Single Sign On (SSO)

Most governments offer a variety of services to their citizens. It is costly and redundant for each service provider to maintain a separate list of authenticated users and their passwords.

Single Sign-On (SSO) is an authentication scheme that can be integrated into multiple applications to allow a user to access services. It enables a user to log in with a single ID to any of several related, yet independent, software systems.

Having a digital ID-based SSO will drastically simplify the service delivery while reducing the dependence on third-party SSO providers. End users can authenticate themselves to access online services and also securely share their profile information.

ID-based SSO can be connected to any ID that provides a mechanism to authenticate the users.

How does this work?

1. The user visits the service provider and selects the ID-based SSO login option.

2. The user authenticates their identity using any of the available authentication methods.

3. Upon successful authentication, the user's explicit consent is requested to share profile data fields.

4. The service provider authenticates the user’s identity against data stored on any identity system via SSO.

Any ID-based SSO should provide multiple authentication methods, including OTP-based, biometrics, or even wallet-linked authentication.

Benefits of SSO:

1. By providing a secure, efficient log-in mechanism, ID-based SSO increases the ease of doing business for individuals and businesses. Along with increasing digital economic activity, this also presents a potential revenue stream for the government.

2. This can be used for consented data sharing of ID profile fields or for eKYC needs of different applications. An application’s authentication request can also ask for details needed for profile setup or eKYC compliance, which can be shared upon explicitly receiving user consent.

References:

1. https://docs.mosip.io/1.2.0/integrations/e-signet