About single sign-on
Single sign-on (SSO) is a user authentication service that allows a user to use a single set of login credentials to access multiple applications. Thus, to access Platform, you can be authenticated by the credentials used for signing in to your corporate network. You do not need to enter a username and password once again. Your identity authorized externally is mapped to your identity defined in Access Manager.
SSO provides better security and enhances usability by eliminating password chaos (lowering password fatigue).
In Access Manager, SSO is implemented through the concept of identity brokering and identity providers that are based on SAML v2.0 and Open ID Connect v1.0 protocols. For details about these protocols, see About SAML & OpenID Connect.
Identity brokering and identity providers
An identity provider is a system entity that creates, maintains, and manages identity information for users (these can also be services or systems) and provides user authentication to other service providers within a federated or distributed network.
An identity broker is an intermediary service that connects multiple service providers with different identity providers. The identity broker creates a trust relationship with an external identity provider to use its identities to access internal services offered by service providers.
From a user perspective, an identity broker provides a user-centric and centralized way to manage identities across different security domains or realms. An existing account can be linked with one or more identities from different identity providers or even created based on the identity information obtained from them.
An identity provider is usually based on a specific protocol that is used to authenticate and communicate authentication and authorization information to their users. For example, it can be a business partner whose users need to access your services, or it can be a cloud-based identity service with which you want to integrate.