Reduce interactive user authentication in your applications, whilst still delivering a safe and secure experience, by using Single Sign On (a.k.a. SSO).
Whilst Login will enable access to your applications in a secure and personalized manner, implementing SSO will allow users to do so consistently and with minimal friction.
Hi, I’m Peter Fernandez, and as a CIAM expert, I want to share my experience building modern SSO into the Login process for modern applications.
Log In. Just Once.
SSO works by leveraging an independent IdP — typically via the Browser— which all applications use and trust. When a user goes to log in for the first time, a successful interaction creates a cookie in the context of the IdP. Then, whenever a user is redirected to the IdP for authentication, if there’s already a valid cookie, they’ll simply get redirected back to the application without being prompted for interactive login, providing a seamless authentication experience as your users navigate your apps.
Reduced Interactive Authentication
By deferring to an IdP service that is independent of your applications, SSO significantly reduces interactive authentication. It’s a win-win situation: less user friction means better adoption of your product.
Reduced Development Effort
But that’s not all. By leveraging an independent IdP service, you’re reducing development effort too: one place to QA and test; one place to manage production deployment, and one place to add new CIAM functionality.
Deliver User Consistency
By leveraging an independent IdP, steps can be taken to ensure that user information returned as part of successful authentication, such as the user profile, is consistent, no matter how customers log in to your applications. If you’ve ever used an application where your user preferences seem to change depending on how you log in, then you’ll know exactly how infuriating that can be!
Buy vs DIY
You could build an in-house custom solution yourself…it’s certainly an option. Particularly if you have a team with the time, capacity, knowledge, and expertise to develop SSO; deploy and maintain Attack Protection; leverage OIDC and/or SAML for Authentication, Social and/or (Enterprise) Federation; implement Passwordless, Passkeys and/or MFA, and/or optionally OAuth 2.0 for API Authorization.
The alternative is to integrate with a SaaS solution provided by one of the popular vendors, and the cost of subscribing to one of these typically depends on the features you use and the number of active consumer identities you have.
With vendor-based CIAM the cost is typically associated with the platform hosting the backend service(s) that deliver Authentication, Authorization, Management and Protection from attack. With consumer-oriented software, much of this infrastructure is already in place: cloud-based “compute”, database, network resources, etc. could be a necessity for your solution, and delivering these at scale may be something you also need to do.
Deploying a standards-based open-source DIY solution within your existing infrastructure might provide a more cost-effective approach — delivering secure and robust CIAM without the need to build everything yourself and with the added benefit of more flexibility and control.
Got questions?
Feel free to reach out!
