As part of their digital transformation, companies are increasingly choosing to build digital service environments – from commerce platforms to service and application portals, APIs and apps – from separate components. In addition to added flexibility and time-to-market, it also has consequences for user and role management. Consultant Rudy van Haandel explains what to take into account when selecting a suitable Single Sign-On (SSO) solution.
The shift from monolithic systems and platforms to a landscape with separate best-of-breed services can result in a substantial increase of complexity for end users. The last thing you want is for users to be asked to re-login to each service or component; to be required to come up with a new password and spend unnecessary time using your service, or that they must set up several additional security protocols using SMS tokens, QR-codes or authenticator apps. At the same time, you naturally wish to maintain security, compliance and time-to-market. An increasing landscape which comprises separate services always involves the following question: how do I manage user access and authentication safely and efficiently? Single Sign-On often proves to be the answer.
The reason for deploying a Single Sign-On solution is vital for your decision to opt for it. Each and every company should make simplicity for all users the objective with Identity & Access Management and Single Sign-On, for shop or service end users, as well as development teams, Internet audit and risk officers, etc. The idea is to primarily deploy SSO so each user type can carry out their user tasks efficiently and easily. The meaning of this ‘simplicity’ for all of the different users is the basis of your SSO solution.
It is logical to set up Single Sign-On as a separate service at a central location to correctly design this simplicity. This means that one single service deals with and directs authentication, user roles and user rights. Identity information is saved in this separate service, or connected ‘directory’, and is separate from the rest of the services and components. This has various advantages:
How you decide to deal with this selection process usually also depends on who is asking: the business, or IT. Based on our experiences with SSO implementations, we have drawn up a checklist to provide direction to this approach. Following are the topics to bear in mind: