Single Sign-On

This product version has reached end of life and is no longer supported. Click here for the latest documentation.

The OutSystems Platform provides single sign-on capabilities by default: after authenticating in one of the applications, end-users are able to access all other applications without having to provide the credentials for each application they access.

Single Sign-On is only supported on modules that are enabled to use cookies. See the property that allows an module to use cookies .

Using Single Sign-On

By default, all applications created have single sign-on capabilities, since their User Provider module is set to the Users system module. However, if you are using a different user provider:

Identify the User Provider eSpace which provides end-users and sessions to other modules: open the module in the development environment, set its Is User Provider property to 'Yes', and publish the module.
Identify the User Subscriber eSpaces that share end-users and sessions with the User Provider module: open each one of the modules and select the User Provider module in the drop down list of the User Provider eSpace property. By default modules are created using the Users system module as user provider.

In a Single Sign-On scenario, check out your unified modules in Service Center: edit an module and select the 'Single Sign-On' tab to see the User Provider module and User Subscriber modules.

How Users are Shared

The User Provider module contains an entity that stores end-users information. This entity is set with the ' Public ' property to ' Yes ' so that it can be reused by User Subscriber modules. Learn more about Reusing Entities .

To authenticate an end-user, simply check if the provided credentials match any record existing in the entity of the User Provider module.

How Sessions are Shared

The session is created the first time the end-user accesses the server to request a page of any unified module. However, since the session is shared by the unified modules, the first On Session Start action to be invoked is the one of the User Provider module. Only then, if there is an On Session Start action in the requested module, it is invoked.

From then on, the On Session Start actions of the User Subscriber modules are invoked the first time each module is accessed via a screen, web block, or public action.

In a Single Sign-On situation, there is only one session shared by the unified modules which consists of all the session variables defined in these modules. If you need to reference or change a session variable from another module, you must use public actions , since there is no other way to add and remove session references between modules.

Note that sharing session variables through public actions only works for unified modules of the same set. Otherwise, as you will have different sessions, you will refer to different variables from each module. See Use eSpace References .