Skip to main content
Concentric Circles
Authentication symbols in different colors

One Simple Integration to Support Many Identity Providers

In just 5 minutes, integrate Keycloak SSO with most popular identity and access management providers. SSO enables a universal login flow for a secure and consistent experience.

By choosing Phase Two and Keycloak, you are choosing a cost-effective SSO solution that will scale with your application. As your customers expand, you have a solution that will not balloon in cost.

Connect and Authenticate Your Customer’s Users to Your App

Streamlined onboarding of your customer’s users leads to increased engagement, lower friction, and better retention. Customer can configure their own SSO provider for a consistent experience.

Leverage the Organization extension to setup clean separation of users based on domain. With SSO and Organizations you will be able to Authenticate and Authorize users.

Diagram showing connecting user's apps
Color Gradient

Identity Provider Integrations Galore

Our SSO supports dozens of popular identity providers, and provide complete SAML and OpenID Connect implementations for most of the rest. Offload setup effort by leveraging the Admin Portal to allow your customer Admins to setup and configure their own SSO.

Okta Logo
Auth0 Logo
Azure Logo
Google Workspace Logo
Active Directory Logo
JumpCloud Logo
Onelogin Logo
Ping Identity Logo
Duo Security Logo

+ many more

Cost-Effective Single Sign-On

Phase Two makes it easy to quickly add SSO to any number or customers. As your application grows in users, your cost will not. This allows for a predictable cost model for you, but the ability to deliver a fantastic customer experience.

Frequently Asked Questions?

How does Single Sign-on (SSO) work?
Single Sign-On (SSO) allows a user to access multiple applications with one set of login credentials. When a user logs in to a primary system (Identity Provider or IdP), an authentication token is generated. This token is used to authenticate the user across other connected applications (Service Providers or SPs) without requiring additional logins. SSO improves security and user convenience by centralizing authentication and reducing the number of passwords users need to remember.
What are the benefits of SSO?
  • User Convenience: Fewer passwords to remember and manage.
  • Improved Security: Centralized authentication with strong, complex passwords.
  • Administrative Efficiency: Simplified user management and reduced help desk costs for password resets.
  • Consistent Experience: Seamless access to multiple applications enhances productivity.
What are some of the key components of SSO?
  • Identity Provider (IdP): The centralized system that handles authentication and issues tokens (e.g., Okta, Azure AD, Auth0).
  • Service Providers (SP): The applications or services that rely on the IdP for authentication (e.g., Gmail, Salesforce).
  • Authentication Protocols: Standard protocols such as SAML (Security Assertion Markup Language), OAuth, and OpenID Connect facilitate secure token exchanges between the IdP and SPs.
What is an SSO Authentication Token?
An SSO authentication token is a digital artifact issued by an Identity Provider (IdP) upon successful user authentication. This token serves as proof of the user’s identity and is used to grant access to multiple connected applications (Service Providers or SPs) without requiring the user to log in again. The token typically contains information about the user’s identity and permissions, and it is securely passed between the IdP and SPs to verify the user’s authentication status.
What are the different types of Single Sign-On?
There are several types of Single Sign-On (SSO) solutions, each designed to meet different security and integration requirements. The main types include:
  1. Kerberos-Based SSO
  2. Security Assertion Markup Language (SAML)
  3. OAuth/OpenID Connect
  4. Lightweight Directory Access Protocol (LDAP)
  5. Central Authentication Service (CAS)
What is IDP initiated and SP initiated SSO?
IDP-Initiated SSO starts with the user logging in directly at the Identity Provider (IdP). After authentication, the IdP redirects the user to the Service Provider (SP) with an authentication token, granting access to the application.SP-Initiated SSO starts with the user attempting to access the Service Provider (SP) directly. The SP redirects the user to the Identity Provider (IdP) for authentication. After successful login, the IdP sends an authentication token back to the SP, which then grants access to the user.
How do I start using SSO with Phase Two?
Setting up SSO with Phase Two is simple and easy. Read our SSO article on how to set it up. With Phase Two you can create multiple SSO interactions, including a "landing page" filled with boxes of the various services a user can sign into.
Does Keycloak support Single Logout (SLO)?