{"id":37061,"date":"2025-12-21T11:12:11","date_gmt":"2025-12-21T04:12:11","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=37061"},"modified":"2025-12-24T11:14:40","modified_gmt":"2025-12-24T04:14:40","slug":"sso-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/sso-la-gi\/","title":{"rendered":"SSO (Single Sign-On) l\u00e0 g\u00ec? C\u00e1ch ho\u1ea1t \u0111\u1ed9ng, Ph\u00e2n lo\u1ea1i, L\u1ee3i \u00edch &#038; \u1ee8ng d\u1ee5ng"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#SSO-la-gi-Khai-niem-Single-Sign-On\" >SSO l\u00e0 g\u00ec? Kh\u00e1i ni\u1ec7m Single Sign-On<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Cach-SSO-hoat-dong-nhu-the-nao\" >C\u00e1ch SSO ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Cac-giao-thuc-pho-bien-trong-SSO\" >C\u00e1c giao th\u1ee9c ph\u1ed5 bi\u1ebfn trong SSO<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#SAML-Security-Assertion-Markup-Language\" >SAML (Security Assertion Markup Language)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#OAuth-20\" >OAuth 2.0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#OpenID-Connect-OIDC\" >OpenID Connect (OIDC)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Loi-ich-cua-SSO-doi-voi-nguoi-dung-va-to-chuc\" >L\u1ee3i \u00edch c\u1ee7a SSO \u0111\u1ed1i v\u1edbi ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u1ed5 ch\u1ee9c<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Rui-ro-va-han-che-khi-trien-khai-SSO\" >R\u1ee7i ro v\u00e0 h\u1ea1n ch\u1ebf khi tri\u1ec3n khai SSO<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#SSO-va-MFA-khac-nhau-nhu-the-nao\" >SSO v\u00e0 MFA kh\u00e1c nhau nh\u01b0 th\u1ebf n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Ung-dung-thuc-te-cua-SSO-trong-he-thong-CNTT\" >\u1ee8ng d\u1ee5ng th\u1ef1c t\u1ebf c\u1ee7a SSO trong h\u1ec7 th\u1ed1ng CNTT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Khi-nao-nen-trien-khai-SSO\" >Khi n\u00e0o n\u00ean tri\u1ec3n khai SSO?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/sso-la-gi\/#Tong-ket-%E2%80%93-Co-nen-su-dung-SSO-khong\" >T\u1ed5ng k\u1ebft \u2013 C\u00f3 n\u00ean s\u1eed d\u1ee5ng SSO kh\u00f4ng?<\/a><\/li><\/ul><\/nav><\/div>\n<p>Ng\u01b0\u1eddi d\u00f9ng trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p hi\u1ec7n nay th\u01b0\u1eddng xuy\u00ean \u0111\u1ed1i m\u1eb7t v\u1edbi t\u00ecnh tr\u1ea1ng qu\u00e1 t\u1ea3i th\u00f4ng tin \u0111\u0103ng nh\u1eadp. M\u1ed9t nh\u00e2n vi\u00ean v\u0103n ph\u00f2ng trung b\u00ecnh ph\u1ea3i qu\u1ea3n l\u00fd v\u00e0 ghi nh\u1edb t\u1eeb 10 \u0111\u1ebfn 20 m\u1eadt kh\u1ea9u kh\u00e1c nhau cho c\u00e1c \u1ee9ng d\u1ee5ng nh\u01b0 email, ph\u1ea7n m\u1ec1m qu\u1ea3n l\u00fd d\u1ef1 \u00e1n, CRM, v\u00e0 c\u1ed5ng th\u00f4ng tin nh\u00e2n s\u1ef1. Vi\u1ec7c n\u00e0y t\u1ea1o ra g\u00e1nh n\u1eb7ng l\u1edbn l\u00ean tr\u00ed nh\u1edb v\u00e0 d\u1eabn \u0111\u1ebfn th\u00f3i quen b\u1ea3o m\u1eadt k\u00e9m, ch\u1eb3ng h\u1ea1n nh\u01b0 \u0111\u1eb7t m\u1eadt kh\u1ea9u gi\u1ed1ng nhau cho m\u1ecdi t\u00e0i kho\u1ea3n ho\u1eb7c ghi ch\u00e9p m\u1eadt kh\u1ea9u ra gi\u1ea5y.<\/p>\n<p>\u0110\u1ec3 gi\u1ea3i quy\u1ebft b\u00e0i to\u00e1n n\u00e0y, c\u00e1c h\u1ec7 th\u1ed1ng c\u00f4ng ngh\u1ec7 th\u00f4ng tin hi\u1ec7n \u0111\u1ea1i \u0111\u00e3 \u00e1p d\u1ee5ng m\u1ed9t c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c t\u1eadp trung. Gi\u1ea3i ph\u00e1p n\u00e0y gi\u00fap c\u00e2n b\u1eb1ng gi\u1eefa tr\u1ea3i nghi\u1ec7m ng\u01b0\u1eddi d\u00f9ng ti\u1ec7n l\u1ee3i v\u00e0 y\u00eau c\u1ea7u b\u1ea3o m\u1eadt nghi\u00eam ng\u1eb7t c\u1ee7a t\u1ed5 ch\u1ee9c. C\u01a1 ch\u1ebf n\u00e0y ch\u00ednh l\u00e0 Single Sign-On.<\/p>\n<p>V\u1eady ch\u00ednh x\u00e1c <strong>SSO l\u00e0 g\u00ec<\/strong>? T\u1ea1i sao c\u00f4ng ngh\u1ec7 n\u00e0y l\u1ea1i tr\u1edf th\u00e0nh ti\u00eau chu\u1ea9n kh\u00f4ng th\u1ec3 thi\u1ebfu trong c\u00e1c doanh nghi\u1ec7p, n\u1ec1n t\u1ea3ng \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y (Cloud) v\u00e0 c\u00e1c d\u1ecbch v\u1ee5 ph\u1ea7n m\u1ec1m (SaaS) ng\u00e0y nay? B\u00e0i vi\u1ebft n\u00e0y s\u1ebd ph\u00e2n t\u00edch chi ti\u1ebft v\u1ec1 kh\u00e1i ni\u1ec7m, nguy\u00ean l\u00fd ho\u1ea1t \u0111\u1ed9ng v\u00e0 t\u00ednh \u1ee9ng d\u1ee5ng c\u1ee7a <strong>x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng<\/strong> qua SSO.