SSO GuideAPI Guide

SSO Overview

Single Sign‑On (SSO) with Advanced Fraud Solutions enables users to securely access AFS portals without managing separate login credentials. The chosen solution standard is Security Assertion Markup Language (SAML), which is an open standard for exchanging authentication and authorization data, between parties, via an XML-based markup language.

This section provides an overview of how SSO works in the AFS ecosystem, the key roles involved, and the data flows that support both SP‑initiated and IdP‑initiated login patterns.

Key Integration Roles

  • Service Provider (SP): Advanced Fraud Solutions’ portals (TrueChecks and Positive Pay) that rely on SAML assertions for user access.

  • Identity Provider (IdP): Your organization’s identity system (e.g., Okta, ADFS, Azure AD) that authenticates users and issues SAML Responses.

  • Client: The software that maintains the SSO connection between the IdP and AFS.

Integration Types

AFS supports two standard SSO flows:

  • SP‑Initiated: The user begins at the AFS portal and is redirected to the IdP for authentication.

  • IdP‑Initiated: The user begins at the IdP, and after authentication, is redirected to the AFS portal with a SAML Response.

SP‑Initiated Flow

  1. User attempts to access the AFS portal.

  2. AFS generates a SAML Request back to the client with information about the IdP.

  3. IdP authenticates the user and posts a signed SAML Response to AFS.

  4. AFS validates the assertion and provisions or updates the user.

  5. The user is granted access to the portal.

IdP‑Initiated Flow

  1. User signs into their IdP.

  2. IdP constructs and posts a signed SAML Response to AFS.

  3. AFS validates the assertion and provisions or updates the user.

  4. The user is granted access to the portal.

Advanced Fraud Solutions Logo Light Advanced Fraud Solutions Logo Dark

Copyright © 2025 Advanced Fraud Solutions