Why The Best SSO Is Not Just SAML Based?
Thinking about life without smartphones is almost impossible these days. Phones are dug too much into everyone’s life that sometimes it gets too overwhelming. Love it hate it but you can ignore the importance of smartphones.
Knowing that smartphones are the best touchpoints for a business, it can be a great bet to focus for marketers. This is also applicable for Single Sign-On
Businesses know that they have to do everything in their power to make sure their customers are satisfied. This is a principle that has withstood the test of time and business paradigm changes. According to analysts from McKinsey and Company, customer satisfaction is about experiences with a business through multiple touchpoints over a period of time.
The digression was required but let’s return to the point of discussion, what is the mobile connect here? Basic Single Sign-On solutions can’t be implemented across all touchpoints. A SAML based Web Single Sign-On can’t be applied to mobile devices. Doing exactly this is the mistake a lot of businesses make and causes them to be vulnerable to becoming providers of a poor and disjointed Customer Experience. Let’s explore Single Sign-On and its implementation on different touchpoints below.
Single Sign-On helps improve Customer Experience
Single Sign-On is pivotal for businesses creating a complete Customer Experience because of its ability to help create a single view of the customer. Single Sign-On is a permeable layer that sits between the customer and every web property, belonging to a business, he or she requests access to. This way the Single Sign-On application has eyes everywhere and this quality is used to create a centralized repository of customer credentials that can be updated and accessed by all the web properties. In this process, the final result is the creation of a single view. Teams from throughout a business view a customer in the same exact way removing disjointed and skewed views. As a result, customers also get the feeling that all the teams across the business know him or her as the same individual. This is a critical step to a great Customer Experience.
Enterprise Single Sign-On is fundamentally different from Web Single Sign-On
it is a common misconception that the only difference between Enterprise Single Single-On and Web Single Sign-On is the environment in which they are deployed to work. Well, that’s a fallacy and if you think you can pick an Enterprise Single Sign-On product and just translate it to Web Single Sign-On, you are deeply mistaken. Enterprise Single Sign-On solutions have an architecture made of agents installed on each of the network’s workstation. Such an architecture is not possible in case of web interface Single Sign-On for obvious reasons.
Web Single Sign-On isn’t the universal solution
If you are looking to implement a Single Sign-On application for your business, a Web Single Sign-On solution would be the obvious choice but not one that is sufficient. Web Single Sign-On solutions are mostly Security Assertion Markup Language (SAML) based which is not enough when you are talking about reaching mobile devices. SAML recognizes every end user as a web browser which might not always work in case of mobile devices since apps have already taken over smartphones. When businesses talk about exploiting the power of the smartphone to reach customers, it is not the browser they are referring to. True, a smartphone browser can help users access the Web on the go but it is still the same as a desktop. Businesses provide improved functionalities through mobile apps and they are not browsers so technically SAML based Single Sign-On solutions won’t be able to provide the best results. And when the best results are not provided, it results in a shaky Customer Experience defeating the entire purpose in one blow.
Finding Single Sign-On for mobile devices
For Single Sign-On to work on mobile apps, they have to use the OAuth 2.0 standard which is app-friendly and defines mobile use cases. This ensures that there are no workarounds needed like in the case with a SAML Single Sign-On implementation on mobile platforms. The purpose here to use a solution that provides a seamless Customer Experience doing away with problems of web browsers and web views since both of these don’t help in providing the ultimate experience when interacting with a business through its mobile app. And since OAuth properly defines and recognizes mobile apps, the Customer Experience when using a Single Sign-On enabled mobile app is not fragmented. Customers won’t have to open browsers to login or worry about logging in again and again because cookies are not stored.
The best SSO uses SAML and OAuth
Businesses aren’t looking for mediocre stopgap arrangements. They are looking for the best solutions to their problems. If Single Sign-On is being employed it has to cover all the touchpoints for the purpose of creating a cumulative Customer Experience across all touchpoints. For instance, think of an e-commerce business with a website and a mobile app. A customer makes a purchase through the website and later tries to check the status of dispatch through the mobile app. If different Single Sign-On solutions are implemented for the two or the Single Sign-On solution in use doesn’t cover either of the two touchpoints, the customer will not be able to view the status of dispatch making the Customer Experience terrible. But then what is the solution?
SAML is a widely accepted and used standard much like HTTP which means it can’t just be discarded. But SAML doesn’t work well on mobile apps. The solution is to use a Single Sign-On implementation that uses both SAML and OAuth. A modern Single Sign-On solution would layer both SAML and OAuth together and create a flow through OAuth is not viewed separately but as any other bookmark.