ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

What is Single Sign-On and how it helps businesses build bridges

Updated on March 9, 2016

What is the total number of accounts or passwords an average person has? Different studies give varying numbers but the average of the average is more than 10. Another study found an average person operates 26 different online accounts. Assuming each account correspond to a different password (although practically people repeat passwords), that’s an awfully high number of passwords to remember. And so people forget and are locked out of some account each day causing further trouble and unnecessary waste of time. Single Sign-On was conceived as a cure for this condition but over time has matured into a security solution linking multiple accounts in the same domain and thereby centralizing security. Equally importantly, it also improves the customer experience for consumers accessing business websites by providing seamless navigation through different web properties. Read further about the basics and benefits of Single Sign-On.

The premise and the poor customer experience

Most businesses today have multiple websites or web applications under their domain and customers tend to use all of them. For instance, if a media house has three different websites, one for general news, one for sports news and another serving entertainment news representing three different newspapers under one umbrella publication, To ask a reader to login again to access the entertainment news site when he or she is already logged into the general news site would make it an annoying experience. Even if the reader is compelled to do so, there is high probability the reader might forget the second or third password considering one in three persons are plagued by password fatigue. But with self managed password recovery options, this is not as much a problem as is that of a poor customer experience and removable roadblocks in seamless navigation across properties.

Providing for smooth movement


A login is an imperative part of online business transactions and relationship building because it helps identify the customer businesses can’t see directly. But it is also one of the most irritating roadblocks for customers themselves. Placement of the same roadblock multiple times only compounds the effect. Single Sign-On, as the name also suggests, helps cure this problem by providing a one login-one session-multiple properties solution. Essentially it allows customers to login once and gain automatic access to all the allied web properties without requiring to login again. Consequently, one sign out from any website or application results in the complete session termination. The idea of Single Sign-On essentially is to remove login roadblocks and provide for a frictionless customer experience while maintaining optimum security levels.

How Single Sign-On works


Single Sign-On has been around for a long time and like any other technology, it has also evolved with time and is now gaining widespread acceptance precisely because of the change in the paradigms introduced by the Web economy. Single Sign-On’s rise has coincided with the increasing need for ultimate customer experiences. Single Sign-On basically works by automating the login process. Though to a customer, it can appear as if he or she is directly signed in, contrarily, sign in does take place but is hidden from the eye of the customer and is undertaken by the Single Sign-On client on behalf of the customer. The following is the flow of a Single Sign-On enabled login process:

  • Customer accesses Single Sign-On website and requests for login and authorization.

  • The Single Sign-On solution intercepts this request and checks if there is an active session. In other words, it checks if the customer is logged into any of the other allied websites.

  • If yes, the Single Sign-On solution enters the customer credentials on his or her behalf and logs him or her into the requested website or application. All further login requests (till session termination) will follow the same step.

  • If not, the customer is directed to the login page for entry of credentials or rather for first time login. An active session is then created.

  • A logout on any one of the websites or applications in access would mean a Single Log-Off from all properties and termination of the session.

There are varieties in Single Sign-On


Like most other software solutions, it would be a mistake to assume that the same Single Sign-On solution is universally valid and fit to be implemented in any environment. Different varieties of Single Sign-On differ vastly in implementation though they have the same aims. This can be explored in more detail.


Enterprise Single Sign-On

Enterprise Single Sign-On is fundamentally different from the Single Sign-On use case

explained above. It is essentially limited to an enterprise wide implementation and not beyond that. Basically, it just involves the installation of an SSO agent on every workstation which functions locally and automates the login process for the user. A prerequisite for Single Sign-On to work here is that the access request must come from a registered workstation only.


Web Single Sign-On

This is the most widespread implementation of Single Sign-On. Quite obviously, an enterprise SSO solution can’t be translated to a general consumer facing business intended for use by its customers. There is no local installation of the SSO agent on the client terminal considering the customers are distributed and can seek access from anywhere around the globe. The use case described in earlier sections is how an instance of Web Single Sign-On generally works. The only prerequisite for web Single Sign-On to function is that the subsequent access requests from the customer should be from the same terminal and the same browser. A login request from a different browser or a different computer will be treated as a different session.


Mobile Single Sign-On

Mobile Single Sign-On is typically the same as Web Single Sign-On except that it is an SSO implementation in a mobile environment like a customer accessing the same resources as earlier but from mobile device. More on this in the following sections.

What consumer facing businesses should get themselves


Businesses have customers transacting with them from different parts of the world typically through browsers or mobile devices and apps on them. For a unified customer experience, it is essential that customers are prepared for all these scenarios are buy a solution that can handle consumers using desktop browsers or mobile apps alike. A typical Web SSO solution is built around the Security Assertion Markup Language (SAML). But the only issue with SAML is that it would recognize mobile devices as desktop browsers only but which potentially reduce the customer experience quality. SSO solutions covering mobile apps are generally using the OAuth standard which recognizes mobile devices and mobile apps separately alongside the regular SAML which also potentially important uses even in a mobile environment.

Finally, what Single Sign-On brings to the table


“What can Single Sign-On do for my business?” is a common question facing many businesses. Most importantly, it helps provide a unified customer experience for customers and thereby creating the maintenance of a continuity in experience. Going back to the newspaper publication instance, not only would be independent login systems be irritating for customers, so would the independent recognition by each website be an irritant despite the three of them being from the same family. The customer expects that different arms of a single business talk and correspond with each other and exchange information they have. The customer expects to be recognized as one single and same person by all three properties which means the business must have a single top view of the customer. Any changes made by the customer on one web property should reflect in the others. For instance, if a customer wants to view the list of stories he or she has read over the last week, a request for same on one website shouldn’t be different from the one on another. Each website should ideally return the same response (of course in a segregated way). A change in customer profile information on one website should reflect on all the others too. A single view of the customer is a critical milestone on the way to a unified customer experience.

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)