We’ve all had terrible login experiences. You sign into an app, only to realise you have to log in again to access another system on the same journey, and often supply personal data that you’ve already supplied. It’s frustrating, and doesn’t exactly create a positive impression of the brand – especially as sign up/login is right at the start of the user journey, setting the tone for the continued experience.

Clunky customer experiences lead to abandoned service sign ups, fewer returning users, fewer word of mouth recommendations, and – perhaps worst of all – security risks. When access to a service is complex, users tend to cut corners when it comes to credential management. For example, they may reuse a common password out of “credential fatigue” – a practice that risks data breaches when hackers try credential stuffing. Not to mention the security risks that come from internal workforce inefficiencies when managing several accounts/data silos per user.

It is a far more user friendly and secure experience for users when you offer one simple login to your organisation’s apps and services. The options within this area are varied, and will be tailored to your systems and requirements, but a great place to start is single sign-on (SSO).

One login with single sign-on (SSO)

Users want simplicity when it comes to access to your services. Single sign-on is key to achieving it. SSO lets your users log in once to authenticate to all permitted services and apps. This means that moving between different services is transparent, without the need to have multiple accounts and credentials, or input the same data multiple times.

Single sign-on also means single sign-out. Once the user has logged out, or had their account revoked, you don’t need to worry about forgotten access/logged in sessions presenting a security risk.

Customising SSO

You might be thinking that SSO sounds simple enough, but what about your unique (sometimes complex) business requirements. Can SSO still simplify your user journey?

Perhaps you have some of your services based on external systems. In these cases, Federation allows single sign-on between two security domains, so you can still reap the benefits of SSO.

Perhaps some of your systems contain more sensitive data than others. You might want to have more assurance over the identity of the user for these areas – likely requiring multi-factor authentication (MFA) – but without requiring this step for more basic services. A great solution to these cases is Step-up Authentication – still using SSO with your usual level of authentication, then asking for further verification only when the user is accessing the more sensitive system(s) or completing a higher risk transaction.

Perhaps you have the same users accessing your systems in different contexts – e.g. as a private individual, but also in their work role. With the right identity solution, you can choose to authorise one account to have different permissions depending on the context in which they are accessing the account. For example, where a user may have permission to purchase something on their own behalf, they may not on behalf of their company. So, again, you can still take advantage of SSO and only requiring one account per user.

How to implement SSO

SSO is an Identity and Access Management (IAM) staple capability, and can usually be implemented quickly and easily – particularly when installed as part of a SaaS or hybrid cloud/on-premises IAM solution.

Many organisations who are looking to simplify their user journey get started with SSO from an IAM solution stack, which gives them the option to add on further functionality when required. For example, if the user base grows or needs become more complex later on, additional capabilities from the IAM solution stack may be added on. The key here is to choose a flexible solution that will evolve with your business.

Find out how other organisations have used Ubisecure IAM for SSO and beyond in our customer case studies.