Search This Blog

Tuesday, April 8, 2008

SaaS Single Sign-On: It's Time for a Lighter Approach

SaaS brings a lot of advantages to businesses - no need to invest in
purchasing and maintaining licenses and infrastructure, and no need
to worry about upgrades and bug fixes. Larger companies, however, face
a major challenge related to user authentication and management. Larger
companies have invested a lot of time and effort in improving user
productivity, compliance and security, and in cutting user management
costs. They have done so using technologies like single sign-on and
centralized user management. SaaS applications are now challenging
those efforts and threatening to bring them back to the situation
where every user has several different usernames and passwords and
the customers have several different user directories to maintain.
Currently there are a few common ways for SaaS providers to give users
single sign-on and/or to let customers use their internal user management
solutions to manage access to the SaaS application: (1) Identity
federation; (2) Delegated authentication; (3) Encrypted links; (4)
User directory synchronization. Identity federation, as a concept,
is exactly what is needed -- SaaS providers can offer customers single
sign-on and automated user management based on current information in
their internal user directory. Identity federation based on SAML,
WS-Federation or ADFS, however, requires each customer to invest in
and roll out software compliant with those technologies... Delegated
authentication provides users single sign-on by using an existing
logon, for instance on a corporate intranet, to generate tokens that
can be used to grant access to a SaaS application. However, delegated
authentication does not bring any help to maintenance of user profiles
and access rights, which still have to be maintained manually in the
application. It also requires time and technical resources by the
customer... Google Analytics, the SaaS application for monitoring web
site usage, offers a different and interesting view to the problem.
Each Analytics customer needs to integrate Analytics with its web site
in order to be able to collect and monitor usage statistics. By
choosing a scripting integration model requiring only a few lines of
JavaScript on the web pages, Google managed to lower the requirements
on the customers' web sites and the technical skills required to do
the integration. As a result, they managed to get hundreds of thousands
of customers in 18 months...

1 comment:

friarminor said...

You are spot on with your post on 'single sign-on', Sajjad!

In fact, we are working on incorporating this on our site: Morphexchange

Do give us a visit and see how our Saas offering is taking shape.