"use strict"; const {Fragment: _Fragment, jsx: _jsx, jsxs: _jsxs} = arguments[0]; const {useMDXComponents: _provideComponents} = arguments[0]; const headings = [{ "data": { "id": "what-is-iam", "hProperties": { "id": "what-is-iam" } }, "depth": 2, "value": "What is IAM?" }, { "data": { "id": "authentication-vs-authorization", "hProperties": { "id": "authentication-vs-authorization" } }, "depth": 3, "value": "Authentication vs. authorization" }, { "data": { "id": "oauth", "hProperties": { "id": "oauth" } }, "depth": 2, "value": "OAuth" }, { "data": { "id": "openid-connect-oidc", "hProperties": { "id": "openid-connect-oidc" } }, "depth": 2, "value": "OpenID Connect (OIDC)" }, { "data": { "id": "example-scenario-sign-in-with-google", "hProperties": { "id": "example-scenario-sign-in-with-google" } }, "depth": 3, "value": "Example scenario: \"Sign in with Google\"" }, { "data": { "id": "saml", "hProperties": { "id": "saml" } }, "depth": 2, "value": "SAML" }, { "data": { "id": "how-does-saml-compare-to-oidc", "hProperties": { "id": "how-does-saml-compare-to-oidc" } }, "depth": 3, "value": "How does SAML compare to OIDC?" }, { "data": { "id": "single-sign-on-sso", "hProperties": { "id": "single-sign-on-sso" } }, "depth": 2, "value": "Single sign-on (SSO)" }, { "data": { "id": "how-does-sso-work", "hProperties": { "id": "how-does-sso-work" } }, "depth": 3, "value": "How does SSO work?" }, { "data": { "id": "example-of-oidc-based-sso", "hProperties": { "id": "example-of-oidc-based-sso" } }, "depth": 4, "value": "Example of OIDC-Based SSO" }, { "data": { "id": "enterprise-sso", "hProperties": { "id": "enterprise-sso" } }, "depth": 3, "value": "Enterprise SSO" }, { "data": { "id": "example-adding-an-enterprise-sso-provider", "hProperties": { "id": "example-adding-an-enterprise-sso-provider" } }, "depth": 4, "value": "Example: Adding an Enterprise SSO provider" }, { "data": { "id": "jwt", "hProperties": { "id": "jwt" } }, "depth": 2, "value": "JWT" }, { "data": { "id": "recap", "hProperties": { "id": "recap" } }, "depth": 2, "value": "Recap" }]; const readingTime = { "minutes": 6, "words": 1763, "text": "6 min read" }; const frontmatter = undefined; function _createMdxContent(props) { const _components = { a: "a", code: "code", em: "em", h2: "h2", h3: "h3", h4: "h4", hr: "hr", li: "li", p: "p", pre: "pre", span: "span", strong: "strong", ul: "ul", ..._provideComponents(), ...props.components }, {LogtoCloudButton, Note} = _components; if (!LogtoCloudButton) _missingMdxReference("LogtoCloudButton", true); if (!Note) _missingMdxReference("Note", true); return _jsxs(_Fragment, { children: [_jsxs(_components.p, { children: ["The domain of ", _jsx(_components.a, { href: "https://auth.wiki/iam", children: "identity and access management (IAM)" }), " has grown more intricate over recent years. The fancy terms like ", _jsx(_components.a, { href: "https://auth.wiki/oauth", children: "OAuth" }), ", ", _jsx(_components.a, { href: "https://auth.wiki/openid-connect", children: "OpenID Connect (OIDC)" }), ", ", _jsx(_components.a, { href: "https://auth.wiki/saml", children: "SAML" }), ", ", _jsx(_components.a, { href: "https://auth.wiki/single-sign-on", children: "SSO" }), ", and ", _jsx(_components.a, { href: "https://auth.wiki/jwt", children: "JWT" }), " are frequently used, but what do they mean? How do they work together? Let’s explore these concepts and frameworks to make them more understandable and practical."] }), "\n", _jsx(Note, { children: _jsxs(_components.p, { children: ["Each of these protocols and frameworks can be explored in greater depth. This article aims to provide a foundational understanding. For detailed insights on each topic, visit ", _jsx(_components.a, { href: "https://auth.wiki", children: "Auth Wiki" }), "."] }) }), "\n", _jsxs(_components.h2, { id: "what-is-iam", children: ["What is IAM?", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#what-is-iam", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: ["Identity and access management (IAM) is a broad concept that involves managing digital ", _jsx(_components.strong, { children: "identities" }), " and implementing ", _jsx(_components.strong, { children: "access control" }), ". The frameworks and protocols mentioned earlier fall under IAM, each addressing specific challenges in this space."] }), "\n", _jsx(_components.p, { children: "In essence, IAM is about:" }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Identity" }), ": A digital representation of a user, service, or device. An identity typically includes attributes such as name, email, roles, etc., to describe the entity."] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Access" }), ": The ability to interact with resources, perform actions, or use services. Access defines what actions can be performed on which resources."] }), "\n"] }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-mermaid", children: "graph LR\n subgraph User\n Name\n Email\n Role\n end\n\n API\n\n User -->|GET| API\n" }) }), "\n", _jsxs(_components.p, { children: ["In the diagram above, a user (identity) wants to perform a ", _jsx(_components.code, { children: "GET" }), " request on an API (resource). The user's attributes - name, email, and role - describe the identity."] }), "\n", _jsxs(_components.h3, { id: "authentication-vs-authorization", children: ["Authentication vs. authorization", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#authentication-vs-authorization", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsx(_components.p, { children: "Authentication and authorization often appear together in IAM discussions. Let’s clarify their definitions:" }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Authentication" }), ": The process of verifying the ownership of an identity. It answers the question, \"Which identity do you own?\""] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Authorization" }), ": The process of determining what actions an authenticated identity can perform on a resource. It answers the question, “What can you do?”"] }), "\n"] }), "\n", _jsx(Note, { title: "What's the difference between authorization and access control?", children: _jsxs(_components.p, { children: ["Authorization is a subset of access control. Access control is a broader concept that includes authorization and other restrictions. For more details, see ", _jsx(_components.a, { href: "https://auth.wiki/access-control", children: "access control" }), "."] }) }), "\n", _jsx(_components.p, { children: "In the earlier example:" }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: ["Before the user (identity) can perform any actions, they must complete the ", _jsx(_components.strong, { children: "authentication" }), " process."] }), "\n", _jsxs(_components.li, { children: ["After authentication, the system needs to determine if the user can perform a ", _jsx(_components.code, { children: "GET" }), " request (action) on the API (resource), i.e., complete the ", _jsx(_components.strong, { children: "authorization" }), " process."] }), "\n"] }), "\n", _jsx(_components.hr, {}), "\n", _jsx(_components.p, { children: "Armed with this foundational knowledge, let’s demystify the other acronyms and protocols." }), "\n", _jsxs(_components.h2, { id: "oauth", children: ["OAuth", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#oauth", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: [_jsx(_components.a, { href: "https://auth.wiki/oauth-2.0", children: "OAuth 2.0" }), ", commonly referred to as OAuth, is an ", _jsx(_components.strong, { children: "authorization" }), " framework that enables an application to access protected resources on another application (typically on behalf of a user)."] }), "\n", _jsxs(_components.p, { children: ["For example, imagine you have a web application called ", _jsx(_components.em, { children: "MyApp" }), " that wants to access a user's Google Drive. Instead of asking the user to share their Google Drive credentials, ", _jsx(_components.em, { children: "MyApp" }), " can use OAuth 2.0 to request permission (", _jsx(_components.strong, { children: "authorization" }), ") from Google to access the user's Drive."] }), "\n", _jsx(_components.p, { children: "Here’s a simplified diagram illustrating the OAuth flow:" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-mermaid", children: "sequenceDiagram\n autonumber\n actor User\n participant MyApp\n participant Google\n\n User->>MyApp: Open MyApp and
click \"Connect Google Drive\"\n MyApp->>Google: Redirect to Google
with authorization request\n Google->>User: Prompt for Google login\n User->>Google: Log in\n Google->>User: Ask for permission to
access Google Drive\n User->>Google: Grant access to MyApp\n Google->>MyApp: Redirect to MyApp
with an access token\n MyApp->>Google: Use access token to
access Google Drive\n" }) }), "\n", _jsx(_components.p, { children: "In this flow:" }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: [_jsx(_components.em, { children: "MyApp" }), " is the client (identity) requesting access to Google Drive (resource)."] }), "\n", _jsxs(_components.li, { children: ["The user (resource owner) grants ", _jsx(_components.em, { children: "MyApp" }), " permission in step 6, completing the ", _jsx(_components.strong, { children: "authorization" }), " process."] }), "\n"] }), "\n", _jsx(Note, { children: _jsx(_components.p, { children: "OAuth 2.0 does not define how users authenticate themselves to Google (steps 3 and 4). This aspect is left to the implementation by Google." }) }), "\n", _jsxs(_components.p, { children: ["A key element in OAuth 2.0 is the ", _jsx(_components.strong, { children: "access token" }), ", which the client uses to demonstrate the user’s authorization to access resources. To dive deeper, see ", _jsx(_components.a, { href: "https://auth.wiki/access-token", children: "Access token" }), "."] }), "\n", _jsxs(_components.h2, { id: "openid-connect-oidc", children: ["OpenID Connect (OIDC)", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#openid-connect-oidc", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: [_jsx(_components.a, { href: "https://auth.wiki/openid-connect", children: "OpenID Connect (OIDC)" }), " is an ", _jsx(_components.strong, { children: "authentication" }), " layer built on top of OAuth 2.0. It adds features specifically for authentication, such as ", _jsx(_components.a, { href: "https://auth.wiki/id-token", children: "ID tokens" }), " and a ", _jsx(_components.a, { href: "https://auth.wiki/userinfo-endpoint", children: "UserInfo endpoint" }), ", making it suitable for both authentication and authorization."] }), "\n", _jsxs(_components.p, { children: ["If we revisit the OAuth flow, adding OIDC introduces an ", _jsx(_components.strong, { children: "ID token" }), ". This token contains information about the authenticated user and enables MyApp to verify the user’s identity."] }), "\n", _jsxs(_components.h3, { id: "example-scenario-sign-in-with-google", children: ["Example scenario: \"Sign in with Google\"", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#example-scenario-sign-in-with-google", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsx(_components.p, { children: "Let’s switch examples. If MyApp wants to allow users to sign in using their Google accounts, the goal shifts to authentication rather than resource access. In this case, OIDC is a better fit. Here’s how the OIDC flow looks:" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-mermaid", children: "sequenceDiagram\n autonumber\n actor User\n participant MyApp\n participant Google\n\n User->>MyApp: Click \"Sign in with Google\"\n MyApp->>Google: Redirect with authentication request\n Google->>User: Prompt for Google login\n User->>Google: Log in\n Google->>User: Request permission to
share user info\n User->>Google: Grant permission\n Google->>MyApp: Redirect to MyApp
with ID and access tokens\n MyApp->>MyApp: Verify and extract user
info from ID token\n" }) }), "\n", _jsxs(_components.p, { children: [_jsx(_components.strong, { children: "Key Difference" }), ": In addition to an access token, OIDC provides an ", _jsx(_components.strong, { children: "ID token" }), ", which allows MyApp to authenticate the user without requiring additional requests."] }), "\n", _jsxs(_components.p, { children: ["OIDC shares OAuth 2.0's ", _jsx(_components.a, { href: "https://auth.wiki/oauth-2.0-grant", children: "grant" }), " definitions, ensuring compatibility and consistency across the two frameworks."] }), "\n", _jsxs(_components.h2, { id: "saml", children: ["SAML", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#saml", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: [_jsx(_components.a, { href: "https://auth.wiki/saml", children: "Security Assertion Markup Language (SAML)" }), " is an XML-based framework for exchanging ", _jsx(_components.strong, { children: "authentication" }), " and ", _jsx(_components.strong, { children: "authorization" }), " data between parties. SAML, introduced in the early 2000s, has been widely adopted in enterprise environments."] }), "\n", _jsxs(_components.h3, { id: "how-does-saml-compare-to-oidc", children: ["How does SAML compare to OIDC?", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#how-does-saml-compare-to-oidc", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsx(_components.p, { children: "SAML and OIDC are functionally similar but differ in their implementation details:" }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "SAML" }), ": Uses XML-based assertions and is often considered more complex."] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "OIDC" }), ": Leverages JSON and JWT, making it lighter and more developer-friendly."] }), "\n"] }), "\n", _jsx(_components.p, { children: "Modern applications often prefer OIDC for its simplicity and flexibility, but SAML remains prevalent in legacy systems and enterprise use cases." }), "\n", _jsxs(_components.h2, { id: "single-sign-on-sso", children: ["Single sign-on (SSO)", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#single-sign-on-sso", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: [_jsx(_components.a, { href: "https://auth.wiki/sso", children: "Single sign-on (SSO)" }), " is an ", _jsx(_components.strong, { children: "authentication" }), " scheme that enables users to access multiple applications and services with a single set of credentials. Instead of logging in to each application individually, the user logs in once and gains access to all connected systems."] }), "\n", _jsxs(_components.h3, { id: "how-does-sso-work", children: ["How does SSO work?", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#how-does-sso-work", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: ["SSO relies on a central ", _jsx(_components.a, { href: "https://auth.wiki/identity-provider", children: "identity provider (IdP)" }), " to manage user identities. The IdP authenticates the user and provides services like authentication and authorization to connected applications."] }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-mermaid", children: "graph LR\n User --> AppA\n User --> AppB\n AppA <--> IdP[Identity Provider]\n AppB <--> IdP\n User -->|SSO| IdP\n" }) }), "\n", _jsx(_components.p, { children: "The IdP can use protocols like OIDC, OAuth 2.0, SAML, or others to provide these services. A single IdP can support multiple protocols to meet the diverse needs of different applications." }), "\n", _jsxs(_components.h4, { id: "example-of-oidc-based-sso", children: ["Example of OIDC-Based SSO", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#example-of-oidc-based-sso", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsx(_components.p, { children: "Let's explore an example of OIDC-based SSO:" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-mermaid", children: "sequenceDiagram\n actor User\n participant AppA\n participant AppB\n participant IdP\n\n User->>AppA: Access Application A\n AppA->>IdP: Redirect to IdP\n IdP->>User: Prompt for credentials\n User->>IdP: Provide credentials\n IdP->>AppA: Send ID token\n AppA->>User: Grant access\n User->>AppB: Access Application B\n AppB->>IdP: Redirect to IdP\n IdP->>IdP: User already authenticated\n IdP->>AppB: Send ID token\n AppB->>User: Grant access\n" }) }), "\n", _jsx(_components.p, { children: "In this flow, the user logs in to the IdP once and is authenticated across multiple applications (AppA and AppB)." }), "\n", _jsxs(_components.h3, { id: "enterprise-sso", children: ["Enterprise SSO", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#enterprise-sso", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: ["While SSO is a broad concept, you may also encounter the term ", _jsx(_components.a, { href: "https://auth.wiki/enterprise-sso", children: "enterprise SSO" }), ", which refers to a specific type of SSO designed for enterprise environments (typically for employees and partners)."] }), "\n", _jsx(_components.p, { children: "When a customer requests SSO for your application, it’s important to clarify their needs and the protocols they are using. In most cases, this means that for specific email domains, they want your application to redirect users to their IdP (which implements enterprise SSO) for authentication." }), "\n", _jsxs(_components.h4, { id: "example-adding-an-enterprise-sso-provider", children: ["Example: Adding an Enterprise SSO provider", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#example-adding-an-enterprise-sso-provider", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsx(_components.p, { children: "Here’s a simplified example of integrating an enterprise SSO provider (Banana) with your application (MyApp):" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-mermaid", children: "sequenceDiagram\n actor User\n participant MyApp\n participant IdP as MyApp IdP\n participant Banana as Banana IdP\n\n User->>MyApp: Click \"Sign in\"\n MyApp->>IdP: Redirect to IdP\n IdP->>User: Prompt for credentials\n User->>IdP: Provide Banana email\n IdP->>Banana: Redirect to Banana IdP\n Banana->>User: Prompt for credentials\n User->>Banana: Provide credentials\n Banana->>IdP: Send response\n IdP->>MyApp: Send response\n MyApp->>User: Grant access to MyApp and display user data\n" }) }), "\n", _jsx(Note, { title: "Did you know?", children: _jsx(_components.p, { children: "Redirecting to the IdP is a common pattern in SSO flows. This approach allows the IdP to maintain a central point for user sessions while providing authentication and authorization services to multiple applications." }) }), "\n", _jsxs(_components.h2, { id: "jwt", children: ["JWT", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#jwt", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsxs(_components.p, { children: [_jsx(_components.a, { href: "https://auth.wiki/jwt", children: "JSON Web Token (JWT)" }), " is an open standard defined in RFC 7519 that enables secure communication between two parties. It is the standard format for ID tokens in OIDC and is widely used for OAuth 2.0 access tokens."] }), "\n", _jsx(_components.p, { children: "Here are the key characteristics of JWT:" }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Compact" }), ": JWTs are JSON objects encoded in a compact format, making them easy to transmit and store."] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Self-contained" }), ": JWTs contain all the necessary information about the user and the token itself."] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Verifiable and encryptable" }), ": JWTs can be signed and encrypted to ensure data integrity and confidentiality."] }), "\n"] }), "\n", _jsx(_components.p, { children: "A typical JWT looks like this:" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { children: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJmb28iLCJuYW1lIjoiSm9obiBEb2UifQ.XM-XSs2Lmp76IcTQ7tVdFcZzN4W_WcoKMNANp925Q9g\n" }) }), "\n", _jsx(_components.p, { children: "This JWT consists of three parts separated by dots:" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { children: "{{header}}.{{payload}}.{{signature}}\n" }) }), "\n", _jsxs(_components.ul, { children: ["\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Header" }), ": Contains metadata about the token, such as the token type and signing algorithm."] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Payload" }), ": Contains information about the identity and the token itself."] }), "\n", _jsxs(_components.li, { children: [_jsx(_components.strong, { children: "Signature" }), ": Verifies the token’s integrity."] }), "\n"] }), "\n", _jsx(_components.p, { children: "Both the header and payload are base64-encoded JSON objects. The JWT above can be decoded as follows:" }), "\n", _jsx(_components.pre, { children: _jsx(_components.code, { className: "language-jsonc", children: "// Header\n{\n \"alg\": \"HS256\",\n \"typ\": \"JWT\"\n}\n// Payload\n{\n \"sub\": \"foo\",\n \"name\": \"John Doe\"\n}\n" }) }), "\n", _jsxs(_components.p, { children: ["Using JWT, the client can decode the token and extract the user's information without making additional requests to the identity provider. To learn more about JWT, visit ", _jsx(_components.a, { href: "https://auth.wiki/jwt", children: "JSON Web Token (JWT)" }), "."] }), "\n", _jsxs(_components.h2, { id: "recap", children: ["Recap", _jsx(_components.a, { "aria-hidden": "true", tabIndex: "-1", href: "#recap", children: _jsx(_components.span, { children: "#" }) })] }), "\n", _jsx(_components.p, { children: "We’ve covered a lot of ground in this article. Let’s summarize the key points with an example:" }), "\n", _jsxs(_components.p, { children: ["Imagine you have a web application, AppA, that requires an ", _jsx(_components.strong, { children: "identity and access management (IAM)" }), " solution. You choose ", _jsx(_components.strong, { children: "Logto" }), ", an identity provider that uses ", _jsx(_components.strong, { children: "OpenID Connect (OIDC)" }), " for authentication. Since OIDC is built on top of ", _jsx(_components.strong, { children: "OAuth 2.0" }), ", Logto also supports authorization for your application."] }), "\n", _jsxs(_components.p, { children: ["To reduce friction for your users, you enable \"Sign in with Google\" in Logto. This uses ", _jsx(_components.strong, { children: "OAuth 2.0" }), " to exchange authorization data and user information between Logto and Google."] }), "\n", _jsxs(_components.p, { children: ["After the user logs into AppA via Logto, AppA receives an ID token, which is a ", _jsx(_components.strong, { children: "JSON Web Token (JWT)" }), " containing the user’s information."] }), "\n", _jsxs(_components.p, { children: ["As your business grows, you launch a new application, AppB, which also needs user authentication. Since Logto is already set up, you can reuse the same authentication flow for AppB. Your users can now sign in to both AppA and AppB with a single set of credentials, a feature known as ", _jsx(_components.strong, { children: "single sign-on (SSO)" }), "."] }), "\n", _jsxs(_components.p, { children: ["Later, a business partner asks you to connect their enterprise SSO system, which uses ", _jsx(_components.strong, { children: "Security Assertion Markup Language (SAML)" }), ". You find that Logto supports SAML connections, so you set up a connection between Logto and the partner's SSO system. Now, users from the partner’s organization can also sign in to AppA and AppB using their existing credentials."] }), "\n", _jsx(_components.hr, {}), "\n", _jsxs(_components.p, { children: ["I hope this article has clarified these concepts for you. For more in-depth explanations and examples, check out ", _jsx(_components.a, { href: "https://auth.wiki", children: "Auth Wiki" }), ". If you’re searching for an IAM solution for your application, consider using a managed service like ", _jsx(_components.a, { href: "https://logto.io", children: "Logto" }), " to save time and effort."] }), "\n", _jsx(LogtoCloudButton, {})] }); } function MDXContent(props = {}) { const {wrapper: MDXLayout} = { ..._provideComponents(), ...props.components }; return MDXLayout ? _jsx(MDXLayout, { ...props, children: _jsx(_createMdxContent, { ...props }) }) : _createMdxContent(props); } return { headings, readingTime, frontmatter, default: MDXContent }; function _missingMdxReference(id, component) { throw new Error("Expected " + (component ? "component" : "object") + " `" + id + "` to be defined: you likely forgot to import, pass, or provide it."); }