Less passwords, please: ONLYOFFICE updates Single Sign-on via Shibboleth

9 November 2017By Ksenija

Hello, everyone!

By popular demand we have extended the Single Sign-on feature that allows you to log in via third party services. Now we are happy to introduce the updated SSO via Shibboleth.


What are the benefits of using Single Sign-on?

In a few words, the Single Sign-on (SSO) technology permits users to sign in only once to access multiple applications and services.

  • SSO helps users reduce password fatigue as they don’t have to re-enter multiple logins and passwords.
  • SSO enables easy administration of user accounts and activities.
  • SSO is another way to mitigate the risk of unauthorized access since passwords aren’t stored in the system.
Why Shibboleth and how does it work?

The story of the Shibboleth project began 17 years ago, and now it is one of the most popular and widely used solutions for web single sign-on within or between organizations. It is open source software based on the secure federated identity standard SAML, Security Assertion Markup Language.

As for ONLYOFFICE SSO, Shibboleth takes the role of the identity provider (IdP), while ONLYOFFICE implements the service provider (SP). It means that Shibboleth supplies user information, when ONLYOFFICE consumes it and grants access to the portal content.

The mentioned SAML standard allows to transmit user authentication data between Shibboleth and ONLYOFFICE through security tokens. So the passwords are stored in tokens, generally in cryptographic form, what guarantees their security even if the token is compromised.

Read more about the Single Sign-on feature in our Help Center. Detailed guide on how to configure Shibboleth IdP and ONLYOFFICE SP you will find here.