Single Sign-On (SSO) simplifies the login process by allowing users to access multiple applications with a single set of credentials. For platforms like JollyDeck, SSO means easier access for your team and stronger security for your organisation.
Below, we answer the most common questions about SSO on JollyDeck, including the differences between SAML and OAuth, their pros and cons, and how to get started.
What SSO options does JollyDeck support?
JollyDeck supports several authentication methods:
- OAuth 2.0 / OpenID Connect: Our recommended SSO method, ideal for modern, cloud-based systems. Supports providers like Google, Microsoft Azure AD, Okta, and more.
- SAML 2.0: A traditional enterprise SSO option for integration with corporate identity providers (e.g. ADFS).
- Active Directory / LDAP: For organisations with on-premise directory infrastructure.
- Manual Accounts: Direct login credentials for users without SSO access.
- Self-Registration: Enables users to create their own accounts for quick onboarding.
For the latest updates and configuration details, contact JollyDeck support.
What is SAML?
SAML (Security Assertion Markup Language) is an older Single Sign-On standard that lets an Identity Provider (IdP) verify a user’s identity for multiple services (Service Providers) through one login. SAML messages use XML, which was the norm for enterprise identity systems. SAML enables users to log in once and access multiple applications securely.
What is OAuth?
OAuth is a newer framework focused on authorization. It grants third-party applications limited access to resources on a user’s behalf. Instead of sharing passwords, OAuth uses temporary tokens, and when combined with OpenID Connect (which adds user identity on top), it can serve as a full single sign-on solution.
What’s the difference between SAML and OAuth?
| Feature/Aspect | SAML | OAuth |
| Core function | User authentication (verifying identity) and SSO between services. | Delegated authorization (access control); with OIDC, it also handles user authentication for SSO. |
| Data format | XML-based messages (SAML assertions) | JSON (typically uses JWT – JSON Web Tokens) |
| Security | Employs XML digital signatures & encryption of assertions (high security) | Depends on secure tokens over HTTPS (TLS); trust is placed in token secrecy and transport security. |
| Complexity | Complex to implement (involves XML, multiple configurations; designed with older systems in mind) | Lightweight and easier to implement (JSON/REST design is developer-friendly) |
| Best suited for | Large enterprises or government systems with established identity federations (legacy IdPs). | Cloud-first applications, mobile or single-page apps, and APIs – basically any modern platform where flexibility and speed matter. |
| Ecosystem compatibility | Built into many legacy enterprise ecosystems (works with older standard enterprise SSO frameworks) | Widely adopted in cloud and SaaS ecosystems; standard for integrating with newer identity providers and services. |
| Performance | Relatively heavy: verbose XML can make transactions slower and consume more resources | High-performance: lightweight tokens pass minimal data, making it quicker |
| Authentication | Yes (proves identity) | Only with OpenID Connect extension |
| Authorization | Yes (via attributes/roles) | Yes (main purpose) |
What are the pros and cons of SAML vs. OAuth?
SAML
Pros:
- Proven security: SAML messages are signed and can be encrypted, protecting sensitive authentication data in transit.
- Enterprise-proven SSO: A mature and widely adopted standard used by large enterprises and government agencies.
- Broad compatibility: Integrates seamlessly with traditional identity systems like Active Directory, LDAP, and older SSO frameworks.
Cons:
- Complex setup: Configuring SAML involves managing metadata, exchanging certificates, and maintaining XML schemas.
- XML overhead: SAML’s verbose message format can slow down integrations and increase processing demands.
- Not mobile-friendly: Lacks native support for mobile and single-page applications, requiring workarounds or additional tooling.
OAuth (with OpenID Connect)
Pros:
- Built for today’s cloud: OAuth 2.0 with OIDC is the standard for SaaS applications and cloud identity providers.
- Fast setup: Lightweight JSON-based messages and fewer configuration steps mean quicker integrations.
- Widespread support: Supported out of the box by Google, Microsoft Azure AD, Okta, and most other major identity platforms.
- API-friendly: Designed to grant limited access to APIs without sharing passwords, ideal for modern, interconnected systems.
- No password sharing: Keeps credentials secure by using short-lived tokens over secure HTTPS connections.
