• search
  • Contact Sales
  • Support
    • Online Help
    • Community Forum
    • Contact Support
  • Log in
Get a Demo Try Free
High Contrast
Caspio logo Help
Try Free
  • High Contrast
  • search
  • Contact Sales
  • Support
    • Online Help
    • Community Forum
    • Contact Support
  • Log in
Get a Demo Try Free
  • Help Center
  • Manage Users and Groups
  • Directories Overview
  • User Authentication in Directories
  • Launch Your Caspio Journey
  • Create Applications
    • Applications Overview
    • Creating Apps With Bridge
      • Bridge App Overview
        • Creating a New App Container
        • Importing an App
        • Exporting an App
        • Deleting an App
        • Shared Objects
        • Backing Up Your Applications
        • Sharing an App with Another Account
        • App Parameters
          • Adding App Parameters
          • Managing App Parameters
          • Using App Parameters
      • Authentication
        • Setting Up User Permissions in Your App
        • Adding a Logout Link
        • Record Level Security
          • Create a Workflow using Record Level Security and Filtered Dropdown
          • Restrict Access to Data by User or Role
          • Filter Lookup Dropdown or Listbox Based on User or Role
        • Stamp a Record with User Profile Data
        • OpenID
        • Create a Standalone Login Screen
        • Hiding Multiple Login Forms
      • DataPages
        • What is a DataPage?
        • DataPage Types
        • Forms
          • Submission Forms
          • Update Forms
          • Password Recovery Forms
          • Form Element Types
          • Conditional Forms
          • Child Forms
          • Accepting Payments in Your Application
        • Reports
          • Creating a Report DataPage
          • Comparison Types in Report DataPages
          • Search by Distance
          • Report Page Results Layout
          • Interactive Reporting Options
          • Pivot Table Reports
          • Counting the Number of Times a Record Has Been Viewed
          • Display a Field Data as Hyperlink
          • Fixed Rows and Columns
          • Making the Search Results Downloadable as PDF
          • Editing Data Through My Details Page
          • Making the Details Downloadable for Users
          • Data Editing Options in Reports
          • Combined Chart and Report
          • Adding “Today” to “After Now” or “Next X Days” Criteria
          • Filtering Reports Based on an Expiration Date
          • Advanced Reporting
            • Calculations in Reports
            • Data Grouping
            • Totals and Aggregations
            • Calculated Fields and Datediff Function
        • Charts
        • Calendars
          • Calendar DataPage – Monthly Example
          • Calendar DataPage – Weekly Example
        • HTML Pages
        • DataPage Components
          • Dropdowns and Listboxes
          • Cascading Elements
          • Calculated Values
          • Field Configuration Options
            • Field and Column Width
            • Placeholder Text
            • Rollover Hints – Mouse-Over Help Icon
            • Image Auto-Rotation
          • DataPage Header and Footer
          • HTML Blocks
          • Disabling HTML Editor in DataPage Header/Footer and HTML Blocks
          • Field Formatting Options
          • Custom Date Formatting
          • Multi-column and Sections
          • CAPTCHA
          • Virtual Fields
          • Setting up Default Values
          • AutoComplete
        • Managing DataPages
          • Modifying DataPages
          • Previewing DataPages
          • Moving DataPages
          • Copying DataPages
          • DataPage Revisions
          • DataPage Folders
          • Exporting and Importing DataPages
          • Moving Existing DataPages To a New App
        • Responsive DataPages
          • Responsive DataPage Prerequisites
          • Responsive Behavior on Tablet and Mobile
          • Modifying Styles for Tablet and Mobile
        • AJAX Loading
        • PDF Download
          • Adding a text watermark
          • Adding an image watermark
          • Adding page breaks to details page
          • Adding header and footer
