Single Sign-on (SS0)
SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider.
Traditionally, after our users register with our website we assign a unique cookie to the user when they want to log in to our product.
These cookies keep track of whether a user is logged in and under what name. It also saves login information to prevent users from repeatedly entering their passwords.
This process occurs once until our users terminate their session or until the validity period defined for the session expires.
The point we need to pay attention to here is that our users lose control over their personal data due to the use of SSO, and we should not forget that we are expanding the tracking and targeting of the big tech SSO providers on our website users.
In addition, due to the fact that we do not have control over exactly what information is shared with these companies, it becomes difficult for us to comply with transparency and accountability principles.
Last updated
Was this helpful?