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSO-la-gi-Khai-niem-Single-Sign-On\"><\/span>SSO l\u00e0 g\u00ec? Kh\u00e1i ni\u1ec7m Single Sign-On<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>SSO l\u00e0 g\u00ec<\/strong>? SSO l\u00e0 vi\u1ebft t\u1eaft c\u1ee7a <strong>Single Sign-On<\/strong>, hay c\u00f2n g\u1ecdi l\u00e0 \u0111\u0103ng nh\u1eadp m\u1ed9t l\u1ea7n. \u0110\u00e2y l\u00e0 m\u1ed9t ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp an to\u00e0n v\u00e0o nhi\u1ec1u \u1ee9ng d\u1ee5ng v\u00e0 d\u1ecbch v\u1ee5 kh\u00e1c nhau ch\u1ec9 v\u1edbi m\u1ed9t b\u1ed9 th\u00f4ng tin \u0111\u0103ng nh\u1eadp duy nh\u1ea5t (t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u).<\/p>\n<p>Trong m\u00f4 h\u00ecnh kh\u00f4ng c\u00f3 SSO, m\u1ed7i khi ng\u01b0\u1eddi d\u00f9ng chuy\u1ec3n t\u1eeb \u1ee9ng d\u1ee5ng n\u00e0y sang \u1ee9ng d\u1ee5ng kh\u00e1c, h\u1ec7 th\u1ed1ng s\u1ebd y\u00eau c\u1ea7u h\u1ecd nh\u1eadp l\u1ea1i th\u00f4ng tin x\u00e1c th\u1ef1c. V\u00ed d\u1ee5, b\u1ea1n \u0111\u0103ng nh\u1eadp v\u00e0o Gmail, sau \u0111\u00f3 mu\u1ed1n v\u00e0o Drive l\u1ea1i ph\u1ea3i \u0111\u0103ng nh\u1eadp th\u00eam l\u1ea7n n\u1eefa. V\u1edbi Single Sign-On, sau khi x\u00e1c th\u1ef1c th\u00e0nh c\u00f4ng t\u1ea1i h\u1ec7 th\u1ed1ng trung t\u00e2m, ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n truy c\u1eadp v\u00e0o t\u1ea5t c\u1ea3 c\u00e1c \u1ee9ng d\u1ee5ng li\u00ean k\u1ebft m\u00e0 kh\u00f4ng c\u1ea7n th\u1ef1c hi\u1ec7n l\u1ea1i thao t\u00e1c \u0111\u0103ng nh\u1eadp.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-37065\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-1.jpg\" alt=\"Single Sign-On (SSO) 1\" width=\"750\" height=\"525\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-1.jpg 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-1-300x210.jpg 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p>C\u1ea7n ph\u00e2n bi\u1ec7t r\u00f5 SSO v\u1edbi vi\u1ec7c s\u1eed d\u1ee5ng c\u00f9ng m\u1ed9t m\u1eadt kh\u1ea9u cho nhi\u1ec1u t\u00e0i kho\u1ea3n (Same Sign-On). Vi\u1ec7c d\u00f9ng chung m\u1eadt kh\u1ea9u l\u00e0 m\u1ed9t th\u00f3i quen ng\u01b0\u1eddi d\u00f9ng \u0111\u1ea7y r\u1ee7i ro. Ng\u01b0\u1ee3c l\u1ea1i, <strong>Single Sign-On<\/strong> l\u00e0 m\u1ed9t gi\u1ea3i ph\u00e1p k\u1ef9 thu\u1eadt, n\u01a1i th\u00f4ng tin x\u00e1c th\u1ef1c \u0111\u01b0\u1ee3c x\u1eed l\u00fd b\u1edfi m\u1ed9t h\u1ec7 th\u1ed1ng tin c\u1eady v\u00e0 c\u1ea5p quy\u1ec1n truy c\u1eadp th\u00f4ng qua c\u00e1c ch\u1ee9ng th\u1ef1c s\u1ed1 (token) b\u1ea3o m\u1eadt.<\/p>\n<p>SSO \u0111\u00f3ng vai tr\u00f2 x\u01b0\u01a1ng s\u1ed1ng trong ki\u1ebfn tr\u00fac Qu\u1ea3n l\u00fd danh t\u00ednh v\u00e0 truy c\u1eadp (IAM \u2013 Identity and Access Management). H\u1ec7 th\u1ed1ng x\u00e1c th\u1ef1c n\u00e0y gi\u00fap b\u1ed9 ph\u1eadn IT ki\u1ec3m so\u00e1t t\u1eadp trung danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng. Khi m\u1ed9t nh\u00e2n vi\u00ean ngh\u1ec9 vi\u1ec7c, qu\u1ea3n tr\u1ecb vi\u00ean ch\u1ec9 c\u1ea7n v\u00f4 hi\u1ec7u h\u00f3a m\u1ed9t t\u00e0i kho\u1ea3n SSO duy nh\u1ea5t thay v\u00ec ph\u1ea3i \u0111i kh\u00f3a t\u00e0i kho\u1ea3n tr\u00ean h\u00e0ng ch\u1ee5c ph\u1ea7n m\u1ec1m kh\u00e1c nhau.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cach-SSO-hoat-dong-nhu-the-nao\"><\/span>C\u00e1ch SSO ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 hi\u1ec3u <strong>SSO ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o<\/strong>, ch\u00fang ta c\u1ea7n n\u1eafm v\u1eefng m\u1ed1i quan h\u1ec7 tin c\u1eady (trust relationship) gi\u1eefa c\u00e1c th\u00e0nh ph\u1ea7n trong h\u1ec7 th\u1ed1ng. Qu\u00e1 tr\u00ecnh n\u00e0y kh\u00f4ng truy\u1ec1n tr\u1ef1c ti\u1ebfp m\u1eadt kh\u1ea9u c\u1ee7a ng\u01b0\u1eddi d\u00f9ng qua l\u1ea1i gi\u1eefa c\u00e1c \u1ee9ng d\u1ee5ng. Thay v\u00e0o \u0111\u00f3, h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng c\u00e1c &#8220;ch\u1ee9ng th\u1ef1c&#8221; \u0111\u1ec3 x\u00e1c nh\u1eadn danh t\u00ednh.