        • Best Practices in Creating Caspio Applications
      • Notifications
        • Email Notifications
          • Verifying Email and Domain
          • Configuring Email
          • Setting Up Dynamic or Conditional Notification Emails
        • SMS Notifications
          • Configuring the SMS-enabled Countries
          • Configuring SMS
          • Adding SMS Sender Name
      • Parameters
        • Parameter Types
        • System Parameters
        • Passing Parameters through Caspio
        • Displaying Parameters
        • Parameters as Query String Values
        • Receiving Parameters
        • Resetting Parameters
        • Passing Multiple Values in One Parameter
        • Formatting Parameters in Email Body and HTML Blocks
        • Parameters in Dropdowns, Listboxes and Radio Buttons
        • Custom Filter Elements
      • Connections
        • SAML Single Sign-On
        • Setting Up ID Services
      • Styles
        • Creating or Editing a Style
        • Layout Options
        • Fix the Width of the DataPage
        • Button Alignment
        • Field Alignment
        • Border Options
        • Using Google Web Fonts
        • Glossy Heading Text
        • Gradient Backgrounds for DataPages
        • Gradient Backgrounds for Fields
        • Replace Links to Records with Images
        • Replace Standard Buttons with Images
        • Change the Color of Field Error Labels
        • Change Text on a Button
        • Put Multiple Fields on One Line
        • Styling Advanced Reports
        • Add Rounded Borders to the Form and Fields
        • Use an Image as Form Background
        • Fix the Width of Labels and Data in List and Gallery Reports
        • Customize the ID Service Icon of the Login Screen
      • Localizations
        • Creating or Editing a Localization
        • Handling Arabic, Hebrew and Other Right-to-Left Languages
        • Formatting Options
        • Using Localization Feature to Improve Usability
        • Format Types
      • Files and Images
        • Uploading Files and Images
        • FileStor CDN
        • Managing Files
        • Bulk File Import and Export
        • Creating Thumbnails with the Image Resizer
        • Using Files in DataPages
        • Orphan File Cleanup
    • Creating Apps With Flex
      • Flex Overview
      • Roles
        • Creating New Roles
        • Adding Users and Groups to Roles
        • DataPart Display Based on the User Role
        • Editing Role Permissions
          • User’s Own Records
          • Custom Access
        • Removing Users and Groups from Roles
        • Deleting Roles
      • Application Design
        • Segments
          • Editing Segment Settings
          • Themes and Widgets
        • Adding AppPages
        • AppPage Types
        • Moving DataParts
        • Resizing DataParts
        • Adding DataParts
        • Forms
          • Form Elements
          • Search Form
          • Submission Form
          • Details/Update Form
        • Reports
          • Tabular Report
          • Card Report
          • Pivot Table
        • Sign-up Form
        • Charts
          • Creating and Configuring Charts
          • Chart Display Options
        • Text/HTML
        • Data Filters
          • Creating Filters
        • Calculated Values in Flex DataParts
        • Communication Between DataParts
        • Designing User-Friendly Navigation Between AppPages
      • Parameters
        • Inserting Parameters
        • Application Parameters
        • Adding Support for Lookup Values in Data Source Parameters
        • Stamping Records with User ID
      • Branding
      • Flex FAQ
  • Manage Users and Groups
    • Directories Overview
      • User Authentication in Directories
      • Converting Tables to Directories
      • Creating Directories
    • Directory Users
      • User Status Overview
      • Creating Users
      • Activating Users
      • Adding Users to Groups
      • Resetting User Passwords
      • Resetting Two-Factor Authentication
      • Suspending and Unsuspending Users
      • Changing User Sign-In Method
    • Directory Groups
      • Creating Groups
      • Modifying Groups
      • Deleting Groups