Cons:
- Needs an identity layer: OAuth by itself doesn’t handle user login; OpenID Connect is required to authenticate users.
- Requires careful implementation: Security depends on best practices like proper token handling, secure storage, and HTTPS.
While both protocols offer secure and widely adopted SSO solutions, the best choice depends on your organisation’s identity infrastructure and use cases. OAuth 2.0 with OpenID Connect typically suits modern, cloud-native environments where speed, flexibility, and interoperability are paramount. SAML, on the other hand, remains a robust option for organisations operating traditional enterprise systems with established identity management tools.
At JollyDeck, we support both protocols and tailor integration recommendations based on your technical setup and security posture. Whether you’re deploying in a modern SaaS environment or connecting to on-premise directories, we’ll help you implement the most effective and seamless SSO experience.
Authentication and login options
JollyDeck supports a range of login methods to suit diverse organisational setups. While both SAML and OAuth are available, we typically recommend OAuth 2.0 with OpenID Connect for most organisations.
OAuth offers:
- A streamlined and intuitive login flow that improves the user experience
- Quick integration with leading identity providers like Azure AD, Google, and Okta
- Support for modern web and mobile environments, as well as API-based integrations
- Simplified setup and ongoing maintenance compared to legacy protocols like SAML
However, if your organisation has existing SAML infrastructure – such as Active Directory Federation Services (ADFS) or other XML-based systems – JollyDeck also provides robust support for SAML-based SSO.
Whatever your choice, our team ensures secure implementation and can guide you through best practices for protecting user credentials and maintaining compliance.
When should I use SAML vs. OAuth with JollyDeck?
Use SAML if:
- Your organisation relies on on-premise identity systems or traditional enterprise tools
- You’re using an identity provider like ADFS that communicates primarily via SAML
- Your internal IT policies or infrastructure mandate XML-based authentication flows
Use OAuth 2.0 with OpenID Connect if:
- You want fast, modern integration with minimal configuration
- You’re using cloud identity providers like Okta, Microsoft Azure AD, or Google Workspace
- You plan to integrate JollyDeck with web or mobile applications
- You require delegated access or plan to interact with APIs securely
For most cloud-first organisations and modern technology environments, OAuth (via OpenID Connect) typically provides the best balance of security, usability, and ease of integration.
Still not sure? Our support team is ready to assess your setup and recommend the most effective integration path.
How do I set up SSO on JollyDeck?
SAML Setup
- Configure your Identity Provider (IdP) according to SAML 2.0 specifications
- Share the SAML metadata or endpoint URL with JollyDeck for service provider configuration
OAuth / OpenID Connect Setup
- Register JollyDeck as a new application in your identity provider’s admin console (e.g. Azure AD, Okta, Google)
- Provide client ID, client secret, and discovery URL (or well-known endpoint) to JollyDeck
- Our team will configure the connection and test the flow with your user group
LDAP / Active Directory Setup
- Ensure your directory server is securely accessible by JollyDeck
- Provide binding credentials and configuration settings for synchronisation
- We’ll establish the connection and verify user provisioning and access controls
Are there any security considerations?
Both SAML and OAuth can be implemented securely when best practices are followed:
- SAML: Secures communication via XML signatures and encryption. Ensure certificates are rotated periodically and metadata is up-to-date.
- OAuth: Relies on secure token handling and HTTPS. Ensure tokens are short-lived, securely stored, and access scopes are tightly defined.
Our team helps you implement each protocol in a way that aligns with your organisation’s security and compliance requirements.
Always follow best practices for both protocols to protect user data.
What if I need more flexibility or have unique requirements?
If your organisation needs a hybrid approach, custom authentication flow, or integration with a niche identity provider, contact our support team. We’ll work with you to design a secure and efficient solution that fits your specific needs.
Conclusion
JollyDeck supports a full range of authentication options for organisations of all sizes and technical setups. Whether you’re using OAuth, SAML, LDAP, or simple login credentials, our goal is to make access easy, secure, and scalable. If you’re unsure which protocol is best for your organisation, reach out and we’ll help you choose the right path.
If you’re unsure which approach best fits your setup, our team is available to advise and support your integration process.