What is Single Sign-On?

Magento ADFS ExtensionSingle Sign-On is the process of centralizing the account verification at centralized authorities. These authorities can be external companies like OneLogin, Google, Facebook, Twitter but also internal servers like Microsoft ADFS or custom applications. In addition the login type that is being used no longer matters to the end application. It doesnt matter wether the customer logs in via username and password, barcode, personal fingerprint identification or a certificate. This is all handeled by the identity provider and when the login is completed succesfully, the identity is persisted on that provider. So when the customer logs in via a new webshop to the same identity provider, its identity is still known and the user is logged in without any personal intermission.

From a business perspective, this security is a good reason to implement Single Sign-On. Another very important factor is to reduce barriers for your customers. Imagine if you have a B2C webshop where customers do a lot of impulse purchases. Having Single Sign-On via social media allows you to easily obtain the information needed to ship products in a matter of seconds, resulting in a very fast process from initial visit to a completed checkout.

We've implemented Single Sign-On for both B2B websites aswell as B2C websites where the revenue went up, the time spent on checkout pages went down and the checkout flow was interrupted less often.

Single Sign-On can be implemented with any system that involves a login to a centralized system, to a great amount of identity providers including Microsoft ADFS, SalesForce, OneLogin, Google+, Facebook, Twitter and many many more.

How does Single Sign-On work?


The process differs per protocol, and there are many protocols available. In the last decade we've implemented Single Sign-On for customers using SAML2 and OAuth2 which are the two most common used protocols to exchange identity information. In addition we have to work with custom built systems aswell, so we've used SOAP, REST, HTTP and even custom written protocols to implement one system with another.

We can write a very long subsection on the flow of Single Sign-On where the image to the right will explain it for you. It differs per protocol where the concept remains the same with every single one of them.

An important factor of Single Sign-On is security. Most of the times when a user logs into the identity provider, the actual user data is sent over to the application which requires a login not by the user itself but via a direct connection from the application to the identity provider. This is called a backchannel resolution and prevents a lot of attack types to obtain the user information or allow attackers to impersonate this specific user.

Magento Login

Single Sign-On is our specialization

It all started in 2008 where i was trained as a SAML2 expert to deal with a Single Sign-On integration of 210 dutch municipalities with the dutch identity system for civilians, called DigiD. Having worked with numerous protocols in the past, it was a matter of dedication and a passion that kept its grip on me which would later evolve in our main business model at Wizkunde. Not only is it lowering the boundaries for customers to have two systems integrated together, it also is satisfactory since a Single Sign-On process has a very straight forward end result.


Why not use our experience and passion to prevent you from pitfalls in Single Sign-On?

To see more about what we can do, please check the 30 second video for a short introduction on Single Sign-On from Wizkunde. We have implemented Single Sign-On for many customers over the years including Nokia, Castrol, Canon, Caterpillar, Fuji-Xerox, PostNL, AusPost and many others.
Not only do we have the knowhow of this, but also the passion to get this integrated for your applications. 


Use our Integration Service


SAML 2

Is a version of the SAML standard for exchanging authentication and authorization data between security domains.

SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain 
single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.

OAuth 2.0

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006.

OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification is being developed within the IETF OAuth WG.


Our Magento Extensions


With our years of experience we learned over time that the process of Single Sign-On is not always straight forward. Version upgrades usually came with new requirements or changed specifications. Our extensions had to adapt to it and made sure that the integration would always work, regarding of the version of the identity provider. This has been the most challenging challenge for us to overcome.

Never the less, we worked for some of the world largest companies, integrating their Single Sign-On environments with Magento 1 and Magento 2. Our Magento Extension is able to not only integrate but also apply very useful logics which will make the Magento Single Sign On integration a lot more useful
Magento and SSO

Check out our Magento Extensions below for integrating Microsoft ADFS with Magento