|
|
|
Recommendation: Service provider initiated Single Sign-on
SilkRoad strongly recommends Service provider initiated Single Sign-On (SP initiated SSO) for the following reasons:
- SP initiated SSO is more secure. It requires a SAMLRequest from SilkRoad to your IDP followed by a SAMLResponse from the IDP to the Life Suite. On the other hand, an IDP initiated SSO configuration is a one-way trust with only a SAMLResponse received by the Life Suite.
- Application links and deep links are easier to work with. With SP initiated SSO, any valid link or deep link to an application is accepted with the authenticated user arriving at the desired target. However, with IDP initiated SSO, a user must use a customer portal with appropriate links through the IDP, which generally makes deep links impossible.
- Single Logout (SLO) is only supported in a SP initiated SSO configuration. With IDP initiated SSO, there is no ability to log out in an application and log out of all the applications associated with the session.
| Copyright © 2015 SilkRoad Technology. All rights reserved. | 
 Print page |