    • Directory Security
      • Session Management
      • Turning On Two-Factor Authentication
      • Customizing Directory Security Policy
      • Redirecting to Custom URLs After Sign-in and Sign-out
    • Directory User Portal
    • Directory Emails
    • Identity Providers
      • Adding Identity Providers
        • Tutorial: Adding Microsoft Entra ID (formerly Azure AD) Identity Provider
        • Tutorial: Adding Okta Identity Provider
        • Tutorial: Adding OneLogin Identity Provider
      • Editing Identity Providers
      • Deleting and Disabling Identity Providers
      • Configuring Single Logout
    • App Connections
      • Creating App Connections 
        • Authenticating Users to Caspio Apps in Multiple Accounts Using a Single Directory
        • Tutorial: Adding HubSpot App Connection
        • Tutorial: Adding BambooHR App Connection
        • Tutorial: Adding Slack App Connection
      • Managing App Connections 
      • Deleting and Disabling App Connections
  • Manage and Organize Your Data
    • Data Management Overview
    • Tables and Views
      • Creating Tables
      • Modifying a Table’s Design
      • Removing Blanks From a Dropdown or Listbox
      • Lookup Tables
      • Views
        • Creating a View to Filter Data
        • Creating a View to Join Tables
        • Self-Join Views
        • Modifying Views
        • Importing and Exporting Views
    • Data Types
      • List Data Types
      • Function Reference
      • Adding a Formula Field in a Table
      • Managing Files With the Attachment Data Type
    • Managing Data in Datasheet
      • Find and Replace Specific Values
      • Filtering Data
      • Downloading Table or View Data
    • Database Relationships
      • Relationship Settings
    • Importing Data
    • Exporting Data
    • Sharing Data Between Apps
    • Best Practices for Designing Databases and Tables
    • Logs
      • Managing Logs
        • Logs Retention Period
      • App Access Logs
      • Directory Logs
      • Email Logs
      • Integrations Logs
      • Payment Logs
      • SMS Logs
  • Leverage AI
    • AI Assistant Overview
  • Automate Tasks and Workflows
    • Automations Overview
    • Triggered Actions
      • Creating a Triggered Action
        • Actions
          • UPDATE
          • DELETE
          • INSERT INTO
          • SEND EMAIL
          • SEND SMS
        • Data
          • SELECT
        • Logic
        • Loops
        • Text
        • Number
        • Date
        • Variables
    • Tasks
    • Data Import/Export Tasks
      • Data Import Tasks
      • Data Export Tasks
      • Configuring a Repository Site
      • IP Addresses for Data Import/Export Tasks
      • Data Import/Export Tasks Tips and Best Practices
  • Generate PDF Documents
    • Document Generation Overview
    • Creating Templates
    • Mapping Fields in Templates
    • Template Field Types
    • Configuring Template Settings
      • Formatting Field Values
      • Adding Watermarks
      • Encrypting PDF Documents
      • Configuring PDF Document Properties
      • Changing PDF File for a Template
    • Enabling Document Generation in Applications
    • Managing Templates
  • Integrate and Extend Your Apps
    • Integrations Overview
    • Webhooks
      • Getting Started with Webhooks in Caspio
      • Webhooks Rules and Limitations
      • IP Addresses for Webhooks
      • Creating and Managing Webhooks
        • Configuring Call Throttling
      • Creating and Managing Events
        • Event Types
        • Activating or Deactivating Events
      • Testing Webhooks
    • Extensions
      • AI-Powered GPT Connect
      • Extension for Slack
      • QR Code Generator
      • Barcode Generator
    • Web Services API
      • Creating a Web Services API Profile
      • Authenticating REST API
      • Important Header Parameters
      • Special Considerations
      • Error Handling
      • Swagger UI
      • Migration from REST API v2 to v3
    • Integration with Make
    • Integration with Zapier
  • Deploy Your Apps
    • Deploying Bridge Apps
      • General Deployment Guide
      • Remove iFrame Border and Change Size
      • Block Access to DataPages by IP Address
