Single Sign-On (SSO)¶
Single sign-on (SSO) enables users to authenticate with multiple applications by logging in only once.
This guide is a work in progress.
As an example, GitLab offers the following experience as an Identity Provider:
- The user logs in to GitLab for the first time, typing their credentials.
- The user navigates to Kubeflow, which is an OIDC Client to GitLab.
- Kubeflow initiates an OIDC flow to authenticate the user, redirecting them to GitLab to sign in.
- GitLab recognises the user is signed in, because it has stored a session cookie in the user’s browser.
- The user is not asked to type their credentials. They may be asked to authorize the application to access their identity (configurable).
- After granting access to Kubeflow, the user is logged in and redirected to Kubeflow.
The next guide explains how to enforce Single Logout (SLO) for Kubeflow.