What is Single Sign-On and how it helps businesses build bridges

What is the total number of accounts or passwords an average person has? Different studies give varying numbers but the average of the average is more than 10. Another study found an average person operates 26 different online accounts. Assuming each account correspond to a different password (although practically people repeat passwords), that’s an awfully high number of passwords to remember. And so people forget and are locked out of some account each day causing further trouble and unnecessary waste of time. Single Sign-On was conceived as a cure for this condition but over time has matured into a security solution linking multiple accounts in the same domain and thereby centralizing security. Equally importantly, it also improves the customer experience for consumers accessing business websites by providing seamless navigation through different web properties. Read further about the basics and benefits of Single Sign-On.

Most businesses today have multiple websites or web applications under their domain and customers tend to use all of them. For instance, if a media house has three different websites, one for general news, one for sports news and another serving entertainment news representing three different newspapers under one umbrella publication, To ask a reader to login again to access the entertainment news site when he or she is already logged into the general news site would make it an annoying experience. Even if the reader is compelled to do so, there is high probability the reader might forget the second or third password considering one in three persons are plagued by password fatigue. But with self managed password recovery options, this is not as much a problem as is that of a poor customer experience and removable roadblocks in seamless navigation across properties.

A login is an imperative part of online business transactions and relationship building because it helps identify the customer businesses can’t see directly. But it is also one of the most irritating roadblocks for customers themselves. Placement of the same roadblock multiple times only compounds the effect. Single Sign-On, as the name also suggests, helps cure this problem by providing a one login-one session-multiple properties solution. Essentially it allows customers to login once and gain automatic access to all the allied web properties without requiring to login again. Consequently, one sign out from any website or application results in the complete session termination. The idea of Single Sign-On essentially is to remove login roadblocks and provide for a frictionless customer experience while maintaining optimum security levels.

Single Sign-On has been around for a long time and like any other technology, it has also evolved with time and is now gaining widespread acceptance precisely because of the change in the paradigms introduced by the Web economy. Single Sign-On’s rise has coincided with the increasing need for ultimate customer experiences. Single Sign-On basically works by automating the login process. Though to a customer, it can appear as if he or she is directly signed in, contrarily, sign in does take place but is hidden from the eye of the customer and is undertaken by the Single Sign-On client on behalf of the customer. The following is the flow of a Single Sign-On enabled login process:

• Customer accesses Single Sign-On website and requests for login and authorization.

• The Single Sign-On solution intercepts this request and checks if there is an active session. In other words, it checks if the customer is logged into any of the other allied websites.

• If yes, the Single Sign-On solution enters the customer credentials on his or her behalf and logs him or her into the requested website or application. All further login requests (till session termination) will follow the same step.

• If not, the customer is directed to the login page for entry of credentials or rather for first time login. An active session is then created.

• A logout on any one of the websites or applications in access would mean a Single Log-Off from all properties and termination of the session.

Like most other software solutions, it would be a mistake to assume that the same Single Sign-On solution is universally valid and fit to be implemented in any environment. Different varieties of Single Sign-On differ vastly in implementation though they have the same aims. This can be explored in more detail.

Enterprise Single Sign-On

Enterprise Single Sign-On is fundamentally different from the Single Sign-On use case

explained above. It is essentially limited to an enterprise wide implementation and not beyond that. Basically, it just involves the installation of an SSO agent on every workstation which functions locally and automates the login process for the user. A prerequisite for Single Sign-On to work here is that the access request must come from a registered workstation only.

Web Single Sign-On

This is the most widespread implementation of Single Sign-On. Quite obviously, an enterprise SSO solution can’t be translated to a general consumer facing business intended for use by its customers. There is no local installation of the SSO agent on the client terminal considering the customers are distributed and can seek access from anywhere around the globe. The use case described in earlier sections is how an instance of Web Single Sign-On generally works. The only prerequisite for web Single Sign-On to function is that the subsequent access requests from the customer should be from the same terminal and the same browser. A login request from a different browser or a different computer will be treated as a different session.

Mobile Single Sign-On

Mobile Single Sign-On is typically the same as Web Single Sign-On except that it is an SSO implementation in a mobile environment like a customer accessing the same resources as earlier but from mobile device. More on this in the following sections.

Businesses have customers transacting with them from different parts of the world typically through browsers or mobile devices and apps on them. For a unified customer experience, it is essential that customers are prepared for all these scenarios are buy a solution that can handle consumers using desktop browsers or mobile apps alike. A typical Web SSO solution is built around the Security Assertion Markup Language (SAML). But the only issue with SAML is that it would recognize mobile devices as desktop browsers only but which potentially reduce the customer experience quality. SSO solutions covering mobile apps are generally using the OAuth standard which recognizes mobile devices and mobile apps separately alongside the regular SAML which also potentially important uses even in a mobile environment.

“What can Single Sign-On do for my business?” is a common question facing many businesses. Most importantly, it helps provide a unified customer experience for customers and thereby creating the maintenance of a continuity in experience. Going back to the newspaper publication instance, not only would be independent login systems be irritating for customers, so would the independent recognition by each website be an irritant despite the three of them being from the same family. The customer expects that different arms of a single business talk and correspond with each other and exchange information they have. The customer expects to be recognized as one single and same person by all three properties which means the business must have a single top view of the customer. Any changes made by the customer on one web property should reflect in the others. For instance, if a customer wants to view the list of stories he or she has read over the last week, a request for same on one website shouldn’t be different from the one on another. Each website should ideally return the same response (of course in a segregated way). A change in customer profile information on one website should reflect on all the others too. A single view of the customer is a critical milestone on the way to a unified customer experience.