Single Sign On
SSO - The generic use case
SSO gives users the ability to log in to multiple applications without the need to enter their password more than once.
OIDC enables an application to verify the identity of users from an organisation without the need to self store and manage them, and without doing the identification process and exposing their passwords to that application. Their lists of users and passwords are kept safe in one single place, in the IdP that the organisation has chosen to use. The Authorisation server of the IdP identify the users for a pre-registered and approved application (
client in OAuth and OIDC terminology).
SSO in Tyk
SSO is sometimes complicated to understand or set up but once you get the basics and learn to set up our TIB - Tyk-Identity-Broker it becomes an easy task.
Using our Tyk-Identity-Broker (TIB), you can do both - use your existing users directory to login to the Dashboard or Developer Portal and have a SSO. TIB, among other options, supports three methods for login to Tyk’s UI:
- Login with 3rd party social providers
- Login with any IdP that supports ODIC
- Login with LDAP (not using OIDC)
Tyk Identity Broker (TIB)
TIB is an open-source project which can be used to integrate Tyk authentication with 3rd party identity providers (IDPs). TIB has been designed as a glue-code solution, so it can integrate with almost any identity provider (IDP) including all the known Social providers. See our TIB detailed overview for further information.
SSO is sometimes complicated to understand or set up but once you get it and learn to use our Tyk-Identity-Broker it becomes an easy task.
In short, all you need is as follow:
- Get TIB from its repo
- Create a profile for your preferred IDP
- Get the
secretthat are defined on your IDP
- Set the
callback endpoint of TIBon your IdP account under the
- Call TIB endpoint to start the login
- More Docs for the flow can be found on our GitHub TIB repo README and our 3rd Party integration docs
See using a Social Identity Provider for details of using SSO with Social Identity Providers. Instructions on setting SSO with Google+ will be added soon.
- Instruction on setting SSO with Okta
- Instructions on setting SSO with PingID - will be added soon
- Instructions on setting SSO with Auth0 - will be added soon
- Instructions on setting SSO with keycloak - will be added soon
Our SSO REST API allows you to implement custom authentication schemes for the Dashboard and Portal. Our Tyk Identity Broker (TIB) internally also uses this API. See Dashboard Admin API SSO for more details.
Detailed instruction on setting SSO with LDAP.
See apply search filters to add advanced search to your LDAP authentication.