The need for a user to present different identity credentials to log into different systems creates credential management challenges for the enterprise and encourages user behavior that is counterproductive to security. Our SSO and Federated Identity practice engineers solutions for single sign-on (SSO) and federated identity that simplify the log-in process, to the benefit of both enterprises and users.
The need for a user to log in to different applications using different identity credentials means that those credentials also need to be maintained separately for each application. This creates unnecessary expense for the enterprise that provides that application. It is also a nuisance to users, which leads to behavior such as using the same weak password for multiple applications, which weakens enterprise security.
A better solution is to abstract the log-in process from the applications, such that logging on to one enterprise application allows the user to access other applications without the need to log on separately. SSO solutions that provide this functionality are relatively mature, but implementing them can nonetheless be tricky.
More recently, enterprises who cooperate with one another have sought to simplify log-ins by allowing users who have successfully logged on to one enterprise’s applications to transparently re-authenticate to a partner enterprise’s applications. Underlying this technique is the concept of federated identity, in which each enterprise has agreed to recognize the validity of the other’s identity credentials and authentication (log-in) procedures. While not as widespread as SSO solutions, federated identity solutions are also maturing, aided by industry standards for securely issuing and recognizing identity assertions.
Our Single Sign On & Federated Identity practice provides full lifecycle services for SSO and federated identity projects:
Contact us for more information