    • Deploying Flex Apps
      • Mapping a Friendly Subdomain
  • Manage Account and Billing
    • Account Settings
    • Account Users, Groups and API Profiles
      • Inviting New Account Users
      • Creating Groups for Account Users
      • Managing Permissions
      • Changing Account Owner
    • Changing Your Plan
    • Updating Payment Information
    • Payment History
    • Custom Domain
    • Account Notifications
    • Resource Usage
    • Caspio ID
      • Managing Your Caspio ID
      • Forgot Your Password
      • Getting Support PIN
    • Support Login
    • Search for Objects
  • Videos
    • Bridge Videos
      • Build Your First App
      • Recorded Training
      • Customize Your Apps
      • Advanced Topics
      • Full App Implementation
      • Tips and Tricks
    • Flex Videos
      • Build Your First App
      • Recorded Training
  • Resources and Best Practices
    • Frequently Asked Questions (FAQ)
    • Tech Tips
    • Troubleshooting
      • Troubleshooting SMS Delivery
      • Troubleshooting Email Delivery and Domain Verification
      • Cannot Log in to My Caspio Account
      • Issue with Login to Apps or DataPages
      • Issue with Redirection After Logout
      • Acknowledgement Emails Are Not Received
      • Issues with Email Verification Code
      • JavaScript Does Not Work with Multiple DataPages
      • Cannot See an SSL Lock Icon for My Web Page
      • Responsive UI Does Not Display Properly
      • Date Fields from Excel Import Incorrectly
      • Troubleshooting Custom PDF Generator
      • Troubleshooting Data Import Speed
      • System Limitations
      • Errors and Messages
    • System Requirements
    • Deprecations
      • Deprecation of Twitter as an ID Service in Authentications and Connections
      • Deprecation of Google Drive for Data Import/Export Tasks
      • Deprecation of HTTP Deployment
      • Deprecation of the Option to Disable AJAX Loading
      • Deprecation of MS Access for Import/Export
      • Deprecation of Cb_ErrorLog Tables
      • Deprecation of Google Map Mashup Generator
      • Deprecation of Frame Deployment
      • Deprecation of .xls Excel Format for Data Import
      • Deprecation of SEO Deployment Method
      • Deprecation of WordPress Deployment
      • Deprecation of Unverified Email Addresses
      • Deprecation of SOAP Web Service
      • Deprecation of Internet Explorer 11 and Microsoft Edge Legacy Browsers
  • Release Notes
    • Impacted Areas 61.0
    • Caspio 60.0
    • Caspio 59.0
    • Caspio 58.0
    • Caspio 57.0
    • Caspio 56.0
    • Caspio 55.0
    • Caspio 54.0
    • Introducing Flex
    • Caspio 53.0
    • Caspio 52.0
    • Caspio 51.0
    • Caspio 50.0
    • Caspio 49.0
    • Caspio 48.0
    • Caspio 47.0
    • Caspio 46.0
    • Caspio 45.0
    • Caspio 44.0
    • Caspio 43.0
    • Caspio 42.0
      • Known Issue: Scrolling on macOS Devices
    • Caspio 41.0
    • Caspio 40.0
    • Caspio 39.0
    • Caspio 38.0
    • Caspio 37.0
      • Impacted Areas 37.0
    • Caspio 36.0
    • Caspio 35.0
    • Caspio 34.0
      • Impacted Areas 34.0
    • Caspio 33.0
    • Caspio 32.0
    • Caspio 31.0
      • Impacted Areas 31.0
    • Caspio 30.0
    • Caspio 29.0
    • Caspio 28.0
    • Caspio 27.0
    • Caspio 26.0
    • Caspio 25.0
    • Caspio 24.0
    • Caspio 23.0
    • Caspio 22.0
    • Caspio 21.5
    • Caspio 21.0
      • Impacted Areas 21.0
    • Caspio 20.0
    • Caspio 19.0
      • Impacted Areas 19.0
      • Security Patch 19.5
    • Caspio 18.0
    • Caspio 17.0
    • Caspio 16.0
    • Caspio 14.0
      • Impacted Areas 14.0
    • Caspio 15.0
    • Caspio 13.0
      • Caspio 13.0
      • Impacted Areas 13.0
    • Caspio 12.0
      • Impacted Areas 12.0
    • Caspio 11.0
      • Impacted Areas 11.0
    • Caspio 10.0
    • Caspio 9.9
      • Impacted Areas 9.9
    • Caspio 9.8
    • Caspio 9.7
    • Caspio 9.6
      • Impacted Areas 9.6
    • Caspio 9.5
      • Impacted Areas 9.5
    • Caspio 9.4
      • Impacted Areas 9.4
    • Caspio 9.3
      • Impacted Areas 9.3
      • Caspio 9.3
    • Caspio 9.2
      • Impacted Areas 9.2
    • Caspio 9.1
      • Impacted Areas 9.1
    • Caspio 9.0
      • Known Issues 9.0
      • Impacted Areas 9.0

