...
A SSO, what for?
SSO allows for users to launch your application within Maestrano without having to type in credentials. This enhances the user experience of customers by skipping a step to access your app.
...
As part of the SSO process, the user details are passed on (first and last names, email). You can decide to use these to match the user against an existing user inside your application rather than creating a new account. This will give the end user a better user experience.
...
The Single Sign On process is initiated from the Maestrano website when a user clicks on your application tile. This redirects the user to the configured SSO initialization endpoint which then redirects back to Maestrano IDM endpoint. The user is then redirected to your SSO consume endpoint with all the User details required to either log the user in or create a new account.
...
What do I have to pay attention to?
As the user email is unique on Maestrano, it is safe to match users by email or user_id. The user_id must be stored against the User record so even if a user changes its email, you can still uniquely identify its account.
...