{"id":33084,"date":"2025-08-25T17:41:53","date_gmt":"2025-08-25T15:41:53","guid":{"rendered":"https:\/\/www.azzurrodigitale.com\/one-login-endless-possibilities-the-single-sign-on-revolution\/"},"modified":"2025-08-27T15:57:00","modified_gmt":"2025-08-27T13:57:00","slug":"one-login-endless-possibilities-the-single-sign-on-revolution","status":"publish","type":"post","link":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/","title":{"rendered":"One login, endless possibilities: the single sign-on revolution."},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Indice dei contenuti<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #21bdff;color:#21bdff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #21bdff;color:#21bdff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#Benefits_of_SSO_for_the_end_user\" >Benefits of SSO for the end user<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#Benefits_of_SSO_for_the_company\" >Benefits of SSO for the company<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#How_does_SSO_work\" >How does SSO work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#OpenID_Connect_OIDC_for_short\" >OpenID Connect (OIDC), for short<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#Deep_Tech_for_Insiders\" >Deep Tech for Insiders<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#Inside_the_SSO_Engine_with_OpenID_Connect_%E2%80%93_Wepladoo_for_StaffInternational\" >Inside the SSO Engine (with OpenID Connect) &#8211; Wepladoo for StaffInternational<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#Developer_Glossary\" >Developer Glossary<\/a><\/li><\/ul><\/nav><\/div>\n\n<h4 class=\"wp-block-heading\">Article by Daniel Marella &#8211; Full-stack Developer at AzzurroDigitale<\/h4>\n\n<p>Have you ever had to remember a thousand usernames and passwords to access your work tools?<br\/>With <strong>Single Sign-On (SSO)<\/strong>, this problem disappears: you authenticate just once and automatically access all connected applications and services, without having to enter your credentials every time you change tools.<\/p>\n\n<p>In practice: just one login and off you go, everything else opens automatically.<\/p>\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"512\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1024x512.jpg\" alt=\"\" class=\"wp-image-32905\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1024x512.jpg 1024w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-300x150.jpg 300w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-768x384.jpg 768w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1536x768.jpg 1536w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-2048x1024.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n<p>At AzzurroDigitale, we&#8217;ve implemented single sign-on in several projects, such as the <strong><a href=\"https:\/\/www.azzurrodigitale.com\/en\/technologies\/wepladoo\/\">Wepladoo<\/a><\/strong> integration for <strong>Staff International<\/strong>, using the <strong>OpenID Connect (OIDC<\/strong><sup data-fn=\"41cd1f37-ad3d-4d2a-bb61-de0ddc0418b7\" class=\"fn\"><a id=\"41cd1f37-ad3d-4d2a-bb61-de0ddc0418b7-link\" href=\"#41cd1f37-ad3d-4d2a-bb61-de0ddc0418b7\">1<\/a><\/sup><strong>) <\/strong>standard.<br\/>The results? They fully confirm the concrete benefits of SSO, for both end users and businesses. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Benefits_of_SSO_for_the_end_user\"><\/span><strong>Benefits of SSO for the end user<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p>\u2705 <strong>Simplified Access<\/strong><br\/>A single login to access all authorized systems means <strong>no more remembering multiple credentials<\/strong>.<\/p>\n\n<p>\ud83d\ude80 <strong><strong>Increased productivity<\/strong><\/strong><br\/>Instant access to work tools, even remotely and across devices.<br\/>Flexible switching between apps and fewer distractions: everything contributes to a more efficient workday.<br\/>Switching between apps (CRM, ERP, project management tools, etc.) is instant and eliminates constant log-ins and log-outs, improving daily workflow.<\/p>\n\n<p><strong>\ud83d\udd10 Greater personal security<\/strong><br\/>Fewer passwords = fewer errors and risks. The experience remains seamless without compromising data protection. