Single-sign-on (SSO)

SSO eliminates the need for users to remember and manage multiple sets of credentials. With just one login, users can seamlessly access multiple applications, significantly reducing the frustration of forgotten passwords and login fatigue.

SSO between multiple applications that you expose for your customers is expected today, but you should also make sure that you support SSO between organisations. Even if you only expose a single application today, you should support SSO between organisations. SSO between organisations is called Federation and lets the users use their existing credentials to access your application(s).

Federation

Federation works by establishing a trust relationship between the different organisations involved, allowing them to share authentication information securely. This is typically done using a common standard for authentication, such as Security Assertion Markup Language (SAML) or OpenID Connect.

Here’s an example of how federation works in practice:

Let’s say you are an employee of Company A and you need to access an application or service provided by Company B. Instead of logging in separately to Company B’s system, you can use your Company A credentials to authenticate yourself through Company A’s SSO system. Company A’s SSO system then sends a SAML or OpenID Connect token to Authway, which confirms that you are authenticated and grants you access to the application or service.

Federation provides a more convenient and secure method of authentication for users, as it eliminates the need for users to remember multiple usernames and passwords and reduces the risk of password reuse or other security issues that may arise from managing multiple sets of credentials.

Enterprise SSO

Many public organisations and also larger private organisations already requires SSO to use your applications, but this will in a near future be a requirement also among small and medium sized businesses. The current state for organisations, where users have custom credentials when using partner or supplier applications, is beyond control and the life cycle to handle new employees, employees that move on or even changing role internally is impossible to handle in a good way without SSO. Therefore this will soon be a requirement for all applications and services that an organisation is dependent upon.

Your applications can be part of the solution by using Authway, instead of being part of the problem. By enabling SSO between organisations there is very good chances that you could increase your business with the organisation by removing all obstacles with managing employee life-time in your applications (services).

Auto-provision permissions and more

SSO is a good step in the right direction, but it will only allow users to use existing credentials and ensuring that they can’t sign-in after leaving the organisation. To really create a smooth experience when using your applications, you also need to remove the need of administrating users and their permissions. Authway have full support for automatically creating the user from the federated single-sign-on (called auto-provision) and the user could be asked for additional information during first sign-in if necessary.

This removes the need to administer users, but we can also do permission synchronization during sign-in. The effect of this is that, after initial configuration, your customers can do all their administration in their home services and it just works when their employees uses your applications. This is a delightful and smooth experience that should be the baseline for all digital interactions between organisations.