A very wise man once told me that “Knowledge is King.” In other words, knowledge is power, and the more you know about something the more “power” you will have over it to get the best possible results. No, this man was not my Father. Not that my Father isn’t wise, he could challenge you any day of the week to a lookup using his 2 pound, hard bound Dictionary against your Google skills.
Enough about Pop, what “knowledge” will I be empowering you with today? Let’s consider three varieties of Single Sign-On (SSO), Business to Business (B2B), Business to Customer (B2C), and the ever popular Security Assertion Markup Language (SAML). B2B SSO gives simplified access to your protected resources for you and your business partner’s employees. B2C SSO allows your customers to access your services without the need for multiple login identities and passwords. SAML is more of a transportation layer and really makes it productive/cost efficient to employ SSO. To become more “powerful” with SSO, you may want to consider the following breakdown on these three topics.
Many B2B companies still use only ids and passwords to authenticate their users and furthermore, require a unique set of credentials for each protected application. By deploying a B2B single sign-on system, many advantages and benefits may be realized. Your authentication risk policies will be uniformly applied to all involved parties as well as being able to deploy and enforce stronger authentication when these risks and costs make it necessary. Application developers will be eliminated from the design and the support facet of the system and free them up for more profitable experiences. Having a ubiquitous system in place further lends itself to providing end-to-end audit sessions of all your users. In addition to being able to now provide same day user provisioning, user access can quickly be removed from your applications and resources when their role changes or they are forced to leave the company.
B2C – Auto-filled forms
If your business has a network of sites that consumers can visit, they may be using the built-in auto-filling of forms by their web browser to provide what appears to be a safe SSO experience. But if their machine is left unattended, what’s to keep a different person from taking advantage of the auto-fill feature and accessing your web site as someone they are not. This can be taken as far as bad-intentioned people also gaining access to your valued information like credit card and social security numbers. Let’s also not forget that the auto-filled data can be out-of-date or just plain wrong.
As you may have already inferred, this blog author would recommend not relying on auto-filled forms and put a proper SSO solution in place.
Both the B2B and B2C sections above strongly suggest the need and reasons for employing a strong SSO solution. SAML has been filling this requirement quite effectively and securely for
many years now. More and more Service Providers such as SharePoint, Google Apps, and Blackboard are equipping the authentication alternatives with a SAML implementation. The biggest benefit to using SAML is the widely adopted usage scenarios but one of the most effective mechanisms of SAML is how each individual configuration can specify a different set of attributes surrounding the user, such as:
- business unit
- access rights
Much of that information can be found in, or derived from, the user directory (AD, LDAP etc) of your customer or internal organization. SAML’s job is to get that information for a user who has authenticated against it, and transfer it to the application in a secure way. None of those steps involve rocket science. The trick is of course to do it in a way that requires as little deployment and maintenance work as possible, both from you and from your customers point of view. Offering SAML as a solution allows the use of existing web servers to achieve similar functionality in a less complex way.
What have we learned?
SSO is here to stay, at least for the near future and cannot be overlooked for your B2B needs. This is also true for securing your customer’s access to protected data. SAML has proven itself time and time again as a forerunner in the SSO field and may be something you want to get more “knowledge” about. Single sign-on Password Manager is a good place to continue your quest for more power.