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\" id=\"&#x1F3E2;-Benefici-per-l&#x2019;Azienda\"><span class=\"ez-toc-section\" id=\"Benefits_of_SSO_for_the_company\"><\/span><strong>Benefits of SSO for the company<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p>\ud83e\uddfe <strong>Simplified Compliance<\/strong><br\/>Centralized, traceable access managed from a single console. SSO simplifies compliance with regulations such as <strong>GDPR<\/strong>, <strong>ISO<\/strong>, and <strong>HIPAA<\/strong><sup data-fn=\"f4bda22d-1635-4fd1-8a34-3dea8b626be5\" class=\"fn\"><a id=\"f4bda22d-1635-4fd1-8a34-3dea8b626be5-link\" href=\"#f4bda22d-1635-4fd1-8a34-3dea8b626be5\">2<\/a><\/sup>, ensuring control and auditability. <\/p>\n\n<p>\ud83d\udd10 <strong>Strengthened security<\/strong><br\/>Fewer credentials to manage = fewer vulnerabilities. SSO reduces the attack surface and integrates easily with <strong>MFA<\/strong><sup data-fn=\"1ddee4c3-ece6-42bc-ae40-6f012d87ea82\" class=\"fn\"><a id=\"1ddee4c3-ece6-42bc-ae40-6f012d87ea82-link\" href=\"#1ddee4c3-ece6-42bc-ae40-6f012d87ea82\">3<\/a><\/sup>, strengthening access protection. <\/p>\n\n<p>\ud83d\udcc9 <strong>Fewer errors and IT tickets<\/strong><br\/>Fewer forgotten passwords, fewer support requests. Users are more autonomous, and IT can focus on strategic projects rather than managing repetitive tickets. <\/p>\n\n<p>\ud83d\udd04 <strong>Faster onboarding and offboarding<\/strong><br\/>With SSO integrated into user management, new employees have immediate access to work tools, and if they leave, their accounts are centrally and securely deactivated.<\/p>\n\n<p>\ud83d\udcca <strong><strong>Better control and governance<\/strong><\/strong><br\/>Continuous monitoring and complete visibility into who is accessing what, when, and from where. Ideal for strengthening security and preventing anomalous behavior. <\/p>\n\n<p>\u2699\ufe0f <strong>Easy integration and scalability<\/strong><br\/>Based on open standards such as <strong>OpenID Connect<\/strong> (OIDC), SSO integrates with any IT ecosystem, facilitating growth and the adoption of new digital solutions.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_does_SSO_work\"><\/span>How does SSO work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p>With single sign-on, once you&#8217;ve logged in for the first time, you&#8217;ll no longer have to enter your username and password for each application. More specifically: <\/p>\n\n<ul class=\"wp-block-list\">\n<li>The company uses an <strong>Identity Provider (IdP<\/strong><sup data-fn=\"93a80448-c7ab-47fe-9125-d61ab5827b69\" class=\"fn\"><a id=\"93a80448-c7ab-47fe-9125-d61ab5827b69-link\" href=\"#93a80448-c7ab-47fe-9125-d61ab5827b69\">4<\/a><\/sup><strong>)<\/strong>, the system that manages and verifies user access.<br\/>The IdP is the central &#8220;gatekeeper&#8221; of corporate access security: it authenticates users when they attempt to log in, securely manages credentials (often with support for multi-factor authentication, MFA), and issues the digital tokens needed to access applications without having to enter a username and password each time.<\/li>\n\n\n\n<li>Enterprise applications \u201ctrust\u201d the token issued by the IdP<\/li>\n\n\n\n<li>Everything happens via standard protocols (e.g. SAML<sup data-fn=\"3af435a4-9919-4037-9f60-e97bc1edcaee\" class=\"fn\"><a id=\"3af435a4-9919-4037-9f60-e97bc1edcaee-link\" href=\"#3af435a4-9919-4037-9f60-e97bc1edcaee\">5<\/a><\/sup>, OAuth2, OpenID Connect) <\/li>\n<\/ul>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p>In our case, the SSO implementation is based on <strong>OpenID Connect (OIDC)<\/strong>, a modern standard designed to manage authentication securely, flexibly, and suitable for cloud and API-driven systems. It&#8217;s an authentication protocol designed to <strong>securely identify users<\/strong> and allow applications to trust this identity, without having to directly manage passwords. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"OpenID_Connect_OIDC_for_short\"><\/span>OpenID Connect (OIDC), for short<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p>The standard we&#8217;ve adopted is <strong>OpenID Connect<\/strong>, perfect for cloud and API-driven environments.<br\/>How it works:<\/p>\n\n<ol class=\"wp-block-list\">\n<li>The user tries to log in to a company app.<\/li>\n\n\n\n<li>The app redirects it to the IdP (Google, Azure AD, Okta\u2026).<\/li>\n\n\n\n<li>The user enters the credentials and, if required, completes the MFA.<\/li>\n\n\n\n<li>The IdP generates:\n<ul class=\"wp-block-list\">\n<li><strong>ID Token<\/strong> \u2192 contains the user&#8217;s identity.<\/li>\n\n\n\n<li><strong>Access Token<\/strong> (optional) \u2192 to access protected resources.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The app validates the token and grants access.