Description
Single Sign-On (SSO) enables users to securely access openSIS using their existing organizational credentials without maintaining a separate username and password for the application. Instead of authenticating directly with openSIS, users sign in through a trusted identity provider such as Microsoft Entra ID (formerly Azure Active Directory) or Google Workspace.
SSO simplifies the login experience, improves security, and helps institutions centrally manage user authentication and access policies.
Benefits of Using SSO
Implementing Single Sign-On in openSIS provides several advantages:
-
Simplified User Experience – Users sign in with the same credentials they already use within their organization.
-
Improved Security – Authentication is handled by a trusted identity provider that can enforce security policies such as Multi-Factor Authentication (MFA) and Conditional Access.
-
Reduced Password Management – Eliminates the need for users to remember separate openSIS passwords.
-
Centralized User Management – User accounts and access can be managed from the organization's identity provider.
-
Faster Onboarding and Offboarding – Grant or revoke access by managing users in the identity provider.
Supported Identity Providers
openSIS supports integration with popular identity providers, including:
-
Microsoft Entra ID (Office 365 / Azure Active Directory)
-
Google Workspace
Each provider requires its own configuration and credentials before users can authenticate using SSO.
How SSO Works
The authentication process follows these general steps:
-
A user selects the Single Sign-On option on the openSIS login page.
-
The user is redirected to the configured identity provider.
-
The identity provider verifies the user's credentials.
-
After successful authentication, the user is securely redirected back to openSIS.
-
openSIS grants access based on the authenticated user account and assigned permissions.
This process allows users to authenticate without creating or managing a separate openSIS password.
Before enabling Single Sign-On, ensure that:
-
An identity provider has been configured for your organization.
-
Administrative access is available to the identity provider.
-
Required application credentials, such as Client ID, Client Secret, and Redirect URI (depending on the provider), have been obtained.
-
User accounts in the identity provider correspond to users in openSIS.
Notes
-
SSO configuration should be performed by an administrator with access to both openSIS and the identity provider.
-
Users must exist in both the identity provider and openSIS to successfully sign in.
-
Authentication policies such as Multi-Factor Authentication (MFA) are managed by the identity provider.
Expected Outcome
Administrators understand the purpose of Single Sign-On, its benefits, and how it integrates with openSIS before proceeding with provider-specific configuration.