is no requirement for them to go through an additional log in to ASSURE.
-
For authority users, ASSURE integrates with Microsoft Entra ID (previously known as Azure Active Directory or AAD). Entra ID verifies the user's credentials and then passes these to ASSURE. If the user has not already been created as a user in ASSURE a suitable warning is displayed and the user account can be created by an ASSURE system administrator. If the user is an existing ASSURE user they will be logged into ASSURE seamlessly.
-
For public users, ASSURE integrates using the OAuth protocol to Microsoft Entra ID B2C (business-to-consumer), or to another OAuth-compliant identity access management (IAM) provider. ASSURE also includes its own JWT token-based third-party authentication.
OAuth 2.0
OAuth (Open Authorisation) is an open standard for token-based authorisation on the Internet. OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services without exposing the user's password.
ASSURE has been tested with the following IAM platforms:
-
OAuth 2.0 with JWT (for example, Jadu Continuum CMS)
-
OAuth 2.0 with SAML (for example, Firmstep Service)
-
OpenID® Connect (an extension of OAuth)
JSON Web Token
JavaScript Object Notation Web Token (JWT) is a token format that defines a compact and self-contained mechanism for transmitting data between parties in a way that can be verified and trusted because it is digitally signed.
SAML 2.0
Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions).
OpenID Connect
OpenID Connect (OIDC) is an authentication protocol based on the OAuth 2.0 family of specifications. OpenID Connect can authenticate users across websites without having to own and manage password files.
ASSURE third-party authentication
ASSURE also includes its own JWT token-based third-party authentication for public users.
-
On request, ASSURE will provide a single-use access token for a specific ASSURE user identified by their email address and their first and last names.
-
Optionally, the token will be encrypted using a pass phrase based on your ASSURE root URL. This pass phrase is itself encrypted.
-
If the user is not recognised, the usual Registration page is displayed first.
The implementation includes a Token Authenticator test harness (TokenAuthenticator.exe) which requires only Microsoft .NET 4.8.