<\/li>\n<\/ol>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p>An <strong>ID Token<\/strong> contains a set of key user information, such as email address, name, a unique identifier, any assigned roles or permissions, and the token&#8217;s expiration date. All this data is digitally signed, so applications can verify its authenticity and trust its content without having to contact the Identity Provider again. <\/p>\n\n<p>Choosing <strong>OpenID Connect<\/strong> means opting for a solution designed for modern environments: it is perfect for web apps, mobile applications, and APIs, it integrates easily into distributed and cloud-native architectures, it guarantees security thanks to signed, temporary tokens compatible with multi-factor authentication, and it is simple to implement even with existing frameworks and providers.<\/p>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p>\ud83d\udc49 <strong>Don&#8217;t have an Identity Provider (IDP) yet?<\/strong><br\/>No problem: <strong>AzzurroDigitale<\/strong> can support you throughout the entire integration process, guiding you step by step towards a complete, secure, and customized SSO solution for your business.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<hr class=\"wp-block-separator has-text-color has-alpha-channel-opacity has-background is-style-dots\" style=\"margin-top:300;margin-bottom:300;background-color:#01bdff;color:#01bdff\"\/>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-fc012bf475b11b6cf9396693e942f31d\" style=\"color:#01bdff\"><span class=\"ez-toc-section\" id=\"Deep_Tech_for_Insiders\"><\/span>Deep Tech for Insiders <span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Inside_the_SSO_Engine_with_OpenID_Connect_%E2%80%93_Wepladoo_for_StaffInternational\"><\/span>Inside the SSO Engine (with OpenID Connect) &#8211; Wepladoo for StaffInternational<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p>SSO is much more than a simple user experience: it is a complex identity orchestration architecture that relies on standardized protocols, secure exchange of digitally signed tokens, and reliable communications between distributed systems.<\/p>\n\n<p>The key technology in StaffInternational\u2019s SSO integration with Wepladoo is OpenID Connect (OIDC), an identity protocol that enables secure and standardized authentication flows for user management.<\/p>\n\n<p>\ud83d\udcda<strong> The fundamental components of the system<\/strong><\/p>\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><th>Component<\/th><th>Role<\/th><\/tr><tr><td><strong>User Agent<\/strong><\/td><td>Browser or mobile app used by the user to interact with applications<\/td><\/tr><tr><td><strong>Client<\/strong><\/td><td>Application that requests access to protected resources<\/td><\/tr><tr><td><strong>Authorization Server \/ Identity Provider (IdP)<\/strong><\/td><td>Responsible for authenticating the user and issuing security tokens<\/td><\/tr><tr><td><strong>Resource Server<\/strong><\/td><td>Server that hosts protected resources or APIs, accessible only with valid tokens<\/td><\/tr><tr><td><strong>OpenID Provider (OP)<\/strong><\/td><td>Authorization Server che implementa lo standard OpenID Connect<\/td><\/tr><\/tbody><\/table><\/figure>\n\n<p>In our setup, we use the <strong>Authorization Code<\/strong> flow to ensure robust and secure authentication in web and mobile environments.<br\/>Here&#8217;s how it works, step by step:<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\" id=\"Passo-1-&#x2013;-Redirect-iniziale\">Step 1 \u2013 Initial Redirect<\/h3>\n\n<p>The client redirects the user to the IdP&#8217;s <code>\/authorize<\/code> endpoint, passing:<\/p>\n\n<ul class=\"wp-block-list\">\n<li><code>client_id<\/code><\/li>\n\n\n\n<li><code>redirect_uri<\/code><\/li>\n\n\n\n<li><code>scope=openid<\/code><\/li>\n\n\n\n<li>other configuration parameters (es. <code>response_type=code<\/code>)<\/li>\n<\/ul>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"185\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/65935bc3-7744-473b-bf85-594e4d74ca5e.png\" alt=\"\" class=\"wp-image-32907\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/65935bc3-7744-473b-bf85-594e4d74ca5e.png 600w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/65935bc3-7744-473b-bf85-594e4d74ca5e-300x93.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\" id=\"Passo-2-&#x2013;-Autenticazione-e-verifica-MFA\">Step 2 \u2013 Authentication and MFA Verification<\/h3>\n\n<p>The user enters their credentials. If applicable, the IdP also requires multi-factor verification (MFA), increasing security. <\/p>\n\n<p>After the user authenticates and consents, the IDP returns a response to the app at the given redirect URI using the method specified in the parameter <code>response_mode<\/code>.