ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Why The Best SSO Is Not Just SAML Based?

Updated on April 12, 2016

Thinking about life without smartphones is almost impossible these days. Phones are dug too much into everyone’s life that sometimes it gets too overwhelming. Love it hate it but you can ignore the importance of smartphones.

Knowing that smartphones are the best touchpoints for a business, it can be a great bet to focus for marketers. This is also applicable for Single Sign-On

Businesses know that they have to do everything in their power to make sure their customers are satisfied. This is a principle that has withstood the test of time and business paradigm changes. According to analysts from McKinsey and Company, customer satisfaction is about experiences with a business through multiple touchpoints over a period of time.

The digression was required but let’s return to the point of discussion, what is the mobile connect here? Basic Single Sign-On solutions can’t be implemented across all touchpoints. A SAML based Web Single Sign-On can’t be applied to mobile devices. Doing exactly this is the mistake a lot of businesses make and causes them to be vulnerable to becoming providers of a poor and disjointed Customer Experience. Let’s explore Single Sign-On and its implementation on different touchpoints below.

Single Sign-On helps improve Customer Experience

Single Sign-On is pivotal for businesses creating a complete Customer Experience because of its ability to help create a single view of the customer. Single Sign-On is a permeable layer that sits between the customer and every web property, belonging to a business, he or she requests access to. This way the Single Sign-On application has eyes everywhere and this quality is used to create a centralized repository of customer credentials that can be updated and accessed by all the web properties. In this process, the final result is the creation of a single view. Teams from throughout a business view a customer in the same exact way removing disjointed and skewed views. As a result, customers also get the feeling that all the teams across the business know him or her as the same individual. This is a critical step to a great Customer Experience.

Enterprise Single Sign-On is fundamentally different from Web Single Sign-On

it is a common misconception that the only difference between Enterprise Single Single-On and Web Single Sign-On is the environment in which they are deployed to work. Well, that’s a fallacy and if you think you can pick an Enterprise Single Sign-On product and just translate it to Web Single Sign-On, you are deeply mistaken. Enterprise Single Sign-On solutions have an architecture made of agents installed on each of the network’s workstation. Such an architecture is not possible in case of web interface Single Sign-On for obvious reasons.

Web Single Sign-On isn’t the universal solution

If you are looking to implement a Single Sign-On application for your business, a Web Single Sign-On solution would be the obvious choice but not one that is sufficient. Web Single Sign-On solutions are mostly Security Assertion Markup Language (SAML) based which is not enough when you are talking about reaching mobile devices. SAML recognizes every end user as a web browser which might not always work in case of mobile devices since apps have already taken over smartphones. When businesses talk about exploiting the power of the smartphone to reach customers, it is not the browser they are referring to. True, a smartphone browser can help users access the Web on the go but it is still the same as a desktop. Businesses provide improved functionalities through mobile apps and they are not browsers so technically SAML based Single Sign-On solutions won’t be able to provide the best results. And when the best results are not provided, it results in a shaky Customer Experience defeating the entire purpose in one blow.

Finding Single Sign-On for mobile devices

For Single Sign-On to work on mobile apps, they have to use the OAuth 2.0 standard which is app-friendly and defines mobile use cases. This ensures that there are no workarounds needed like in the case with a SAML Single Sign-On implementation on mobile platforms. The purpose here to use a solution that provides a seamless Customer Experience doing away with problems of web browsers and web views since both of these don’t help in providing the ultimate experience when interacting with a business through its mobile app. And since OAuth properly defines and recognizes mobile apps, the Customer Experience when using a Single Sign-On enabled mobile app is not fragmented. Customers won’t have to open browsers to login or worry about logging in again and again because cookies are not stored.

The best SSO uses SAML and OAuth

Businesses aren’t looking for mediocre stopgap arrangements. They are looking for the best solutions to their problems. If Single Sign-On is being employed it has to cover all the touchpoints for the purpose of creating a cumulative Customer Experience across all touchpoints. For instance, think of an e-commerce business with a website and a mobile app. A customer makes a purchase through the website and later tries to check the status of dispatch through the mobile app. If different Single Sign-On solutions are implemented for the two or the Single Sign-On solution in use doesn’t cover either of the two touchpoints, the customer will not be able to view the status of dispatch making the Customer Experience terrible. But then what is the solution?

SAML is a widely accepted and used standard much like HTTP which means it can’t just be discarded. But SAML doesn’t work well on mobile apps. The solution is to use a Single Sign-On implementation that uses both SAML and OAuth. A modern Single Sign-On solution would layer both SAML and OAuth together and create a flow through OAuth is not viewed separately but as any other bookmark.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)