20 Feb · 5 min read
Challenge: Identity management
Solution: Single sign on
User Group: Coporates with internal or external portals
Secure and Convenient
Single sign-on solutions are sometimes criticized for introducing a single point of failure into the authentication process. However, studies have shown, there is different single point of failure, the user. In theory, having many complex passwords that change often is more secure than having a single password that unlocks everything. But in reality only very few people actually make use of multiple complex passwords. With the growing amount of identities over the time, even managing passwords gets challenging. To deal with such situation, some users store passwords in unencrypted files or reuse the same password over and over again. User will generally choose convenience over the security.
However, there is no need to compromise security over convenience, combining SSO with multi-factor authentication is proven remedy.
Our company is security audited and software penetration tested on regular bases. We are confident, that our SSO solution will provide extra level of security within your environment.
No doubt, APIs are the typical entry point to the majority of newly created back-ends. Security is always underpinned by identity and as such, APIs need to know who is accessing them and in what context they are being accessed.
As our solution progressed over the years a variety of techniques to pass authentication or authorisation data have been used. From additional username/password parameters via API keys to OAuth 2.0 based token, we support all the recommended and secure standards and flows.
SSO is capable reaching even beyond your organisation, outside the scope and complexity of managing identities within a workforce or similar closed systems. It covers authorisation and identity management of external users such as customers, consumers or partners.
Such customer oriented solutions are used across a wide array of industries and many sectors benefit from effectively implementing them. The increasing array of online services in all sectors requires from modern systems to support remote identification, online registration, account management, social logins and consent management for data privacy purposes.
Our extensible solution with consent management module is well suited to unify access for your customer base as proven by our existing installations.
Build vs Buy
Most companies do understand that custom building their own software solution can get very expensive and unsustainable over the years even for large software house. If the product is not continuously supported, the solution will quickly become obsolete, especially in security related area. Hence, developing own SSO from scratch is not viable for majority of the companies.
Buying off the shelf product is usually the most affordable option. However, downside of buying such product is that you will get a lot of stuff you do not actually need or know how to use. Since you are buying a generic solution you may have to sacrifice user interface, convenience or corporate identity. There is always considerable amount of configuration with off the shelf solutions and will likely require support to get it up and running. There can be a big learning curve for your team to understand not only the product, but the authorization flows and how to configure and use them.
The third option is to team up with experienced and proven provider of services you seek. We will customize our solution to meet your requirements. Our SSO solution is scalable and extensible and hence stays open for future endeavours whether you choose on-premise or cloud-based installation.
Deployment and installation On-premise
On-premise solution is implemented in your trusted internal space where you have full control over deployment. The solution in this configuration does not even have to have internet access by itself; it can run completely within boundaries of your infrastructure. However maintaining in-house SSO costs more compared to cloud-based version ñ there are hardware, network, deployment and occasional expertise costs to consider.
In the Cloud
SSO and IAM can get complex. Identity as a Service (IDaaS) is the fastest and the simplest way to implement single or multi-tenant Identity-as-a-Service for your web, mobile and desktop applications. SaaS-based product shifts the burden to the provider. Organisation has far fewer worries about deployment, security, configuration and maintaining in-house installation.
Over the years, there have been various levels of legislation compliance required in the area of security and privacy, affecting private and public sectors including telecom, health, banking and financial industries. Such norms demand tighter data management, detailed audit trails, encryption throughout data lifecycles, specific identity proofing, stricter authentication requirements and better designs for accessibility and inclusion. Not to mention, some laws require personal user data to be stored only in the home jurisdiction of the end-user.
Strong authentication with PSD2 and privacy for GDPR
Whether you seek new compliant solution or your products no longer adequately meet such legislations, we are prepared to meet all your requirements with our standardised, secure and well matured solution.
Migration and Data Import
There are many aspects to consider while migrating existing identities or considering merging multiple identity sources to the new SSO solution. If you let our experts analyse your situation, we will provide best solution for your case, whether it will be big bang or phased migration, user-driven federation or directory user mapping.
Big Bang Migration
In big bang migration, the main idea is to extract data from the legacy systems, import them into a new solution and reconfigure all related applications for all users in one go.
Phased migration involves running the two systems (old and new) in parallel, migrating target applications one at a time and decommissioning the old system gradually, until everything is running via the new system.
The basic idea of user-driven federation is to let the end user link existing third-party system credentials to your online service. This allows users to use an authentication method they already own.
Directory User Mapping
Like user-driven federation also directory user mapping offers an automatic account linking based on third party user repository. The user can sign into your service using their existing credentials for different service, such as third party Active Directory or even bank ID, which is gaining popularity since PSD2 was called into the action.
It depends on your requirements, but lately it is more common, that user brings his or her own identity to your service (BYOI). This way, our solution is capable of linking your service with business accounts such as Office 365 or social accounts such as Facebook, Twitter, Google or LinkedIn.