<\/p>\n\n<p>The successful response when using <code>response_mode=form_post<\/code> looks like this:<\/p>\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"865\" height=\"166\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/a9ffcfb2-2182-43f8-921a-46c2c7b0c7a7.png\" alt=\"\" class=\"wp-image-32909\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/a9ffcfb2-2182-43f8-921a-46c2c7b0c7a7.png 865w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/a9ffcfb2-2182-43f8-921a-46c2c7b0c7a7-300x58.png 300w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/a9ffcfb2-2182-43f8-921a-46c2c7b0c7a7-768x147.png 768w\" sizes=\"(max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><th>Parameter<\/th><th>Description<\/th><\/tr><tr><td><code>id_token<\/code><\/td><td>ID token requested by the app. You can use the <code>id_token<\/code> parameter to verify the user&#8217;s identity and initiate a session with them. <\/td><\/tr><tr><td><code>state<\/code><\/td><td>If a <code>state<\/code> parameter is included in the request (not required), the same value must appear in the response. The app must verify that the state values \u200b\u200bin the request and response are identical. <\/td><\/tr><\/tbody><\/table><\/figure>\n\n<p>Error responses can also be sent to the redirect URI so that the app can handle them, for example:<\/p>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"876\" height=\"214\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/f123d86a-0c2b-4d75-9062-4864883183df.png\" alt=\"\" class=\"wp-image-32911\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/f123d86a-0c2b-4d75-9062-4864883183df.png 876w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/f123d86a-0c2b-4d75-9062-4864883183df-300x73.png 300w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/f123d86a-0c2b-4d75-9062-4864883183df-768x188.png 768w\" sizes=\"(max-width: 876px) 100vw, 876px\" \/><\/figure>\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><th>Parameter<\/th><th>Description<\/th><\/tr><tr><td><code>error<\/code><\/td><td>An error code string that can be used to classify the types of errors that occur and fix them.<\/td><\/tr><tr><td><code>error_description<\/code><\/td><td>A specific error message that helps you identify the root cause of an authentication failure.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\" id=\"Passo-3-&#x2013;-Rilascio-dell&#x2019;Authorization-Code\">Step 3 \u2013 Release the Authorization Code<\/h3>\n\n<p>After authentication, the IdP redirects the client&#8217;s browser to the <code>redirect_uri<\/code>, attaching a temporary <strong>authorization code<\/strong>, which represents permission to exchange the authenticated identity.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\" id=\"Passo-4-&#x2013;-Scambio-del-codice-per-token\">Step 4 \u2013 Exchange code for token<\/h3>\n\n<p>The client sends a POST request to the IdP&#8217;s <code>\/token<\/code> endpoint, including:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>The authorization code received<\/li>\n\n\n\n<li><code>client_id<\/code> and, if applicable, <code>client_secret<\/code><\/li>\n<\/ul>\n\n<p>If the request is valid, the IdP returns:<\/p>\n\n<ul class=\"wp-block-list\">\n<li><strong>ID Token<\/strong> (signed JWT), which contains the user&#8217;s identity data<\/li>\n\n\n\n<li><strong>Access Token<\/strong>\n<ul class=\"wp-block-list\">\n<li>It&#8217;s a JWT intended to be read by the OAuth client, which is the recipient of the token.<br\/>It can also contain user information, such as their name or email address.<br\/>Client applications can use it to build a user profile and personalize the user experience.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"464\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/4fd3e5f1-5bf2-48fd-9a2f-32585ccf1e08.png\" alt=\"\" class=\"wp-image-32913\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/4fd3e5f1-5bf2-48fd-9a2f-32585ccf1e08.png 800w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/4fd3e5f1-5bf2-48fd-9a2f-32585ccf1e08-300x174.png 300w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/4fd3e5f1-5bf2-48fd-9a2f-32585ccf1e08-768x445.