Search Search
Close Search

Federation and SSO with FranceConnect+ and ProConnect

Identity federation and SSO via FranceConnect+, ProConnect, and LemonLDAP::NG centralize authentication, reduce password‑related risks, and improve the user experience while strengthening security and digital sovereignty.

Did you know that the proliferation of identifiers in French companies and government agencies significantly increases security risks while degrading the user experience? A Single Sign-On (SSO) system based on identity federation helps address these vulnerabilities while simplifying access to services.

With FranceConnect+ and ProConnect, you can provide your users with centralized, secure, and compliant authentication. By leveraging open-source technologies like LemonLDAP::NG, combined with LINAGORA’s expertise, you optimize security, usability, and digital sovereignty.

 

What is Federation and SSO?

Identity federation allows a user to authenticate once (SSO) to access multiple related or distributed services without re-entering their credentials. This approach:

  • Reduces password proliferation.
  • Strengthens security through centralized authentication.
  • Enhances user convenience.
  • Facilitates compliance with standards (GDPR, ANSSI, etc.).

With SSO, you minimize attack vectors related to password management while ensuring smooth and secure navigation.

 

Focus on FranceConnect+ and ProConnect

FranceConnect+
A French public platform designed for sensitive services requiring strong authentication (e-banking, medical records, sending registered electronic mail, CPF, etc.). It provides two-factor authentication (via smartphone + secret code), ensuring high security.

ProConnect
A solution dedicated to professional accounts, based on OpenID Connect. It redirects users to an identity provider (IdP) based on their email domain. 
The Authentication Context Class Reference (acr) must be at least "eidas1" to meet security requirements.

 

LemonLDAP::NG: Technical Foundations

LemonLDAP::NG is an open-source platform SSO and identity federation platform, created in 2004 (by the French National Gendarmerie) and actively maintained by LINAGORA. It supports standard protocols: CAS, SAML, OpenID Connect, and offers single authentication with centralized access control.

Key Components:

  • Manager: Administrative interface.
     

  • Portal: User interface and authentication hub.

  • Handlers (reverse proxies): Protect target applications.

     

Technical Details: Integrating FranceConnect+ via OpenID Connect (OIDC)

a) Configuring FranceConnect (and FranceConnect+) with LemonLDAP::NG:

  1. Register via the dedicated form to obtain a client_id and client_secret.
  2. In Manager, add an OpenID Connect provider using the provided metadata (issuer, authorization, token, userinfo, logout endpoints).
  3. Configure the scope based on the attributes (pivot identity) to retrieve, then enter client_id and client_secret in the options.

b) Configuring ProConnect:

  1. Declare LemonLDAP::NG as an identity provider (IdP), specifying email domains, client ID, secret, and OIDC metadata.
  2. In LemonLDAP::NG, configure the relying party with:
    • ID/secret
    • Redirect URIs
    • Exported attributes (email, uid, given_name, usual_name, siret, organizational_unit, etc.).
  3. Signatures: Recommended algorithms are RS256 or ES256 (HS256 is possible but not advised).
  4. The acr must be "eidas1" to comply with required authentication levels.

 

Technical Advantages of LemonLDAP::NG (Open Source)

  • Enhanced Security: Reduces single points of entry, supports multi-factor authentication, and targets vulnerabilities.
  • Seamless Experience: Transparent SSO, dynamic menu, auto-account creation, and password reset.
  • Centralization: Single console for managing identities and sessions, with GDPR-compliant logging.
  • Technical Flexibility: Supports various backends (LDAP, SQL, NoSQL), standard protocols (CAS, SAML, OpenID Connect), and reverse proxy.
  • Collaborative Innovation: Regular updates, support for WebAuthn, RBA, CrowdSec, and adaptive modules.
  • Proven Credibility: Used in government ministries, awarded by OW2, with long-term support from LINAGORA.

 

Why Trust LINAGORA?

  • Official expert in LemonLDAP::NG, providing technical support, training, and long-term maintenance.
  • In-depth knowledge of French government systems and regulatory requirements.
  • Continuous development, including critical vulnerability management (e.g., latest version 2.19.2 with fixes).
  • Ability to integrate strategic projects within the framework of digital sovereignty.

 

Combine simplicity, security, and digital sovereignty today

Contact our experts to integrate SSO with FranceConnect+, ProConnect via LemonLDAP::NG, and benefit from comprehensive support—audit, deployment, maintenance, and training.

 

FAQ

What is required to implement SSO with LemonLDAP::NG?

A web server (Apache/Nginx), a database or backend (LDAP, SQL, etc.), and access to the Manager interface.

Can any company use FranceConnect+?

No. FranceConnect+ is reserved for regulated services requiring strong authentication (banking, medical, CPF).

Is LemonLDAP::NG GDPR-compliant and secure?

Yes. Detailed logs, controls, adaptive modules, and regular updates by LINAGORA ensure full and continuous compliance.

Are these solutions GDPR-compliant?

Yes, the solutions integrated by LINAGORA comply with European and French data protection requirements.

 

Conclusion

Identity federation and SSO via FranceConnect+, ProConnect, and LemonLDAP::NG are essential tools for modernizing your digital access.
Take action now: Request a demo or a personalized study to secure your services while streamlining operational management.

Other Services

See all services View all
Consulting and expertise in open source infrastructure

Consulting and expertise in open source infrastructure

LINAGORA offers Open Source services to design, deploy, and maintain flexible and sovereign infrastructures, reducing costs while enhancing security and autonomy for organizations.

Read more
Infrastructure as a Service (IaaS): Network, Servers, OS, Storage

Infrastructure as a Service (IaaS): Network, Servers, OS, Storage

The Open Source IaaS delivers a flexible, secure, and sovereign cloud infrastructure, cutting costs and eliminating reliance on proprietary solutions. LINAGORA assists companies in designing, deploying, and supporting customized, sustainable environments.

Read more
Container Management and Orchestration

Container Management and Orchestration

The Open Source container management and orchestration with Kubernetes and Docker provides businesses with agility, security, and cost reduction. LINAGORA supports the implementation, automation, and ongoing support of sovereign, scalable containerized infrastructures.

Read more
Platform as a Service (PaaS): Middleware & Runtime

Platform as a Service (PaaS): Middleware & Runtime

Open‑source PaaS platforms simplify application deployment by outsourcing the underlying infrastructure while reducing costs and accelerating time‑to‑market. LINAGORA offers solutions that integrate Tomcat, Apache, and Nginx, complemented by dedicated support and performance optimization.

Read more
System Monitoring

System Monitoring

LINAGORA offers system monitoring based on open source, providing real‑time visibility, customized alerts and cost reduction while ensuring security, flexibility and digital sovereignty.

Read more
Identity & Access Management (IAM)

Identity & Access Management (IAM)

Open‑source identity and access management enables the centralization and securitization of user permissions while reducing costs. With LinID, OpenLDAP and LemonLDAP, it provides flexibility, SSO and full control over data.

Read more