SDK Authentication Modes
SIMS ID – two operating modes?
Depending on the context of the user and the available integrated sub-products, SIMS ID operates in one or more modes. At its most lightweight SIMS ID is a Security Token Service (STS) that provides a valid, signed token containing defined scope and claim information following a successful user authentication. At the opposite end of the continuum, SIMS ID is a highly featured user provision, management and authentication platform that unifies a range of Capita and third-party services under a Single Sign On regime. In this mode, the user provisioning agents can permeate both cloud services, central and local Active Directory (AD) structures.
Figure 2 - Headless (red arrows) and UI (blue arrows) authentication routes.
Headless
In this operating methodology, the end user goes to an application URL directly and an example of this is Office 365. This application redirects the user to the SIMS ID Sign-in page and upon successful authentication, the user is redirected back the application.
This method is provided to allow a smooth user experience where the application is launched from embedded links in e-mail or other applications.
UI mode.
In the method, the user goes to https://id.sims.co.uk where they sign in. Upon successful authentication, a browser-dynamic User Interface (UI) is provided that allows the management of the SIMS ID system as well as providing a tile based launcher for SSO applications.
This is the most appropriate method where users may have more than one application secured by SIMS ID.