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<ul class=\"wp-block-list\">\n<li><strong>Refresh Token<\/strong> (optional), to renew tokens without re-login<\/li>\n<\/ul>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"646\" height=\"101\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/3c9969ee-40a5-45e5-a39c-7b23c7ad0eca.png\" alt=\"\" class=\"wp-image-32915\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/3c9969ee-40a5-45e5-a39c-7b23c7ad0eca.png 646w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/3c9969ee-40a5-45e5-a39c-7b23c7ad0eca-300x47.png 300w\" sizes=\"(max-width: 646px) 100vw, 646px\" \/><\/figure>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\" id=\"Passo-5-&#x2013;-Accesso-e-verifica-token\">Step 5 \u2013 Login and Token Verification<\/h3>\n\n<p>The client:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Decrypt and verify the ID Token signature using the IdP&#8217;s public key<\/li>\n\n\n\n<li>Use the Access Token to authorize requests to protected resources<\/li>\n\n\n\n<li>Manages the user session without the need for further logins as long as the tokens are valid<\/li>\n<\/ul>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\" id=\"Passo-6-&#x2013;-Recupero-delle-informazioni-utente-tramite-Access-Token\">Step 6 \u2013 Retrieving User Information Using Access Token<\/h3>\n\n<p>After receiving the tokens from the Authorization Server, the client uses the <strong>Access Token<\/strong> to request additional information about the user directly from the OpenID Provider&#8217;s endpoint <code>\/userinfo<\/code>.<\/p>\n\n<ul class=\"wp-block-list\">\n<li>The client sends an API call to the <code>\/userinfo<\/code>, including the Access Token in the <code>Authorization: Bearer &lt;access_token&gt;<\/code> header.<\/li>\n<\/ul>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"360\" height=\"65\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/18eb2f30-f5bf-444d-b91f-de03ff06b3ea.png\" alt=\"\" class=\"wp-image-32917\" style=\"width:577px;height:auto\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/18eb2f30-f5bf-444d-b91f-de03ff06b3ea.png 360w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/18eb2f30-f5bf-444d-b91f-de03ff06b3ea-300x54.png 300w\" sizes=\"(max-width: 360px) 100vw, 360px\" \/><\/figure>\n\n<ul class=\"wp-block-list\">\n<li>The server responds with a JSON payload containing additional claims about the user, such as name, email, role, etc.<\/li>\n\n\n\n<li>This allows the client to get dynamic, up-to-date data without having to include all of it in the Token ID, thus keeping the tokens lighter and more secure.<\/li>\n<\/ul>\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"748\" height=\"211\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/ebafcb17-e791-425c-b431-b46a96ed641a.png\" alt=\"\" class=\"wp-image-32919\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/ebafcb17-e791-425c-b431-b46a96ed641a.png 748w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/ebafcb17-e791-425c-b431-b46a96ed641a-300x85.png 300w\" sizes=\"(max-width: 748px) 100vw, 748px\" \/><\/figure>\n\n<p>Below is an explanatory chart from <a href=\"https:\/\/auth0.com\/docs\/get-started\/authentication-and-authorization-flow\/authorization-code-flow\">Authorization Code Flow<\/a> that illustrates the Authorization Code Flow with OpenID Connect step-by-step, showing how the user, client, and Identity Provider interact for a secure and seamless login.<\/p>\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"641\" src=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/8878106b-3ec1-4c0f-95df-8d57cb0cb9c6-1024x641.png\" alt=\"\" class=\"wp-image-32921\" srcset=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/8878106b-3ec1-4c0f-95df-8d57cb0cb9c6-1024x641.png 1024w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/8878106b-3ec1-4c0f-95df-8d57cb0cb9c6-300x188.png 300w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/8878106b-3ec1-4c0f-95df-8d57cb0cb9c6-768x481.png 768w, https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/8878106b-3ec1-4c0f-95df-8d57cb0cb9c6.png 1400w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p>If you want to learn more or implement the solution, here are some additional resources:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>\ud83d\udd17 <a href=\"https:\/\/developer.okta.com\/blog\/2019\/10\/21\/illustrated-guide-to-oauth-and-oidc\">An Illustrated Guide to OAuth and OpenID Connect<\/a><\/li>\n\n\n\n<li>\ud83d\udd17 <a href=\"https:\/\/christianlydemann.com\/creating-an-openid-connect-system-with-angular-8-and-identityserver4-oidc-part-1\/\">Creating an OpenID connect system<\/a><\/li>\n\n\n\n<li>\ud83d\udd17 <a href=\"https:\/\/openid.net\/developers\/how-connect-works\/\">OpenID Connect Official Site<\/a><\/li>\n\n\n\n<li>\ud83d\udd17 <a href=\"https:\/\/auth0.com\/docs\/get-started\/authentication-and-authorization-flow\/authorization-code-flow\">Auth0: Authorization Code Flow Explained<\/a><\/li>\n\n\n\n<li>\ud83d\udd17 <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/develop\/\">Microsoft Identity Platform Documentation<\/a><\/li>\n\n\n\n<li>\ud83d\udd17<a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc6749\">RFC 