Previous Topic: Use Case 1: Single Sign-on Based on Account Linking

Next Topic: Use Case 3: Single Sign-on with No Local User Account

Use Case 2: Single Sign-on Based on User Attribute Profiles

In Use Case 2, smcompany.com buys parts from a partner named partsco.com.

An engineer authenticates at his employee portal, smcompany.com and clicks a link to access information at partsco.com. Because the user is an engineer at smcompany.com, he is taken directly to the Specifications and Parts List portion of partsco.com's web site without having to sign in.

When a buyer for smcompany.com authenticates at smcompany.com and clicks a link to access information at partsco.com, she is taken directly to the ordering area of partsco.com's web site without having to sign on.

Additional attributes, such as user name are passed from smcompany.com to partsco.com to personalize the interface for the individual user.

Partsco.com does not want to maintain user identities for all employees at smcompany.com, but access to sensitive portions of the Partsco.com Web site must be controlled. To do this, partsco.com maintains a limited number of profile identities for users at smcompany.com. One profile identity is maintained for engineers and one profile identity is maintained for buyers.

When an employee of smcompany.com accesses partsco.com, user attributes are sent in a secure manner from smcompany.com to partsco.com, which uses them to determine what profile identity should be used to control access.

More information:

Solution 2: SSO Using User Attribute Profiles