Single Sign-On

常见问题

What is the difference between Single Sign-On (SSO) and Unified Identity Authentication?

The two are often used interchangeably, but their focuses differ. Unified Identity Authentication emphasizes standardizing the authentication methods of multiple systems into one standard (e.g., uniformly using LDAP or OAuth), while SSO focuses on enabling password-free access across systems after a single login. In practical deployment, SSO typically relies on Unified Identity Authentication as the underlying mechanism—first establishing a unified user identity repository and authentication policies, then using SSO to propagate login states. It can be said that Unified Identity Authentication is the foundation, and SSO is the upper-layer application.

Does SSO mean all systems use the same password?

No. The core of SSO is that the authentication center uniformly verifies user identities, but each system can have its own independent authorization policies. Although users use the same set of credentials to log into the authentication center, each system can decide whether to grant access based on roles, permissions, and other conditions. Additionally, SSO supports Multi-Factor Authentication (MFA), allowing additional verification such as SMS codes or biometrics during login to further enhance security. Therefore, SSO does not equate to weakened security; instead, it can achieve stronger security policies through centralized management.

What are the main challenges of deploying SSO in universities?

Key challenges include: 1) Difficulty in retrofitting legacy systems: Some early-built business systems do not support standard authentication protocols, requiring custom development or proxy adapters; 2) Identity data synchronization: Multiple systems may maintain independent user databases, necessitating reliable data synchronization mechanisms to ensure account changes take effect in real-time; 3) Single point of failure risk: If the authentication center goes down, all systems relying on SSO will be unable to log in, requiring high-availability architecture and disaster recovery plans; 4) User experience balance: Forcing all systems to use SSO may affect usage in offline or special scenarios, requiring appropriate fallback strategies.

How does SSO improve the information security level of universities?

SSO, through a centralized authentication center, can uniformly enforce strong password policies (e.g., length, complexity, periodic changes), Multi-Factor Authentication (MFA), and abnormal login detection (e.g., alerts for logins from different locations, brute-force attack protection). Additionally, since users only need to remember one set of credentials, it reduces password reuse and the behavior of writing passwords on sticky notes, lowering the risk of credential leakage. Furthermore, SSO facilitates Single Logout (SLO), where logging out of one system logs the user out of all associated systems simultaneously, preventing unauthorized access due to forgotten logouts.

How does Mangxu Software's Fusion Portal system implement SSO?

Mangxu Software's Fusion Portal system features a built-in unified authentication center that supports mainstream SSO protocols such as SAML, OAuth 2.0, and CAS, enabling rapid integration with existing university systems like academic affairs, libraries, campus cards, and OA. The system provides a visual configuration interface, allowing integration without extensive code development. Additionally, the Fusion Portal supports Multi-Factor Authentication, dynamic permission management, and audit logs, ensuring the SSO process is secure and traceable. Through the Fusion Portal, universities can achieve a smart campus entry experience with single login and full-network access.