6749: The OAuth 2.0 Authorization Framework<\/a><\/li>\n<\/ul>\n\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-b0f9f62f548cd391d9c3c562ade396af\" style=\"color:#01bdff\"><span class=\"ez-toc-section\" id=\"Developer_Glossary\"><\/span>Developer Glossary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\"><ol class=\"wp-block-footnotes\"><li id=\"41cd1f37-ad3d-4d2a-bb61-de0ddc0418b7\"><strong>OpenID Connect (OIDC)<\/strong> is a modern authentication protocol designed to securely identify users and allow applications to trust that identity without having to directly manage passwords. It is based on standard protocols, facilitating secure and flexible authentication flows, particularly suited to cloud and API-oriented environments. OIDC issues tokens, such as <strong>ID Tokens<\/strong>, that contain information about the user&#8217;s identity, improving security and the user experience within integrated applications.  <br> <a href=\"#41cd1f37-ad3d-4d2a-bb61-de0ddc0418b7-link\" aria-label=\"Jump to footnote reference 1\">\u21a9\ufe0e<\/a><\/li><li id=\"f4bda22d-1635-4fd1-8a34-3dea8b626be5\"><strong>HIPAA<\/strong>, an acronym for <strong>Health Insurance Portability and Accountability Act<\/strong>, is a U.S. law created to protect patients&#8217; sensitive health information by preventing its disclosure without the individual&#8217;s consent or knowledge. It establishes standards for the privacy and security of health data, ensuring that healthcare providers, insurers, and their business partners maintain the confidentiality and integrity of patient information. HIPAA compliance is critical for organizations handling health data to avoid legal penalties and maintain patient trust.  <br> <a href=\"#f4bda22d-1635-4fd1-8a34-3dea8b626be5-link\" aria-label=\"Jump to footnote reference 2\">\u21a9\ufe0e<\/a><\/li><li id=\"1ddee4c3-ece6-42bc-ae40-6f012d87ea82\"><strong>MFA<\/strong>, or <strong>multi-factor authentication<\/strong>, is a security mechanism that requires users to provide <em>two or more verification factors <\/em>to access an application or system. This process increases protection by combining something the user knows (such as a password) with something the user has (such as a smartphone app to generate codes) or something the user is (biometric verification). MFA significantly reduces the risk of unauthorized access, making it a fundamental element of modern security protocols.  <br> <a href=\"#1ddee4c3-ece6-42bc-ae40-6f012d87ea82-link\" aria-label=\"Jump to footnote reference 3\">\u21a9\ufe0e<\/a><\/li><li id=\"93a80448-c7ab-47fe-9125-d61ab5827b69\">An <strong>Identity Provider<\/strong> (IdP) is a central system responsible for managing and verifying user access. It authenticates users during login attempts, securely manages credentials (often with multi-factor authentication support), and issues digital tokens that allow access to applications without having to repeatedly enter usernames and passwords. Applications trust the tokens issued by the IdP, ensuring a seamless and secure user experience across various services.  <br> <a href=\"#93a80448-c7ab-47fe-9125-d61ab5827b69-link\" aria-label=\"Jump to footnote reference 4\">\u21a9\ufe0e<\/a><\/li><li id=\"3af435a4-9919-4037-9f60-e97bc1edcaee\"><strong>SAML<\/strong> (<em>Security Assertion Markup Language<\/em>) is an open standard for exchanging authentication and authorization data between different parties, particularly between an identity provider and a service provider. It enables <strong>single sign-on (SSO)<\/strong>, allowing users to authenticate once and access multiple applications without having to log in again for each one. SAML uses XML-based assertions to securely convey user identity and attributes.  <br> <a href=\"#3af435a4-9919-4037-9f60-e97bc1edcaee-link\" aria-label=\"Jump to footnote reference 5\">\u21a9\ufe0e<\/a><\/li><\/ol><\/div>\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Article by Daniel Marella &#8211; Full-stack Developer at AzzurroDigitale Have you ever had to remember a thousand usernames and passwords to access your work tools?With Single Sign-On (SSO), this problem disappears: you authenticate just once and automatically access all connected applications and services, without having to enter your credentials every time you change tools. In [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"[{\"id\":\"41cd1f37-ad3d-4d2a-bb61-de0ddc0418b7\",\"content\":\"<strong>OpenID Connect (OIDC)<\\\/strong> is a modern authentication protocol designed to securely identify users and allow applications to trust that identity without having to directly manage passwords. It is based on standard protocols, facilitating secure and flexible authentication flows, particularly suited to cloud and API-oriented environments. OIDC issues tokens, such as <strong>ID Tokens<\\\/strong>, that contain information about the user's identity, improving security and the user experience within integrated applications.  <br>\"},{\"id\":\"f4bda22d-1635-4fd1-8a34-3dea8b626be5\",\"content\":\"<strong>HIPAA<\\\/strong>, an acronym for <strong>Health Insurance Portability and Accountability Act<\\\/strong>, is a U.S. law created to protect patients' sensitive health information by preventing its disclosure without the individual's consent or knowledge. It establishes standards for the privacy and security of health data, ensuring that healthcare providers, insurers, and their business partners maintain the confidentiality and integrity of patient information. HIPAA compliance is critical for organizations handling health data to avoid legal penalties and maintain patient trust.  <br>\"},{\"id\":\"1ddee4c3-ece6-42bc-ae40-6f012d87ea82\",\"content\":\"<strong>MFA<\\\/strong>, or <strong>multi-factor authentication<\\\/strong>, is a security mechanism that requires users to provide <em>two or more verification factors <\\\/em>to access an application or system. This process increases protection by combining something the user knows (such as a password) with something the user has (such as a smartphone app to generate codes) or something the user is (biometric verification). MFA significantly reduces the risk of unauthorized access, making it a fundamental element of modern security protocols.  <br>\"},{\"id\":\"93a80448-c7ab-47fe-9125-d61ab5827b69\",\"content\":\"An <strong>Identity Provider<\\\/strong> (IdP) is a central system responsible for managing and verifying user access. It authenticates users during login attempts, securely manages credentials (often with multi-factor authentication support), and issues digital tokens that allow access to applications without having to repeatedly enter usernames and passwords. Applications trust the tokens issued by the IdP, ensuring a seamless and secure user experience across various services.  <br>\"},{\"id\":\"3af435a4-9919-4037-9f60-e97bc1edcaee\",\"content\":\"<strong>SAML<\\\/strong> (<em>Security Assertion Markup Language<\\\/em>) is an open standard for exchanging authentication and authorization data between different parties, particularly between an identity provider and a service provider. It enables <strong>single sign-on (SSO)<\\\/strong>, allowing users to authenticate once and access multiple applications without having to log in again for each one. SAML uses XML-based assertions to securely convey user identity and attributes.  <br>\"}]"},"categories":[160],"tags":[],"class_list":["post-33084","post","type-post","status-publish","format-standard","hentry","category-digital-transformation-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>One login, endless possibilities: the single sign-on revolution. - AzzurroDigitale<\/title>\n<meta name=\"description\" content=\"Access all your apps with a single login thanks to SSO and OpenID Connect: more security, speed, and simplicity. Ask ChatGPT\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"One login, endless possibilities: the single sign-on revolution. - AzzurroDigitale\" \/>\n<meta property=\"og:description\" content=\"Access all your apps with a single login thanks to SSO and OpenID Connect: more security, speed, and simplicity. Ask ChatGPT\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/\" \/>\n<meta property=\"og:site_name\" content=\"AzzurroDigitale\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/azzurrodigitale\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-25T15:41:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-27T13:57:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/Single-Sign-On-1024x682.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"682\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sofia Cominato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sofia Cominato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"One login, endless possibilities: the single sign-on revolution. - AzzurroDigitale","description":"Access all your apps with a single login thanks to SSO and OpenID Connect: more security, speed, and simplicity. Ask ChatGPT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/","og_locale":"en_US","og_type":"article","og_title":"One login, endless possibilities: the single sign-on revolution. - AzzurroDigitale","og_description":"Access all your apps with a single login thanks to SSO and