Ncloud Single Sign-On glossary

Available in Classic and VPC

There are several terms you should be familiar with before using Ncloud Single Sign-On. The terms and their definitions are as follows.

Access Token

A string issued by the IdP that serves as a credential indicating the client's authorization to access protected resources

ACS URL

The URL where the IdP checks final permissions based on user information and posts the SAML Response

Client

One of the roles defined in OAuth 2.0, which is an application that receives an access token as a credential instead of the resource owner to access protected resources

ID Token

A token in JWT format that contains user information

Identify Provider (IdP)

A system that verifies and manages the authentication information of users requested by the SP

Ncloud Single Sign-On

A service of NAVER Cloud Platform that enables integrated management of application access permissions within an organization with a NAVER Cloud Platform account

OAuth 2.0

An open standard authorization protocol for granting permissions. Delegates permissions for an application to access a resource server on behalf of a user who owns the resource

OpenID Connect (OIDC)

A protocol that is based on OAuth 2.0 and issues an ID token containing user information from IdP when issuing a token

Refresh Token

A token issued by IdP used to extend the expiration time of an expired access token or to issue additional access tokens with the same or narrower scope

Resource Owner

One of the roles defined in OAuth 2.0, which is a user who can authorize credentials for the client to access protected resources

Resource Server

One of the roles defined in OAuth 2.0, which is a server that verifies and responds to access requests when a client accesses a resource using an access token and provides protected resources

SAML 2.0

A web-based, open standard authentication protocol. SAML 2.0 is a standard information format used when exchanging user authentication and authorization information between applications, allowing IdPs and SPs to securely exchange and authenticate user information

SAML Assertion

Security information including user information and permissions transmitted from IdP to SP for user authentication

SAML Request

Requesting delegation of authentication that the Service Provider forwards to the Identity Provider using the HTTP redirect binding

SAML Response

Authentication result that the Identity Provider sends to the Service Provider including assertion information

Service Provider (SP)

The entity that provides the service. It mainly refers to the application or service that the SSO user wants to use and requests users’ authentication information from the Identity Provider (IdP)