SSO

Authenticate your users with FaceSign Facial Biometrics

---

Managing multiple passwords for different applications is a constant challenge for users and a vulnerability point for companies. The Single Sign-On (SSO) emerges as an elegant solution, allowing users to access multiple services with a single secure authentication. FaceSign elevates this concept to the next level with Biometric SSO, using facial recognition technology as your secure and non-transferable digital passport.

What is FaceSign's Biometric SSO?

FaceSign's Biometric SSO transforms your user's FaceSign account into a reliable and secure Identity Provider (IdP) Similar to the "Log in with Google" or "Log in with Facebook" functionality, your application can offer the "Login with FaceSign" option. By choosing this option, the user is authenticated through their unique facial biometrics, ensuring fast, convenient, and extremely secure access, eliminating the need for traditional passwords for your integrated applications.

How Does It Work?

The authentication flow is designed to be simple for the user and flexible for the developer:

1. Login Start: In your application (website or app), the user clicks the "Login with FaceSign" button.

2. FaceSign Call: Your application redirects the user or opens a webview to FaceSign's authentication interface.

3. Biometric Authentication: The user performs the facial biometric verification. FaceSign's 3D Liveness technology ensures it is a real person, preventing fraud.

4. Consent (if applicable): The first time the user accesses your application via FaceSign SSO, they may need to consent to sharing basic information (configurable).

5. Callback to Application: After successful authentication, FaceSign returns control to your application via a pre-configured callback URL. This return can be done via Redirect (user's browser is redirected) or Webhook (a server-to-server call).

6. Token Validation: Your application receives a parameter (token) in the callback. To confirm the authenticity of the login, your backend must call FaceSign's validation endpoint (/api/singlesignon/validate/), sending this token and the configured encryption key.

7. Granting Access: If validation is positive, your application receives confirmation and the user's data (if configured to do so, such as CPF, Name) and grants the user access.

Key Features and Benefits

• Biometric Security: Replaces vulnerable passwords with high-precision facial authentication with 3D Liveness.

• Extreme Convenience: Fast, frictionless login for the user – just a glance.

• Simplified Experience: Reduces password fatigue and simplifies access to multiple platforms.

• Flexible Implementation: Supports different login flows and callback methods (Redirect/Webhook) to adapt to your architecture.

• Data Control: Allows configuring which user data (previously consented) is shared with the application via the payload in the callback.

• Centralized Management: Easy configuration through the FaceSign Admin Panel.

Implementation Guide

Integrating FaceSign SSO involves the following main steps:

1. Define Callback URL: Create a page/endpoint in your application dedicated to receiving the FaceSign SSO return.

2. Configure in FaceSign Panel: Access the FaceSign admin panel, go to the SSO features section and enter the defined callback URL.

3. Choose Callback Method: Select whether you prefer to receive the return via Redirect or Webhook.

4. Manage Encryption Key: Use the default encryption key generated by FaceSign or configure your own key (ensuring the same key is used in validation).

5. Implement Validation: In your application's backend, implement the call to FaceSign's validation endpoint, passing the token received in the callback and the encryption key.

6. Handle Response: Process the validation response to grant or deny the user's access.

Security First

Security is the foundation of FaceSign SSO. The use of encryption keys and the need to validate the token received at our endpoint ensure that only legitimate authentications are accepted, protecting both the user and your application.

Conclusion

FaceSign's Biometric SSO offers an unbeatable combination of security and convenience. By adopting it, you not only strengthen protection against unauthorized access, but also provide a modern, frictionless login experience for your users, increasing engagement and trust in your platform.

---

Single Sign-On

Single Sign-On (SSO) uses the FaceSign APP to allow a single authentication for multiple applications. Users authenticate once and are automatically logged into other integrated apps.

Make it easier for users to authenticate on your site using the Login with FaceSignfeature. With this option, users can access your site by logging into a FaceSign account, which simplifies the authentication process and secure sharing of information.

The platform supports custom buttons and multiple login flows to ensure the best user experience.

Additionally, the sign-up step consists of obtaining the FaceSign account owner's consent to access your system through the user's biometrics.

Implementation

Below is a step-by-step guide to create a page in your application that will receive the SSO callback:

1. Create a page in your application where you will receive the SSO callback. Make sure the page has a unique URL and is ready to receive parameters.

2. On the created page, configure it to expect a parameter that will be sent by FaceSign. This parameter should be provided in the FaceSign registration.

3. Configure the callback page in FaceSign. To do this, go to the client edit page in FaceSign.

1. Click on the features tab and look for the field Callback URL

1. and enter the URL of the page created earlier as the callback URL. WebhookIf you choose to use a

1. , select the corresponding option and enter the callback URL. Make sure you are using the same encryption key for FaceSign and for your application. If your application does not use its own encryption key, just leave the key

2. field blank and a default key will be created automatically.

With the model validated, apply the authentication rule in your application. If the validation response is positive, you can consider the user authenticated and allow access to your application. Otherwise, deny access. Make sure you are storing the necessary user data securely and in accordance with applicable data protection laws.

Questions? Didn't find something or still need help? If you are already a client or partner you can contact us through the.