OpenID Connect: more security, speed, and simplicity. Ask ChatGPT","og_url":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/","og_site_name":"AzzurroDigitale","article_publisher":"https:\/\/www.facebook.com\/azzurrodigitale","article_published_time":"2025-08-25T15:41:53+00:00","article_modified_time":"2025-08-27T13:57:00+00:00","og_image":[{"width":1024,"height":682,"url":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/Single-Sign-On-1024x682.png","type":"image\/png"}],"author":"Sofia Cominato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sofia Cominato","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#article","isPartOf":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/"},"author":{"name":"Sofia Cominato","@id":"https:\/\/www.azzurrodigitale.com\/en\/#\/schema\/person\/4d2d52ca7760d6f0ae9fe66dfc94a78c"},"headline":"One login, endless possibilities: the single sign-on revolution.","datePublished":"2025-08-25T15:41:53+00:00","dateModified":"2025-08-27T13:57:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/"},"wordCount":1464,"publisher":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/#organization"},"image":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#primaryimage"},"thumbnailUrl":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1024x512.jpg","articleSection":["Digital Transformation"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/","url":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/","name":"One login, endless possibilities: the single sign-on revolution. - AzzurroDigitale","isPartOf":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#primaryimage"},"image":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#primaryimage"},"thumbnailUrl":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1024x512.jpg","datePublished":"2025-08-25T15:41:53+00:00","dateModified":"2025-08-27T13:57:00+00:00","description":"Access all your apps with a single login thanks to SSO and OpenID Connect: more security, speed, and simplicity. Ask ChatGPT","breadcrumb":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#primaryimage","url":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1024x512.jpg","contentUrl":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2025\/08\/IDP-1024x512.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.azzurrodigitale.com\/en\/one-login-endless-possibilities-the-single-sign-on-revolution\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.azzurrodigitale.com\/en\/"},{"@type":"ListItem","position":2,"name":"One login, endless possibilities: the single sign-on revolution."}]},{"@type":"WebSite","@id":"https:\/\/www.azzurrodigitale.com\/en\/#website","url":"https:\/\/www.azzurrodigitale.com\/en\/","name":"AzzurroDigitale","description":"","publisher":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.azzurrodigitale.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.azzurrodigitale.com\/en\/#organization","name":"AzzurroDigitale","url":"https:\/\/www.azzurrodigitale.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.azzurrodigitale.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2024\/10\/logo-azzurro-digitale.svg","contentUrl":"https:\/\/www.azzurrodigitale.com\/wp-content\/uploads\/2024\/10\/logo-azzurro-digitale.svg","width":503,"height":64,"caption":"AzzurroDigitale"},"image":{"@id":"https:\/\/www.azzurrodigitale.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/azzurrodigitale","https:\/\/www.youtube.com\/channel\/UC1NqEqHgcztU_2GIVr9Turg","https:\/\/www.linkedin.com\/company\/azzurrodigitale"]},{"@type":"Person","@id":"https:\/\/www.azzurrodigitale.com\/en\/#\/schema\/person\/4d2d52ca7760d6f0ae9fe66dfc94a78c","name":"Sofia Cominato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c7fbc3aefcb486c357c3137f8cf8d65d3676df01ab2b649830cdf7e2456f04e8?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c7fbc3aefcb486c357c3137f8cf8d65d3676df01ab2b649830cdf7e2456f04e8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c7fbc3aefcb486c357c3137f8cf8d65d3676df01ab2b649830cdf7e2456f04e8?s=96&d=mm&r=g","caption":"Sofia Cominato"}}]}},"_links":{"self":[{"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/posts\/33084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/comments?post=33084"}],"version-history":[{"count":0,"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/posts\/33084\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/media?parent=33084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/categories?post=33084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.azzurrodigitale.com\/en\/wp-json\/wp\/v2\/tags?post=33084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}