User Authentication in Directories

7 minutes to read

Caspio Directories is a method of user authentication in which you verify user identities using a directory. Directories serve as key components for authentication, acting as central repositories for user information. Users authenticate themselves by validating their credentials against the information stored in a given directory. This crucial mechanism ensures secure and controlled access to digital resources, making directory authentication a cornerstone of effective identity management.

Important definitions

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications with just one set of sign-in credentials. With SSO, once a user signs in to one application, they are granted automatic access to other connected systems without having to re-enter their username and password for each individual system. It simplifies and streamlines the user’s access to diverse services, enhancing convenience and security.

Single Logout (SLO) is a mechanism within authentication systems, such as Single Sign-On (SSO), that enables a user to sign out from multiple connected applications or systems simultaneously with just one action. When a user initiates a sign-out process in one application, Single Logout ensures that the user’s session is terminated across all the other connected applications or services, enhancing security and convenience by ensuring a synchronized and comprehensive sign-out experience.

SAML (Security Assertion Markup Language) is an open security standard used for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). It enables secure single sign-on (SSO) and allows users to access multiple applications using a single set of credentials.

Identity Provider (IdP) is responsible for authenticating users and providing identity information to service providers. In the context of SAML, the IdP confirms the user’s identity and generates security tokens (SAML assertions) containing user information. These assertions are then sent to the service provider, allowing users to access their services.

Service Provider (SP) is a system or application that provides services to users. In SAML, it relies on the Identity Provider for authentication and authorization. The SP consumes the SAML assertions provided by the IdP to grant access to its resources or services based on the user’s identity and the permissions associated with that identity.

Session refers to the duration in which a user interacts with a specific application or software. It begins when a user accesses the application and ends when the user signs out, the application is closed, or after a certain period of inactivity.

External Identity Provider is a service that the Directory relies on to authenticate users. Examples of such external IdPs for the Directory include Microsoft Entra ID, Okta, or OneLogin.

Directory Session is created by the directory after successful authentication.

Application Session is created by a connected application after successful authentication.

External Identity Provider Session is created by an external IdP after successful authentication.

Directory as an identity provider

Supported standard

The directory serves as the identity provider following the SAML 2.0 standard for both Caspio applications and third-party applications. Meanwhile, Caspio applications and third-party apps function as service providers following SAML 2.0.


Authentication flow 

The authentication flow with directory works as follows: 

  1. When users try to access an application, they are directed to the directory’s sign-in page.
  2. After successfully signing in, a session is created within the directory, and the application is notified of the user’s sign-in.
  3. The application then generates its own session to manage user access.
  4. The user is directed to the requested application page. 

Both Caspio applications and third-party apps create separate sessions to regulate how users interact with them. Caspio Directories confirm user identities but do not control how the application manages each user’s session.


