SSO (Single Sign-On)

Thursday, 28th May 2020

This is a copy of a post originally posted on my LinkedIn account.

It came to me when I was walking last week that every release at BigChange we launch something really, really cool, and usually there is a story to be told. Normally that story has a similar structure in that we ‘had a problem to be solved’ and ‘a solution’ to it.

My aim is to make you aware of challenges which we were asked to solve by our stakeholders and how we solved them. As these may be things which you or your business come up against on a regular basis.

These posts may be more useful to BigChange customers who are connected with me on LinkedIn, however for those who aren’t customers of ours fear not, there is still something in it for you. Im not a salesman so wont be pressuring you into signing up – promise!

I wont be talking about every feature we include in a release, just one (or possibly two) ‘headline’ features that really jumped out at me.

With that, if you have made it this far and want to learn about how SSO (single sign-on) could save your colleagues from the painful task of remembering different passwords for each system they use (which often then get written on post-it notes), then read on.

A few months ago we were approached by an enterprise level prospect who was interested in our product, but as with all software packages they used (whether SAAS or not) the implemented single sign-on to get users into the software. At the time we didnt, and so that gave us our first ‘problem to be solved’.

SSO (single sign-on) is as its name suggests, is a way of using a single username and password combination to login to more than one service be it an HR system, accounting system, email, CRM or job management system.

It removes the need for each application to have a different password that is often reset at different intervals, a single password is used by all of the services in your organisation.

Only one password to remember problem solved right? Well not quite, you might already be thinking; “But if your HR system gets compromised desnt that mean they can then login to the same users accounting system and email?” – well no, they dont.

The systems which use SSO do not store this password anywhere at all. NEVER EVER!

They have no idea whether its made up of letters, numbers or when it was last reset. It works by getting a ‘token’ saying this user has provided a valid method of authentication and to go ahead and let them in. As a result this ‘single’ password can enhanced by asking for other information the user might know, for example answers to certain questions, their date of birth or a code which is sent to their mobile phone. All administered centraly making it extra secure.

Once the correct answers have been provided a time sensitive ‘handshake’ is performed letting let them in to their email, job management system or HR portal.

It’s similar to a doorman at a club, they have no idea why you have been added to the guest list, and to some extent they dont even care, only that if they get the message to let you in, they let you in. If youre not on the list you arent getting in.

Several technology companies offer this SSO technology which software developers can tap into, however we chose to partner with Okta. Okta offer enterprise levels of encryption to transfer this ‘handshake’, so much so that companies such as Experian, Adobe and Nasdaq all use it to give their teams the benefit of SSO.

We therefore had our ‘problem to solve’ (which is the easy bit), now we just need to find ‘the soltuion’ (the harder bit).

Thankfully we have world class developers, and within a few weeks Hugo had developed an app that was approved by Okta and sits within their store alongside apps developed by Microsoft, Google and AWS.

Our prospect (who turned customer) was able to add this application to their Okta instance within a matter of moments provide access to our platform.

Offboarding a team member should they leave is easy, only the Okta account needs to be deactivated and they lose the ability to get into BigChange and every other system which supports SSO as the handshake can no longer be performed.

Thats it, the end of the first blog – well done for making it this far and I hope you found it useful and informative. I’ll let you be the judge as to whether it was as good as the ones our CEO @Martin writes :).

If you would like any more information on either Okta or BigChange links details are below.

1 Comment

  1. Steven Isaacs

    Great article, very easy to understand and follow, even for someone who knows little about this technology.


Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Future Posts

Subscribe To Future Posts

If you like what you have read, why not subscribe?

You will only receive an email from me when a new post is published.

You have Successfully Subscribed!

Share This