<\/p>\n<p>H\u1ec7 th\u1ed1ng SSO bao g\u1ed3m hai th\u00e0nh ph\u1ea7n ch\u00ednh:<\/p>\n<ul>\n<li><strong>Identity Provider (IdP &#8211; Nh\u00e0 cung c\u1ea5p danh t\u00ednh):<\/strong> \u0110\u00e2y l\u00e0 h\u1ec7 th\u1ed1ng l\u01b0u tr\u1eef c\u01a1 s\u1edf d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng v\u00e0 th\u1ef1c hi\u1ec7n vi\u1ec7c x\u00e1c th\u1ef1c. IdP ch\u1ecbu tr\u00e1ch nhi\u1ec7m ki\u1ec3m tra xem &#8220;B\u1ea1n c\u00f3 \u0111\u00fang l\u00e0 ng\u01b0\u1eddi b\u1ea1n khai b\u00e1o kh\u00f4ng?&#8221;. C\u00e1c v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh c\u1ee7a IdP bao g\u1ed3m Google, Microsoft Azure AD, Okta hay OneLogin.<\/li>\n<li><strong>Service Provider (SP &#8211; Nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5):<\/strong> \u0110\u00e2y l\u00e0 \u1ee9ng d\u1ee5ng ho\u1eb7c trang web m\u00e0 ng\u01b0\u1eddi d\u00f9ng mu\u1ed1n truy c\u1eadp, v\u00ed d\u1ee5 nh\u01b0 Slack, Zoom, Salesforce ho\u1eb7c h\u1ec7 th\u1ed1ng ERP n\u1ed9i b\u1ed9. SP tin t\u01b0\u1edfng v\u00e0o k\u1ebft qu\u1ea3 x\u00e1c th\u1ef1c do IdP g\u1eedi \u0111\u1ebfn.<\/li>\n<\/ul>\n<p>Quy tr\u00ecnh x\u00e1c th\u1ef1c di\u1ec5n ra theo c\u00e1c b\u01b0\u1edbc c\u01a1 b\u1ea3n sau:<\/p>\n<ol>\n<li>Ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng (Service Provider).<\/li>\n<li>\u1ee8ng d\u1ee5ng nh\u1eadn th\u1ea5y ng\u01b0\u1eddi d\u00f9ng ch\u01b0a \u0111\u0103ng nh\u1eadp v\u00e0 chuy\u1ec3n h\u01b0\u1edbng (redirect) ng\u01b0\u1eddi d\u00f9ng \u0111\u1ebfn trang c\u1ee7a Identity Provider.<\/li>\n<li>Ng\u01b0\u1eddi d\u00f9ng nh\u1eadp t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u t\u1ea1i trang c\u1ee7a IdP (n\u1ebfu ch\u01b0a c\u00f3 phi\u00ean l\u00e0m vi\u1ec7c t\u1ed3n t\u1ea1i).<\/li>\n<li>IdP x\u00e1c th\u1ef1c th\u00f4ng tin. N\u1ebfu ch\u00ednh x\u00e1c, IdP s\u1ebd t\u1ea1o ra m\u1ed9t m\u00e3 th\u00f4ng b\u00e1o (token) ho\u1eb7c ch\u1ee9ng th\u1ef1c (assertion).<\/li>\n<li>IdP g\u1eedi token n\u00e0y tr\u1edf l\u1ea1i cho Service Provider.<\/li>\n<li>Service Provider nh\u1eadn token, gi\u1ea3i m\u00e3 v\u00e0 ki\u1ec3m tra t\u00ednh h\u1ee3p l\u1ec7. Sau khi x\u00e1c nh\u1eadn, SP cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp v\u00e0o d\u1ecbch v\u1ee5.<\/li>\n<\/ol>\n<p>Trong su\u1ed1t <strong>SSO flow<\/strong> (lu\u1ed3ng ho\u1ea1t \u0111\u1ed9ng c\u1ee7a SSO), m\u1eadt kh\u1ea9u ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn IdP v\u00e0 kh\u00f4ng bao gi\u1edd \u0111\u01b0\u1ee3c chia s\u1ebb v\u1edbi c\u00e1c Service Provider. \u0110i\u1ec1u n\u00e0y t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt v\u00ec gi\u1ea3m thi\u1ec3u s\u1ed1 l\u01b0\u1ee3ng n\u01a1i l\u01b0u tr\u1eef m\u1eadt kh\u1ea9u. Token \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng th\u01b0\u1eddng c\u00f3 th\u1eddi h\u1ea1n (session), cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng di chuy\u1ec3n gi\u1eefa c\u00e1c \u1ee9ng d\u1ee5ng trong m\u1ed9t kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh m\u00e0 kh\u00f4ng b\u1ecb ng\u1eaft qu\u00e3ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-giao-thuc-pho-bien-trong-SSO\"><\/span>C\u00e1c giao th\u1ee9c ph\u1ed5 bi\u1ebfn trong SSO<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00e1c h\u1ec7 th\u1ed1ng IdP v\u00e0 SP c\u1ea7n m\u1ed9t ng\u00f4n ng\u1eef chung \u0111\u1ec3 giao ti\u1ebfp v\u1edbi nhau. Ng\u00f4n ng\u1eef chung n\u00e0y ch\u00ednh l\u00e0 c\u00e1c giao th\u1ee9c x\u00e1c th\u1ef1c. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 ba giao th\u1ee9c ph\u1ed5 bi\u1ebfn nh\u1ea5t hi\u1ec7n nay.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-37066\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-2.jpg\" alt=\"Single Sign-On (SSO) 2\" width=\"750\" height=\"525\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-2.jpg 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-2-300x210.jpg 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"SAML-Security-Assertion-Markup-Language\"><\/span>SAML (Security Assertion Markup Language)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>SAML SSO<\/strong> l\u00e0 m\u1ed9t ti\u00eau chu\u1ea9n m\u1edf l\u00e2u \u0111\u1eddi v\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p truy\u1ec1n th\u1ed1ng. Giao th\u1ee9c n\u00e0y s\u1eed d\u1ee5ng \u0111\u1ecbnh d\u1ea1ng XML \u0111\u1ec3 trao \u0111\u1ed5i d\u1eef li\u1ec7u x\u00e1c th\u1ef1c v\u00e0 \u1ee7y quy\u1ec1n gi\u1eefa Identity Provider v\u00e0 Service Provider.