What is XXID and how does it work?

Secure login with Single Sign On (SSO).

XXID is a Single Sign On (SSO) solution developed by Grexx. When building an application using the Grexx Platform, XXID is utilized to ensure a safe and efficient login process. In this article, we will take a closer look at the technology behind XXID and explore its advantages for users.

Single Sign On solutions have been designed to streamline the login process for multiple applications and services by using a single set of credentials (a paired username and password). This feature is commonly seen on online services or web shops, where you can either create a new account, log in with an existing one, or with an already existing account such as Google or Microsoft. In the latter case, you use Single Sign On: you use your pre-existing account to as identification.

Here's an example:

With Spotify, you have the option to sign in using your Google, Facebook, or Apple account When you log into Spotify using one of these options instead of creating a new account or loging in through Spotify, you are utilizing SSO technology.

Accounts such as Google and Microsoft that authorize your identity for you are called identity providers. Besides Google and Microsoft, other well-known identity providers that allow you to sign up through SSO include Apple, and Facebook. Other well-known platforms such as GitHub, Discord, Twitter and a local Azure Active Directory, can also be options to authorize your identity.

Alternative SSO Solutions

There are many different Single Sign On solutions. Well-known names include Okta, Auth0, Microsoft Entra ID, and OneLogin. Each solution has its own advantages and disadvantages. SSO solutions are often part of a broader IAM program: Identity Access Management, or the management of user rights within a company or organization.

There are a variety of Single Sign On solutions available, including popular names such as Okta, Auth0, Microsoft Entra ID, and OneLogin. Each solution has its own advantages and disadvantages. Typically, SSO solutions are part of a broader Identity Access Management program (IAM), or the management of user rights within a company or organization.

💡 The name XXID is a portmanteau (or compound word) blending gReXX and IDentity

What is XXID?

XXID is the Single Sign-On (SSO) solution specifically designed for the Grexx Platform. It has been effectively utilized for more than a decade and and supports all regular authorization methods.

XXID serves as an authentication system, assigning each user a unique ID/Identity. It also manages the login process and controls how user data is transmitted to the environment.

XXID in practice

When building an application on the Grexx Platform, XXID is the default authorization method for both studio and development environments. As a builder or administrator, you have the ability to specify which providers are allowed.

The options available are:

  • Email and password (using Active Directory)
  • Google, Facebook, Microsoft
  • eHerkenning, DigiD (subject to conditions)
  • Yivi (formerly IRMA)
  • Custom integrations via SAML, OAuth, OpenID
  • And there are more options. If you want something that isn't possible yet, we can often achieve that for you.

We are constantly expanding our capabilities, so if you have a desire for something that is not currently achievable, we can often develop it for you.

In addition, XXID offers the option of multi-factor authentication (2FA/MFA), which includes entering a code via an app, email, or SMS.

Absolute privacy

XXID was created with the privacy by design principle in mind, prioritizing the absolute privacy of its users. As an application manager, you are not required to adhere to this philosophy, but we do make it possible for you.

For instance:

  • If a user logs in using XXID, the application will not receive any personal information about them. Instead, XXID generates a unique User ID, which cannot be matched to personal data.
  • Essentially, if a user logs in using their Google account, you won't see their name or email address; instead, they will appear as “user12345". This allows users to essentially trade anonymously.

It's important to note that you can use XXID for various applications, both within and outside of the Grexx platform. We prioritize user privacy by default, meaning that personal information is not shared between applications.

For example:

If User X logs into application A using their Google account and is identified as user12345, but then logs into application B with the same Google account and is identified as user13579, these identities remain separate.

This means that users across different applications cannot be linked based on their user IDs alone, a feature that alternative SSO solutions lack.

However, if the developer chooses to collect additional information from the identity provider (such as an email address), it is of course possible to match users between different applications.

As a developer, you have the option to take different routes when it comes to privacy, for example, you can request information from the identity provider, such as an e-mail address. On the other hand, you can also choose to have the login via XXID provide the application with additional information.

This could include requesting a user's Chamber of Commerce number if they use eHerkenning or their profile picture if they use Google. Of course, the user will be notified about these requests. These extra pieces of information are referred to as Information Claims within the Grexx Platform.

Why should you choose XXID?

For over a decade, XXID has proven to be a highly secure method for facilitating SSO within organizations. What sets XXID apart from other alternatives is that it is developed, maintained, and managed in the Netherlands. Additionally, Grexx holds an ISAE 3000 Type II assurance report, as well as ISO 27001 and NL-NEN 7510 certifications, and is GDPR compliant.

Not only is XXID highly secure, but it's also incredibly user-friendly and customizable. This means you can easily add identity providers without worrying about updates or maintenance — we take care of that for you. You can even add private providers like your company's Active Directory with ease.

💡 XXID can be deployed for any application that supports OpenID (OIDC), OAuth, or SAML identity protocols. It's also compatible with popular software like TOPdesk, AFAS, and Exact.

XXID is a complete and easy-to-use authorization solution for all your applications, regardless of whether they are built on the Grexx Platform or not. More information can be found in Grexx Studio and the platform documentation. And if you're interested in a demo or want to discuss possibilities, please don't hesitate to contact us!

Curious about all the options?