SDK Authentication Modes
SIMS ID – two operating modes?
Depending on the context of the user and the available integrated sub-products, SIMS ID operates in one or more modes. At its most lightweight SIMS ID is a Security Token Service (STS) that provides a valid, signed token containing defined scope and claim information following successful user authentication. At the opposite end of the continuum, SIMS ID is a highly featured user provision, management, and authentication platform that unifies a range of ESS and third-party services under a Single Sign-On regime. In this mode, the user provisioning agents can permeate both cloud services, central and local Active Directory (AD) structures.
Figure 2 - Headless (red arrows) and UI (blue arrows) authentication routes.
Headless
In this operating methodology, the end-user goes to an application URL directly and an example of this is Office 365. This application redirects the user to the SIMS ID Sign-in page and upon successful authentication, the user is redirected back to the application.
This method is provided to allow a smooth user experience where the application is launched from embedded links in e-mail or other applications.
UI mode.
In the method, the user goes to https://id.sims.co.uk where they sign in. Upon successful authentication, a browser-dynamic User Interface (UI) is provided that allows the management of the SIMS ID system as well as providing a tile-based launcher for SSO applications.
This is the most appropriate method where users may have more than one application secured by SIMS ID.
Integration information for SIMS ID Single Sign-On and Centralised Data Exchange APIs can be found on the Education Software Solutions Technical Integrator Site