<\/p>\n<p>\u0110\u1eb7c \u0111i\u1ec3m c\u1ee7a <strong>SAML authentication<\/strong> l\u00e0 t\u00ednh b\u1ea3o m\u1eadt cao v\u00e0 kh\u1ea3 n\u0103ng ki\u1ec3m so\u00e1t chi ti\u1ebft. N\u00f3 cho ph\u00e9p doanh nghi\u1ec7p truy\u1ec1n t\u1ea3i kh\u00f4ng ch\u1ec9 th\u00f4ng tin x\u00e1c th\u1ef1c m\u00e0 c\u1ea3 c\u00e1c thu\u1ed9c t\u00ednh c\u1ee7a ng\u01b0\u1eddi d\u00f9ng (nh\u01b0 ph\u00f2ng ban, ch\u1ee9c v\u1ee5) \u0111\u1ec3 \u1ee9ng d\u1ee5ng \u0111\u00edch ph\u00e2n quy\u1ec1n. Tuy nhi\u00ean, do s\u1eed d\u1ee5ng XML n\u00ean c\u00e1c b\u1ea3n tin SAML th\u01b0\u1eddng kh\u00e1 n\u1eb7ng v\u00e0 quy tr\u00ecnh tri\u1ec3n khai c\u00f3 ph\u1ea7n ph\u1ee9c t\u1ea1p h\u01a1n so v\u1edbi c\u00e1c chu\u1ea9n m\u1edbi.<\/p>\n<p>SAML th\u01b0\u1eddng \u0111\u01b0\u1ee3c \u01b0u ti\u00ean s\u1eed d\u1ee5ng cho c\u00e1c \u1ee9ng d\u1ee5ng web doanh nghi\u1ec7p (Enterprise Web Apps) v\u00e0 c\u00e1c h\u1ec7 th\u1ed1ng l\u1edbn y\u00eau c\u1ea7u s\u1ef1 ch\u1eb7t ch\u1ebd trong qu\u1ea3n l\u00fd phi\u00ean l\u00e0m vi\u1ec7c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"OAuth-20\"><\/span>OAuth 2.0<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>OAuth 2.0<\/strong> th\u1ef1c ch\u1ea5t l\u00e0 m\u1ed9t khung <strong>authorization<\/strong> (\u1ee7y quy\u1ec1n) h\u01a1n l\u00e0 m\u1ed9t giao th\u1ee9c x\u00e1c th\u1ef1c thu\u1ea7n t\u00fay. Tuy nhi\u00ean, n\u00f3 \u0111\u00f3ng vai tr\u00f2 n\u1ec1n t\u1ea3ng cho nhi\u1ec1u quy tr\u00ecnh \u0111\u0103ng nh\u1eadp hi\u1ec7n \u0111\u1ea1i. OAuth cho ph\u00e9p m\u1ed9t \u1ee9ng d\u1ee5ng thay m\u1eb7t ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp v\u00e0o t\u00e0i nguy\u00ean tr\u00ean m\u1ed9t \u1ee9ng d\u1ee5ng kh\u00e1c m\u00e0 kh\u00f4ng c\u1ea7n bi\u1ebft m\u1eadt kh\u1ea9u c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<p>M\u1ed9t v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh c\u1ee7a <strong>OAuth SSO<\/strong> l\u00e0 khi \u1ee9ng d\u1ee5ng y\u00eau c\u1ea7u quy\u1ec1n truy c\u1eadp v\u00e0o danh b\u1ea1 Google ho\u1eb7c \u0111\u0103ng b\u00e0i l\u00ean Facebook c\u1ee7a b\u1ea1n. Trong ng\u1eef c\u1ea3nh SSO, OAuth th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng k\u1ebft h\u1ee3p ho\u1eb7c l\u00e0m n\u1ec1n t\u1ea3ng \u0111\u1ec3 x\u00e2y d\u1ef1ng c\u00e1c l\u1edbp x\u00e1c th\u1ef1c kh\u00e1c. OAuth s\u1eed d\u1ee5ng Access Token \u0111\u1ec3 c\u1ea5p quy\u1ec1n, gi\u00fap gi\u1ea3m thi\u1ec3u r\u1ee7i ro l\u1ed9 th\u00f4ng tin \u0111\u0103ng nh\u1eadp g\u1ed1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"OpenID-Connect-OIDC\"><\/span>OpenID Connect (OIDC)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>OpenID Connect<\/strong> l\u00e0 m\u1ed9t l\u1edbp \u0111\u1ecbnh danh \u0111\u01a1n gi\u1ea3n \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng ngay tr\u00ean n\u1ec1n t\u1ea3ng c\u1ee7a giao th\u1ee9c OAuth 2.0. N\u1ebfu OAuth 2.0 chuy\u00ean v\u1ec1 \u1ee7y quy\u1ec1n (cho ph\u00e9p l\u00e0m g\u00ec), th\u00ec OIDC b\u1ed5 sung kh\u1ea3 n\u0103ng x\u00e1c th\u1ef1c (x\u00e1c \u0111\u1ecbnh l\u00e0 ai).<\/p>\n<p><strong>OIDC SSO<\/strong> s\u1eed d\u1ee5ng \u0111\u1ecbnh d\u1ea1ng JSON (JSON Web Token &#8211; JWT) thay v\u00ec XML nh\u01b0 SAML. \u0110i\u1ec1u n\u00e0y gi\u00fap OIDC nh\u1eb9 h\u01a1n, d\u1ec5 x\u1eed l\u00fd h\u01a1n v\u00e0 th\u00e2n thi\u1ec7n v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n. Nh\u1edd c\u1ea5u tr\u00fac g\u1ecdn nh\u1eb9 v\u00e0 kh\u1ea3 n\u0103ng t\u01b0\u01a1ng th\u00edch t\u1ed1t v\u1edbi RESTful API, OIDC \u0111\u00e3 tr\u1edf th\u00e0nh ti\u00eau chu\u1ea9n v\u00e0ng cho c\u00e1c \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng (Mobile Apps) v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng web m\u1ed9t trang (Single Page Applications).