SSO and cross-platform authentication
Single Sign-On (SSO) is an authentication process that enables customers to access multiple applications or services after authenticating once. Rather than requiring separate logins for each system, SSO uses a centralized identity provider (IdP) or broker to issue and manage sessions. This simplifies access for customers, reduces password fatigue, and improves security and customer experience.
Standards-based protocol support
Strivacity supports both OpenID Connect (OIDC) and SAML 2.0, allowing brands to integrate with a wide range of client apps and third-party systems.
OIDC (OpenID Connect)
A lightweight authentication layer on top of OAuth 2.0, often used for modern web and mobile apps.
Strivacity can act as:
- Identity Provider (IdP): When an application delegates authentication to Strivacity.
- Relying Party (RP): When Strivacity accepts authentication from an external OIDC IdP.
Supported grant types and features:
- Authorization code flow (recommended for web and mobile)
- Client credentials (for service-to-service communication)
- Refresh token
- Implicit flow (supported for legacy apps; not recommended)
SAML 2.0
Commonly used for enterprise SSO across internal systems and legacy applications.
Strivacity can act as:
- Identity Provider (IdP): Brands configure Strivacity to issue SAML assertions to applications.
- Service Provider (SP): Strivacity can consume SAML assertions from upstream IdPs (for example, enterprise identity providers).
Supported SAML flows:
- SP-initiated: The customer starts from the service provider, which redirects to the identity provider (Strivacity) for authentication.
- IdP-initiated: The customer starts from the identity provider (Strivacity) and is redirected to the service provider with an assertion.
Identity federation
Brands can configure Strivacity to accept authentication from external identity providers, including:
- Enterprise IdPs
- Social providers (for example, Google, Facebook, LinkedIn)
Federation configuration includes:
- Trust relationship setup (for example, client ID/secret, certificates, endpoints).
- Attribute mapping to identity store fields.
- Optional Just-In-Time (JIT) provisioning of new identities.
Federated login can be offered as a primary login method or as part of an account linking experience within the login journey.
Cross-platform SSO session management
Strivacity maintains centralized SSO sessions in the cloud. These sessions enable customers to access multiple applications associated with the same identity store, without needing to re-authenticate.
Key capabilities:
- Cross-domain support: Applications hosted on different domains or subdomains can share an SSO session, as long as they use the same identity store.
- Session persistence: The “keep me logged in” setting (configured in the application settings) ensures that SSO sessions span browser closures and device restarts.
- Session enforcement: Brands can apply inactivity timeouts and re-authentication triggers based on risk or customer actions.
- Silent login: When a session exists, customers are automatically signed in without seeing a login screen.
- Legacy application support: Use the Strivacity Login Gateway to extend SSO to header-based apps and other legacy systems that don't natively support modern protocols.
Instance-level multi-brand and policy support
Strivacity allows brands to deliver differentiated login experiences, identity configurations, and policies within a single instance. This supports a wide range of B2C, B2B, and B2B2C use cases without requiring separate environments.
Configuration options include:
- Branding policy: Set distinct logos, colors, and screen messaging per brand or organization.
- Policy enforcement: Apply different policies, journey logic, or consent collection per application or brand.
Each brand or organization hosted within the same instance can have its own SSO settings, identity workflows, and customer journeys, while sharing centralized infrastructure.
Updated 27 days ago