If you go to work in an office building, you probably need a key, key card or a fingerprint in order to get into the building. That’s normal. But would you also find it normal if you had to use the key or key card each time you entered another room in that office? Or when moving from one desk to another? Of course not. Yet that is what many organizations ask of their customers. Whenever they switch from one application or service to another, consumers have to authenticate again to gain access. Wouldn’t it be better if customers only needed to prove their identity and privileges just once? That’s why Single Sign-on is an essential ingredient to create a great customer experience.
Read on to learn:
When was the last time, customers asked you for Single Sign-on? Chances are no customer will ever ask this. They are not interested in the technicality, but they would very much love to have the functionality. Consumers hate passwords. And they don’t care how your application architecture is set up. Applications work with Unique User Identifiers (UUID) to authorize the user. It would be very user-unfriendly if customers had to authenticate for every separate application they want to access. Imagine an insurance company that offers different types of insurance (life, car, fire, liability, etc.). Once the user has authenticated on the insurance’s website for his life insurance, moving to the car insurance application should be seamless and transparent to the user. What happens in Single Sign-on? SSO can be seen as a ticketing system, which makes a unique key for the user and delivers that key to the different applications that a user wants to access. In the example above, this unique key will ensure the user can go from one insurance application to the next, without having to authenticate again. The Single Sign-on engine has connected the different UUIDs together, using either Oauth or SAML as a protocol.
Using Single Sign-on saves time both for the consumer and for the IT department. As stated earlier in this article, the costumer doesn’t have to key in usernames and passwords over and over again. Not only does this make life easy for them, it also allows them to focus on what they want to do in your application: buy articles from a website, take out a new insurance, make money transfers, etc. You may have noticed that consumers who don’t log into an application regularly don’t even take the trouble to remember passwords. They just do a password reset when they want to visit your website. This may be easier than memorizing passwords, but it does take up valuable time.
If employees are using SSO to move from one application to another, SSO is good for their productivity.
For the IT or support department, Single Sign-on is beneficial too. Helpdesk calls about lost passwords take up a lot of time. According to some surveys, 30% of helpdesk calls concern passwords and password resets.
Connecting UUIDs for different applications based on SAML uses certificates to verify the authentication. This makes Single Sign-on more secure than just using passwords. It is important not to confuse Single Sign-on with password filling. With password filling, a central user database stores your usernames and passwords for your different applications and automatically fills them in when you access the application. This gives the impression that you are using SSO but, in fact, you are not because, with every authentication, the username and password are still sent over the internet to your application. The fact that username and password are filled in automatically, does not make it safer, on the contrary. If the user doesn’t use an automated password generator, your users’ credentials may be available on the dark web, exposed to other applications. And even if a unique password is generated, these credentials are used for every session, and can be stolen through keyboard loggers or phishing techniques. Applications like iCloud Keychain may also give you the impression of SSO, protected by biometrics. However: you are only using fingerprint or face recognition to unlock the Keychain, not to authenticate to an application. You may still be sending usernames and passwords over an insecure channel and exposing yourself to hackers or Man-in-the-Middle attacks. This is not the case when you work with SSO based on certificates.
Using SSO is also safer for an organization that works with outside employees, for instance employees that belong to a project partner or a contractor. These third-party employees gain access to applications using the credentials of their own company and a technique called federated authentication. This makes onboarding these external employees easy and safe: when they leave their company, their credentials will no longer be valid and it will be impossible to access other organizations’ systems using those credentials.
Enterprises in different industries are building digital ecosystems in which they are combining their own services with complementary third-party services. By offering a complete portfolio of services, these companies can cater to the needs of customers and serve as a one-stop-shop. Consumers want convenience and being able to get a full range of services makes life easy for them. We know these ecosystems from travel (where an airline will also offer you hotels, car rental, luggage insurance), from retail banks (who offer mobility services, insurance, etc.), and also from telecom providers, who are now also offering entertainment services or educational services.
When these companies built these digital ecosystems, moving from one service to the other must be as seamless as possible. This is what Single Sign-on delivers. When customers are on their journey through the different applications and services, they don’t have to authenticate for each different application, even if it’s a third-party application. Only digital ecosystems that offer this type of convenience to their customers will flourish in the future.
TrustBuilder helps organizations implement Single Sign-on solutions. SSO is not only one of the key capabilities in our TrustBuilder.io Suite, we also take care of API security when customers move from one application or service to another.
Subscribe
Register for our newsletter and stay updated on IAM and TrustBuilder.
Engage in a chat with our product people to discuss IAM trends and challenges, and our solutions.
Take our Maturity Assessment to find out how you can accelerate your digital transformation.
Experience the power of TrustBuilder.io Suite through a demo, personalized to your challenges.
Visit our offices, send us a mail, call us, or simply fill out a contact form.