<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Loi-ich-cua-SSO-doi-voi-nguoi-dung-va-to-chuc\"><\/span>L\u1ee3i \u00edch c\u1ee7a SSO \u0111\u1ed1i v\u1edbi ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u1ed5 ch\u1ee9c<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c tri\u1ec3n khai <strong>SSO cho doanh nghi\u1ec7p<\/strong> mang l\u1ea1i gi\u00e1 tr\u1ecb k\u00e9p, v\u1eeba t\u1ed1i \u01b0u h\u00f3a v\u1eadn h\u00e0nh cho t\u1ed5 ch\u1ee9c, v\u1eeba n\u00e2ng cao s\u1ef1 h\u00e0i l\u00f2ng cho nh\u00e2n vi\u00ean.<\/p>\n<p>Th\u1ee9 nh\u1ea5t, SSO gi\u1ea3i quy\u1ebft tri\u1ec7t \u0111\u1ec3 v\u1ea5n \u0111\u1ec1 qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u. Ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng c\u00f2n ph\u1ea3i ghi nh\u1edb h\u00e0ng ch\u1ee5c chu\u1ed7i k\u00fd t\u1ef1 ph\u1ee9c t\u1ea1p. \u0110i\u1ec1u n\u00e0y gi\u00fap gi\u1ea3m thi\u1ec3u t\u00ecnh tr\u1ea1ng qu\u00ean m\u1eadt kh\u1ea9u, t\u1eeb \u0111\u00f3 gi\u1ea3m \u0111\u00e1ng k\u1ec3 s\u1ed1 l\u01b0\u1ee3ng y\u00eau c\u1ea7u h\u1ed7 tr\u1ee3 (ticket) g\u1eedi \u0111\u1ebfn b\u1ed9 ph\u1eadn IT \u0111\u1ec3 reset t\u00e0i kho\u1ea3n. Th\u1eddi gian ti\u1ebft ki\u1ec7m \u0111\u01b0\u1ee3c gi\u00fap c\u1ea3 nh\u00e2n vi\u00ean v\u00e0 \u0111\u1ed9i ng\u0169 IT t\u1eadp trung v\u00e0o c\u00e1c c\u00f4ng vi\u1ec7c chuy\u00ean m\u00f4n quan tr\u1ecdng h\u01a1n.<\/p>\n<p>Th\u1ee9 hai, <strong>SSO user experience<\/strong> (tr\u1ea3i nghi\u1ec7m ng\u01b0\u1eddi d\u00f9ng) tr\u1edf n\u00ean li\u1ec1n m\u1ea1ch h\u01a1n bao gi\u1edd h\u1ebft. Nh\u00e2n vi\u00ean c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o email, c\u00f4ng c\u1ee5 chat, h\u1ec7 th\u1ed1ng qu\u1ea3n l\u00fd d\u1ef1 \u00e1n v\u00e0 kho d\u1eef li\u1ec7u ch\u1ec9 v\u1edbi m\u1ed9t l\u1ea7n \u0111\u0103ng nh\u1eadp \u0111\u1ea7u ng\u00e0y. S\u1ef1 thu\u1eadn ti\u1ec7n n\u00e0y gi\u00fap t\u0103ng n\u0103ng su\u1ea5t l\u00e0m vi\u1ec7c v\u00e0 gi\u1ea3m s\u1ef1 \u1ee9c ch\u1ebf khi t\u01b0\u01a1ng t\u00e1c v\u1edbi c\u00f4ng ngh\u1ec7.<\/p>\n<p>Th\u1ee9 ba, SSO h\u1ed7 tr\u1ee3 qu\u1ea3n tr\u1ecb t\u1eadp trung hi\u1ec7u qu\u1ea3. C\u00e1c nh\u00e0 qu\u1ea3n l\u00fd c\u00f3 th\u1ec3 c\u1ea5p quy\u1ec1n ho\u1eb7c thu h\u1ed3i quy\u1ec1n truy c\u1eadp c\u1ee7a m\u1ed9t nh\u00e2n vi\u00ean v\u00e0o to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng ch\u1ec9 b\u1eb1ng v\u00e0i thao t\u00e1c t\u1ea1i IdP. Khi m\u1ed9t nh\u00e2n vi\u00ean r\u1eddi c\u00f4ng ty, r\u1ee7i ro h\u1ecd v\u1eabn c\u00f2n quy\u1ec1n truy c\u1eadp v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng v\u1ec7 tinh \u0111\u01b0\u1ee3c lo\u1ea1i b\u1ecf ho\u00e0n to\u00e0n.<\/p>\n<p>Cu\u1ed1i c\u00f9ng, <strong>l\u1ee3i \u00edch c\u1ee7a SSO<\/strong> c\u00f2n n\u1eb1m \u1edf kh\u00eda c\u1ea1nh b\u1ea3o m\u1eadt. M\u1eb7c d\u00f9 nghe c\u00f3 v\u1ebb ngh\u1ecbch l\u00fd khi gom t\u1ea5t c\u1ea3 v\u00e0o m\u1ed9t ch\u1ed7, nh\u01b0ng SSO khuy\u1ebfn kh\u00edch ng\u01b0\u1eddi d\u00f9ng \u0111\u1eb7t m\u1ed9t m\u1eadt kh\u1ea9u duy nh\u1ea5t \u0111\u1ee7 m\u1ea1nh v\u00e0 ph\u1ee9c t\u1ea1p, thay v\u00ec \u0111\u1eb7t nhi\u1ec1u m\u1eadt kh\u1ea9u y\u1ebfu v\u00e0 d\u1ec5 \u0111o\u00e1n cho t\u1eebng \u1ee9ng d\u1ee5ng ri\u00eang l\u1ebb.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-37067\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-3.jpg\" alt=\"Single Sign-On (SSO) 3\" width=\"750\" height=\"525\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-3.jpg 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-3-300x210.jpg 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Rui-ro-va-han-che-khi-trien-khai-SSO\"><\/span>R\u1ee7i ro v\u00e0 h\u1ea1n ch\u1ebf khi tri\u1ec3n khai SSO<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>B\u00ean c\u1ea1nh nh\u1eefng l\u1ee3i \u00edch r\u00f5 r\u00e0ng, t\u1ed5 ch\u1ee9c c\u1ea7n nh\u00ecn nh\u1eadn kh\u00e1ch quan v\u1ec1 c\u00e1c <strong>nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a SSO<\/strong> \u0111\u1ec3 c\u00f3 ph\u01b0\u01a1ng \u00e1n d\u1ef1 ph\u00f2ng ph\u00f9 h\u1ee3p.