What is XXID and how does it work?

XXID is a Single Sign On (SSO) solution developed by Grexx. When building an application using the Grexx Platform, XXID is utilized to ensure a safe and efficient login process. In this article, we will take a closer look at the technology behind XXID and explore its advantages for users.

‍

Single Sign On solutions have been designed to streamline the login process for multiple applications and services by using a single set of credentials (a paired username and password). This feature is commonly seen on online services or web shops, where you can either create a new account, log in with an existing one, or with an already existing account such as Google or Microsoft. In the latter case, you use Single Sign On: you use your pre-existing account to as identification.

Here's an example:

With Spotify, you have the option to sign in using your Google, Facebook, or Apple account When you log into Spotify using one of these options instead of creating a new account or loging in through Spotify, you are utilizing SSO technology.

‍

Accounts such as Google and Microsoft that authorize your identity for you are called identity providers. Besides Google and Microsoft, other well-known identity providers that allow you to sign up through SSO include Apple, and Facebook. Other well-known platforms such as GitHub, Discord, Twitter and a local Azure Active Directory, can also be options to authorize your identity.

Alternative SSO Solutions

There are many different Single Sign On solutions. Well-known names include Okta, Auth0, Microsoft Entra ID, and OneLogin. Each solution has its own advantages and disadvantages. SSO solutions are often part of a broader IAM program: Identity Access Management, or the management of user rights within a company or organization.

There are a variety of Single Sign On solutions available, including popular names such as Okta, Auth0, Microsoft Entra ID, and OneLogin. Each solution has its own advantages and disadvantages. Typically, SSO solutions are part of a broader Identity Access Management program (IAM), or the management of user rights within a company or organization.

‍

💡 The name XXID is a portmanteau (or compound word) blending gReXX and IDentity

‍

What is XXID?

XXID is the Single Sign-On (SSO) solution specifically designed for the Grexx Platform. It has been effectively utilized for more than a decade and and supports all regular authorization methods.

XXID serves as an authentication system, assigning each user a unique ID/Identity. It also manages the login process and controls how user data is transmitted to the environment.

‍

XXID in practice

When building an application on the Grexx Platform, XXID is the default authorization method for both studio and development environments. As a builder or administrator, you have the ability to specify which providers are allowed.

The options available are:

• Email and password (using Active Directory)
• Google, Facebook, Microsoft
• eHerkenning, DigiD (subject to conditions)
• Yivi (formerly IRMA)
• Custom integrations via SAML, OAuth, OpenID
• And there are more options. If you want something that isn't possible yet, we can often achieve that for you.

We are constantly expanding our capabilities, so if you have a desire for something that is not currently achievable, we can often develop it for you.

In addition, XXID offers the option of multi-factor authentication (2FA/MFA), which includes entering a code via an app, email, or SMS.

‍

Absolute privacy

XXID was created with the privacy by design principle in mind, prioritizing the absolute privacy of its users. As an application manager, you are not required to adhere to this philosophy, but we do make it possible for you.

For instance:

• If a user logs in using XXID, the application will not receive any personal information about them. Instead, XXID generates a unique User ID, which cannot be matched to personal data.
• Essentially, if a user logs in using their Google account, you won't see their name or email address; instead, they will appear as “user12345". This allows users to essentially trade anonymously.

It's important to note that you can use XXID for various applications, both within and outside of the Grexx platform. We prioritize user privacy by default, meaning that personal information is not shared between applications.

For example:

If User X logs into application A using their Google account and is identified as user12345, but then logs into application B with the same Google account and is identified as user13579, these identities remain separate.

This means that users across different applications cannot be linked based on their user IDs alone, a feature that alternative SSO solutions lack.

However, if the developer chooses to collect additional information from the identity provider (such as an email address), it is of course possible to match users between different applications.

As a developer, you have the option to take different routes when it comes to privacy, for example, you can request information from the identity provider, such as an e-mail address. On the other hand, you can also choose to have the login via XXID provide the application with additional information.

This could include requesting a user's Chamber of Commerce number if they use eHerkenning or their profile picture if they use Google. Of course, the user will be notified about these requests. These extra pieces of information are referred to as Information Claims within the Grexx Platform.