AAAI-15

Does your solution support any of the following web SSO standards: SAML2 (with redirect flow), OIDC, CAS, or other?

Explanation

This question is asking whether your software solution supports Single Sign-On (SSO) standards for web applications. SSO allows users to authenticate once and gain access to multiple systems without having to log in separately to each one. Specifically, the question asks about these SSO standards: - SAML2 (Security Assertion Markup Language) with redirect flow: An XML-based protocol that allows secure web domains to exchange user authentication and authorization data - OIDC (OpenID Connect): An identity layer built on top of OAuth 2.0 that allows clients to verify user identity - CAS (Central Authentication Service): A single sign-on protocol for the web - Other standards that might be relevant This question is being asked in a security assessment because: 1. SSO reduces password fatigue and improves user experience 2. It centralizes authentication, making identity management more secure and easier to control 3. It allows organizations to enforce consistent authentication policies across applications 4. It simplifies user provisioning and deprovisioning when employees join or leave When answering this question, you should: - Clearly state which SSO standards your solution supports - Provide details about implementation (e.g., which identity providers you've integrated with) - Mention any limitations or specific configurations required - If you don't support standard SSO protocols, explain your alternative authentication approach

Guidance

An answer of "yes" should be well-supported in the Additional Information column, and all elements of interest should be sufficiently addressed.

Example Responses

Example Response 1

Yes Our solution supports SAML2 with redirect flow and OIDC For SAML2, we act as a Service Provider (SP) and can integrate with any Identity Provider (IdP) that supports SAML2, including Okta, Azure AD, OneLogin, and PingIdentity We support both IdP-initiated and SP-initiated flows For OIDC, we support the authorization code flow with PKCE for enhanced security We've successfully implemented SSO with Google Workspace, Microsoft Entra ID (formerly Azure AD), and Auth0 Our implementation follows security best practices including proper validation of tokens, secure handling of secrets, and appropriate session management after authentication.

Example Response 2

Yes Our application supports SAML2 with redirect flow as our primary SSO method We've implemented this as a Service Provider and have documented integrations with major Identity Providers including Microsoft Entra ID, Okta, and Google Workspace We also support CAS protocol version 3.0, which some of our education sector clients use While we don't currently support OIDC, it's on our product roadmap for Q3 this year All SSO configurations can be enabled through our administrative console, and we provide step-by-step documentation for setting up each supported IdP Our SSO implementation includes security features such as certificate validation, automatic user provisioning, and role mapping from IdP attributes.

Example Response 3

No Our solution currently does not support standard web SSO protocols like SAML2, OIDC, or CAS Instead, we use a proprietary authentication system that requires users to create accounts specific to our application We recognize this limitation and understand the security and usability benefits of standard SSO protocols We're currently developing SAML2 and OIDC support with an expected release in our next major version update in approximately 6 months In the meantime, we do offer API-based integration options that allow customers to build custom authentication workflows, though this requires development effort on the customer's part.

Context

Tab: Product
Category: Authentication, Authorization, and Account Management