<\/p>\n<p>R\u1ee7i ro l\u1edbn nh\u1ea5t c\u1ee7a SSO l\u00e0 t\u1ea1o ra m\u1ed9t &#8220;\u0111i\u1ec3m l\u1ed7i t\u1eadp trung&#8221; (Single Point of Failure). N\u1ebfu k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm \u0111\u01b0\u1ee3c t\u00e0i kho\u1ea3n SSO c\u1ee7a m\u1ed9t ng\u01b0\u1eddi d\u00f9ng, h\u1ecd c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o t\u1ea5t c\u1ea3 c\u00e1c \u1ee9ng d\u1ee5ng m\u00e0 ng\u01b0\u1eddi d\u00f9ng \u0111\u00f3 \u0111\u01b0\u1ee3c c\u1ea5p quy\u1ec1n. \u0110\u00e2y l\u00e0 k\u1ecbch b\u1ea3n &#8220;m\u1ea5t ch\u00eca kh\u00f3a v\u1ea1n n\u0103ng&#8221; nguy hi\u1ec3m \u0111\u1ed1i v\u1edbi d\u1eef li\u1ec7u doanh nghi\u1ec7p. Do \u0111\u00f3, <strong>SSO security<\/strong> lu\u00f4n y\u00eau c\u1ea7u c\u00e1c l\u1edbp b\u1ea3o v\u1ec7 b\u1ed5 sung nghi\u00eam ng\u1eb7t.<\/p>\n<p>M\u1ed9t h\u1ea1n ch\u1ebf kh\u00e1c li\u00ean quan \u0111\u1ebfn t\u00ednh s\u1eb5n s\u00e0ng c\u1ee7a h\u1ec7 th\u1ed1ng. N\u1ebfu h\u1ec7 th\u1ed1ng Identity Provider g\u1eb7p s\u1ef1 c\u1ed1 k\u1ef9 thu\u1eadt ho\u1eb7c b\u1ecb t\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DDoS), to\u00e0n b\u1ed9 ho\u1ea1t \u0111\u1ed9ng \u0111\u0103ng nh\u1eadp v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng li\u00ean k\u1ebft s\u1ebd b\u1ecb t\u00ea li\u1ec7t. Doanh nghi\u1ec7p s\u1ebd kh\u00f4ng th\u1ec3 truy c\u1eadp b\u1ea5t k\u1ef3 c\u00f4ng c\u1ee5 n\u00e0o cho \u0111\u1ebfn khi IdP ho\u1ea1t \u0111\u1ed9ng tr\u1edf l\u1ea1i.<\/p>\n<p>Ngo\u00e0i ra, vi\u1ec7c tri\u1ec3n khai SSO c\u0169ng \u0111\u00f2i h\u1ecfi h\u1ea1 t\u1ea7ng k\u1ef9 thu\u1eadt t\u01b0\u01a1ng th\u00edch. Kh\u00f4ng ph\u1ea3i t\u1ea5t c\u1ea3 c\u00e1c \u1ee9ng d\u1ee5ng c\u0169 (legacy apps) \u0111\u1ec1u h\u1ed7 tr\u1ee3 c\u00e1c chu\u1ea9n nh\u01b0 SAML hay OIDC. Vi\u1ec7c t\u00edch h\u1ee3p c\u00e1c \u1ee9ng d\u1ee5ng n\u00e0y v\u00e0o h\u1ec7 sinh th\u00e1i SSO c\u00f3 th\u1ec3 t\u1ed1n k\u00e9m chi ph\u00ed v\u00e0 c\u00f4ng s\u1ee9c t\u00f9y ch\u1ec9nh.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSO-va-MFA-khac-nhau-nhu-the-nao\"><\/span>SSO v\u00e0 MFA kh\u00e1c nhau nh\u01b0 th\u1ebf n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Nhi\u1ec1u ng\u01b0\u1eddi th\u01b0\u1eddng nh\u1ea7m l\u1eabn ho\u1eb7c b\u0103n kho\u0103n v\u1ec1 m\u1ed1i quan h\u1ec7 gi\u1eefa <strong>SSO v\u00e0 MFA<\/strong>. Th\u1ef1c t\u1ebf, \u0111\u00e2y l\u00e0 hai kh\u00e1i ni\u1ec7m b\u1ed5 tr\u1ee3 cho nhau ch\u1ee9 kh\u00f4ng ph\u1ea3i l\u00e0 s\u1ef1 l\u1ef1a ch\u1ecdn lo\u1ea1i tr\u1eeb.<\/p>\n<p>SSO (Single Sign-On) gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1 v\u1ec1 <em>s\u1ef1 ti\u1ec7n l\u1ee3i<\/em> v\u00e0 <em>quy tr\u00ecnh<\/em> \u0111\u0103ng nh\u1eadp. M\u1ee5c ti\u00eau c\u1ee7a SSO l\u00e0 gi\u1ea3m s\u1ed1 l\u1ea7n ng\u01b0\u1eddi d\u00f9ng ph\u1ea3i nh\u1eadp th\u00f4ng tin x\u00e1c th\u1ef1c. Trong khi \u0111\u00f3, MFA (Multi-Factor Authentication &#8211; X\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1) gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1 v\u1ec1 <em>\u0111\u1ed9 m\u1ea1nh<\/em> c\u1ee7a l\u1edbp b\u1ea3o m\u1eadt. M\u1ee5c ti\u00eau c\u1ee7a MFA l\u00e0 y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng ch\u1ee9ng minh danh t\u00ednh qua nhi\u1ec1u b\u01b0\u1edbc (m\u1eadt kh\u1ea9u, m\u00e3 OTP, sinh tr\u1eafc h\u1ecdc).<\/p>\n<p>Trong <strong>SSO vs MFA<\/strong>, s\u1ef1 k\u1ebft h\u1ee3p gi\u1eefa hai c\u00f4ng ngh\u1ec7 n\u00e0y l\u00e0 ti\u00eau chu\u1ea9n v\u00e0ng c\u1ee7a b\u1ea3o m\u1eadt hi\u1ec7n \u0111\u1ea1i. V\u00ec SSO t\u1ea1o ra r\u1ee7i ro t\u1eadp trung (m\u1ed9t kh\u00f3a m\u1edf m\u1ecdi c\u1eeda), n\u00ean vi\u1ec7c \u00e1p d\u1ee5ng <strong>x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1<\/strong> cho t\u00e0i kho\u1ea3n SSO l\u00e0 b\u1eaft bu\u1ed9c. Khi \u0111\u00f3, ngay c\u1ea3 khi hacker \u0111\u00e1nh c\u1eafp \u0111\u01b0\u1ee3c m\u1eadt kh\u1ea9u, h\u1ecd v\u1eabn kh\u00f4ng th\u1ec3 v\u01b0\u1ee3t qua l\u1edbp b\u1ea3o m\u1eadt th\u1ee9 hai \u0111\u1ec3 truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ung-dung-thuc-te-cua-SSO-trong-he-thong-CNTT\"><\/span>\u1ee8ng d\u1ee5ng th\u1ef1c t\u1ebf c\u1ee7a SSO trong h\u1ec7 th\u1ed1ng CNTT<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>\u1ee8ng d\u1ee5ng SSO<\/strong> hi\u1ec7n di\u1ec7n r\u1ed9ng r\u00e3i t\u1eeb c\u00e1c t\u1eadp \u0111o\u00e0n \u0111a qu\u1ed1c gia \u0111\u1ebfn c\u00e1c doanh nghi\u1ec7p v\u1eeba v\u00e0 nh\u1ecf, v\u00e0 c\u1ea3 trong tr\u1ea3i nghi\u1ec7m ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n h\u00e0ng ng\u00e0y.