SSO EA — Central Identity & Single Sign-On Provider
A central identity and single sign-on (SSO) provider I designed and built end to end, giving one account passwordless, secure access to many applications.
SSO EA is a central identity provider I designed and built end to end so that a single account grants passwordless, secure sign-in to every connected application. Independent apps such as Sardis Apps, YouDesignFuture, Lifera Clinic, ealtuner and Echosfer all authenticate from one point through the user's SSO EA account. Instead of a password, I built a two-step verification that combines a single-use six-digit code emailed to the user and valid for five minutes with an eight-character security code the user chooses themselves.
Identity is passed to a connected app only with the user's explicit, per-app consent, which can be revoked at any time; the password and the role are never shared. I secured the infrastructure with TLS 1.3, irreversible Argon2id hashing of the codes, encrypted storage of email addresses, Cloudflare Turnstile and four-layer rate limiting, while trusted devices are remembered for 90 days through a hashed cookie. Users can thus reach the entire ecosystem with a single identity they fully control.