Single logout for connected apps 

The directory supports single logout (SLO) for both Caspio applications and third-party applications. SLO allows users to end all their sessions with just one sign-out action. It works in these ways: 

  1. If a user signs out from an application:
    1. The application redirects the user to the directory sign-out destination to end the directory session. 
    2. Then, the directory checks if there are any other connected apps with configured SLO. Directory redirects to the sign-out destination of the connected applications.
    3. When the chain of sign-out redirections for connected applications is finished, the directory ends its session and redirects back to the application which requested the sign-out to end the application session. 
  2. If a user signs out from the directory:
    1. The directory checks if there are any other connected apps with configured SLO. Directory redirects to the sign-out destination of the connected applications.
    2. When the chain of sign-out redirections for connected applications is finished, the directory ends its session. 

To make SLO work, specific sign-out URLs must be provided in both the directory and the connected apps. If these URLs are not provided, signing out from the application or directory will not end other sessions. 

For Caspio applications, SLO is set up by default and does not require any additional configuration. 

Directory with external identity providers

Supported standard 

External Identity Provider is an identity provider as per the SAML 2.0 that authenticates users to Directory. When an external IdP is used as a sign-in method, Directory acts as a service provider for external IdP and identity provider for Directory-protected applications.

 

Authentication flow 

The authentication flow with external IdP works as follows: 

  1. When users try to access an application, they are directed to the directory’s sign-in page.
  2. If they use external IdP as a sign-in method, they are directed to the external IdP’s sign-in page.
  3. After a successful sign-in via the external IdP, an external IdP session is created, and the directory gets informed about the authentication.
  4. The directory then starts its own session and informs the application about the user’s authentication status.
  5. Subsequently, the application creates its own session to control user access. 
  6. The user is directed to the requested application page.

Both Caspio applications and third-party apps create separate sessions to regulate how users interact with them. External IdPs and Directories verify users but do not directly manage the application’s sessions.

 

Single logout for external IdPs

Directory enables single logout (SLO) for external Identity Providers (IdPs), and it works in the following ways:

  1. If a user signs out from an IdP:  
    1. The IdP redirects the user to the directory sign-out destination to end the directory session.
    2. Then, the directory checks if there are any other connected apps with configured SLO. Directory redirects to the sign-out destination of the connected applications.
    3. When the chain of sign-out redirections for connected applications is finished, the directory ends its session and redirects back to the IdP which requested the sign-out to end the IdP session.
  2. If a user signs out from the directory:
    1. The directory checks if there are any other connected apps with configured SLO. Directory redirects to the sign-out destination of the connected applications.
    2. When the chain of sign-out redirections for connected applications is finished, the directory ends its session and redirects to the IdP sign-out destination to end the IdP session. 

To make single sign-out work, specific sign-out URLs must be provided in both the directory and the external IdP. These URLs must also be given in the connected applications to ensure that sign-out happens in a sequence: from the external IdP to the directory and then to the application. If these URLs are not provided, signing out from the external IdP, directory, or application will not affect other sessions. 

  • PRODUCT

  • Platform Overview
  • Why Low Code
  • Case Studies
  • App Marketplace
  • Pricing
  • Get a Custom Demo
  • Free Trial
  • SOLUTIONS

  • Healthcare
  • Education
  • Government
  • Financial Services
  • Energy and Utilities
  • Nonprofits
  • Media
  • Consulting
  • RESOURCES

  • Resource Center
  • Blog
  • Free Training
  • Online Help
  • Onboarding
  • Get Certified
  • Professional Services
  • Support Center
  • COMPANY

  • Our Story
  • Careers
  • Leadership
  • News
  • Partner Programs
  • Referral Program
  • Academic Program
  • Discount Programs
  • Contact Us
  • TRENDING

  • Build Custom CRM
  • Create Web Dashboards
  • Best Online Database
  • Convert Excel to Web
  • Migrate MS Access Online
  • HIPAA Compliant Database
  • Create a Patient Portal
Caspio Logo

Caspio is the world’s leading cloud platform for building online database applications without coding.
Start a free trial today and experience the power of no-code.

Footer Partners

© 2025 Caspio, Inc. Sunnyvale, California. All rights reserved.

  • Privacy Statement
  • Terms of Use
  • Report Abuse
  • Feedback