<\/p>\n<p>Trong m\u00f4i tr\u01b0\u1eddng <strong>SSO doanh nghi\u1ec7p<\/strong>, nh\u00e2n vi\u00ean th\u01b0\u1eddng \u0111\u0103ng nh\u1eadp v\u00e0o m\u00e1y t\u00ednh b\u1eb1ng t\u00e0i kho\u1ea3n Active Directory. Sau \u0111\u00f3, h\u1ecd c\u00f3 th\u1ec3 m\u1edf tr\u00ecnh duy\u1ec7t v\u00e0 truy c\u1eadp ngay v\u00e0o h\u1ec7 th\u1ed1ng Email Exchange, ph\u1ea7n m\u1ec1m k\u1ebf to\u00e1n, v\u00e0 c\u1ed5ng th\u00f4ng tin n\u1ed9i b\u1ed9 m\u00e0 kh\u00f4ng c\u1ea7n nh\u1eadp l\u1ea1i m\u1eadt kh\u1ea9u. \u0110i\u1ec1u n\u00e0y t\u1ea1o n\u00ean m\u00f4i tr\u01b0\u1eddng l\u00e0m vi\u1ec7c s\u1ed1 th\u1ed1ng nh\u1ea5t.<\/p>\n<p>Tr\u00ean c\u00e1c n\u1ec1n t\u1ea3ng <strong>SSO cloud<\/strong> v\u00e0 SaaS, c\u01a1 ch\u1ebf n\u00e0y c\u00e0ng tr\u1edf n\u00ean quan tr\u1ecdng. C\u00e1c nh\u00e0 qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng th\u01b0\u1eddng xuy\u00ean ph\u1ea3i l\u00e0m vi\u1ec7c v\u1edbi nhi\u1ec1u c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd server, hosting v\u00e0 d\u1ecbch v\u1ee5 \u0111\u00e1m m\u00e2y kh\u00e1c nhau. C\u00e1c \u0111\u01a1n v\u1ecb cung c\u1ea5p gi\u1ea3i ph\u00e1p h\u1ea1 t\u1ea7ng uy t\u00edn nh\u01b0 <strong>InterData<\/strong> c\u0169ng th\u01b0\u1eddng xuy\u00ean t\u01b0 v\u1ea5n v\u00e0 h\u1ed7 tr\u1ee3 kh\u00e1ch h\u00e0ng t\u00edch h\u1ee3p c\u00e1c c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c b\u1ea3o m\u1eadt ho\u1eb7c s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 qu\u1ea3n tr\u1ecb t\u1eadp trung. Vi\u1ec7c n\u00e0y gi\u00fap kh\u00e1ch h\u00e0ng qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean m\u00e1y ch\u1ee7 v\u00e0 d\u1eef li\u1ec7u m\u1ed9t c\u00e1ch an to\u00e0n, tr\u00e1nh vi\u1ec7c th\u1ea5t tho\u00e1t th\u00f4ng tin \u0111\u0103ng nh\u1eadp quan tr\u1ecdng.<\/p>\n<p>Ngo\u00e0i ra, c\u00e1c h\u1ec7 sinh th\u00e1i s\u1ea3n ph\u1ea9m ti\u00eau d\u00f9ng nh\u01b0 Google hay Apple c\u0169ng l\u00e0 v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh. B\u1ea1n \u0111\u0103ng nh\u1eadp m\u1ed9t l\u1ea7n v\u00e0o Gmail v\u00e0 c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng YouTube, Maps, Photos v\u00e0 Drive ngay l\u1eadp t\u1ee9c. \u0110\u00e2y ch\u00ednh l\u00e0 minh ch\u1ee9ng r\u00f5 nh\u1ea5t cho s\u1ef1 ti\u1ec7n l\u1ee3i m\u00e0 SSO mang l\u1ea1i.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-37068\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-4.jpg\" alt=\"Single Sign-On (SSO) 4\" width=\"750\" height=\"525\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-4.jpg 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/12\/Single-Sign-On-SSO-4-300x210.jpg 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Khi-nao-nen-trien-khai-SSO\"><\/span>Khi n\u00e0o n\u00ean tri\u1ec3n khai SSO?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c quy\u1ebft \u0111\u1ecbnh <strong>tri\u1ec3n khai SSO<\/strong> c\u1ea7n d\u1ef1a tr\u00ean s\u1ef1 \u0111\u00e1nh gi\u00e1 k\u1ef9 l\u01b0\u1ee1ng v\u1ec1 nhu c\u1ea7u v\u00e0 quy m\u00f4 c\u1ee7a t\u1ed5 ch\u1ee9c. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 nh\u1eefng d\u1ea5u hi\u1ec7u cho th\u1ea5y doanh nghi\u1ec7p n\u00ean \u00e1p d\u1ee5ng SSO:<\/p>\n<ul>\n<li><strong>Quy m\u00f4 ng\u01b0\u1eddi d\u00f9ng l\u1edbn:<\/strong> Khi s\u1ed1 l\u01b0\u1ee3ng nh\u00e2n vi\u00ean t\u0103ng l\u00ean, vi\u1ec7c qu\u1ea3n l\u00fd t\u00e0i kho\u1ea3n th\u1ee7 c\u00f4ng tr\u1edf n\u00ean kh\u00f4ng kh\u1ea3 thi v\u00e0 d\u1ec5 x\u1ea3y ra sai s\u00f3t.<\/li>\n<li><strong>S\u1eed d\u1ee5ng nhi\u1ec1u \u1ee9ng d\u1ee5ng ph\u00e2n t\u00e1n:<\/strong> N\u1ebfu doanh nghi\u1ec7p s\u1eed d\u1ee5ng k\u1ebft h\u1ee3p nhi\u1ec1u \u1ee9ng d\u1ee5ng SaaS (nh\u01b0 Slack, Zoom, Salesforce, Office 365), <strong>SSO cho h\u1ec7 th\u1ed1ng l\u1edbn<\/strong> l\u00e0 gi\u1ea3i ph\u00e1p c\u1ea7n thi\u1ebft \u0111\u1ec3 k\u1ebft n\u1ed1i ch\u00fang.<\/li>\n<li><strong>Y\u00eau c\u1ea7u tu\u00e2n th\u1ee7 b\u1ea3o m\u1eadt cao:<\/strong> C\u00e1c ti\u00eau chu\u1ea9n nh\u01b0 ISO 27001, PCI-DSS th\u01b0\u1eddng y\u00eau c\u1ea7u ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd quy\u1ec1n truy c\u1eadp v\u00e0 nh\u1eadt k\u00fd \u0111\u0103ng nh\u1eadp. SSO cung c\u1ea5p kh\u1ea3 n\u0103ng audit (ki\u1ec3m to\u00e1n) t\u1eadp trung gi\u00fap \u0111\u00e1p \u1ee9ng c\u00e1c ti\u00eau chu\u1ea9n n\u00e0y d\u1ec5 d\u00e0ng h\u01a1n.<\/li>\n<li><strong>B\u1ed9 ph\u1eadn IT qu\u00e1 t\u1ea3i:<\/strong> N\u1ebfu \u0111\u1ed9i ng\u0169 IT d\u00e0nh qu\u00e1 nhi\u1ec1u th\u1eddi gian ch\u1ec9 \u0111\u1ec3 c\u1ea5p l\u1ea1i m\u1eadt kh\u1ea9u cho nh\u00e2n vi\u00ean, \u0111\u00e2y l\u00e0 l\u00fac <strong>khi n\u00e0o d\u00f9ng SSO<\/strong> tr\u1edf th\u00e0nh c\u00e2u tr\u1ea3 l\u1eddi h\u1ee3p l\u00fd \u0111\u1ec3 gi\u1ea3i ph\u00f3ng ngu\u1ed3n l\u1ef1c.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Tong-ket-%E2%80%93-Co-nen-su-dung-SSO-khong\"><\/span>T\u1ed5ng k\u1ebft \u2013 C\u00f3 n\u00ean s\u1eed d\u1ee5ng SSO kh\u00f4ng?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>Single Sign-On<\/strong> kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t xu h\u01b0\u1edbng c\u00f4ng ngh\u1ec7 m\u00e0 \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed9t ph\u1ea7n thi\u1ebft y\u1ebfu trong chi\u1ebfn l\u01b0\u1ee3c an ninh m\u1ea1ng v\u00e0 chuy\u1ec3n \u0111\u1ed5i s\u1ed1. V\u1edbi kh\u1ea3 n\u0103ng c\u00e2n b\u1eb1ng gi\u1eefa b\u1ea3o m\u1eadt v\u00e0 tr\u1ea3i nghi\u1ec7m ng\u01b0\u1eddi d\u00f9ng, SSO gi\u00fap doanh nghi\u1ec7p v\u1eadn h\u00e0nh tr\u01a1n tru v\u00e0 an to\u00e0n h\u01a1n.<\/p>\n<p>Tuy nhi\u00ean, <strong>c\u00f3 n\u00ean d\u00f9ng SSO<\/strong> hay kh\u00f4ng c\u00f2n ph\u1ee5 thu\u1ed9c v\u00e0o kh\u1ea3 n\u0103ng tri\u1ec3n khai \u0111\u1ed3ng b\u1ed9 v\u00e0 ng\u00e2n s\u00e1ch c\u1ee7a t\u1ed5 ch\u1ee9c. SSO kh\u00f4ng ph\u1ea3i l\u00e0 gi\u1ea3i ph\u00e1p &#8220;c\u00e0i \u0111\u1eb7t r\u1ed3i qu\u00ean&#8221;. N\u00f3 c\u1ea7n \u0111\u01b0\u1ee3c gi\u00e1m s\u00e1t li\u00ean t\u1ee5c v\u00e0 ph\u1ea3i \u0111\u01b0\u1ee3c k\u1ebft h\u1ee3p v\u1edbi c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd kh\u00e1c nh\u01b0 MFA \u0111\u1ec3 ph\u00e1t huy t\u1ed1i \u0111a hi\u1ec7u qu\u1ea3. M\u1ed9t c\u00e1i nh\u00ecn <strong>t\u1ed5ng quan SSO<\/strong> \u0111\u00fang \u0111\u1eafn s\u1ebd gi\u00fap ng\u01b0\u1eddi ra quy\u1ebft \u0111\u1ecbnh l\u1ef1a ch\u1ecdn \u0111\u01b0\u1ee3c m\u00f4 h\u00ecnh ph\u00f9 h\u1ee3p nh\u1ea5t cho h\u1ec7 th\u1ed1ng c\u1ee7a m\u00ecnh.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ng\u01b0\u1eddi d\u00f9ng trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p hi\u1ec7n nay th\u01b0\u1eddng xuy\u00ean \u0111\u1ed1i m\u1eb7t v\u1edbi t\u00ecnh tr\u1ea1ng qu\u00e1 t\u1ea3i th\u00f4ng tin \u0111\u0103ng nh\u1eadp. M\u1ed9t nh\u00e2n vi\u00ean v\u0103n ph\u00f2ng trung b\u00ecnh ph\u1ea3i qu\u1ea3n l\u00fd v\u00e0 ghi nh\u1edb t\u1eeb 10 \u0111\u1ebfn 20 m\u1eadt kh\u1ea9u kh\u00e1c nhau cho c\u00e1c \u1ee9ng d\u1ee5ng nh\u01b0 email, ph\u1ea7n m\u1ec1m qu\u1ea3n l\u00fd d\u1ef1 \u00e1n,<\/p>\n","protected":false},"author":2,"featured_media":37069,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-37061","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/37061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=37061"}],"version-history":[{"count":2,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/37061\/revisions"}],"predecessor-version":[{"id":37071,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/37061\/revisions\/37071"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/37069"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=37061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=37061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=37061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}