Oauth Workflow | No, Single Sign-On Isn’t Optional in BPM Anymore

SSO allows individual users to use a single set of login credentials to access information across various resources in an enterprise network. SSO is a powerful backend function that provides a seamless front-end experience for the users.

From the IT standpoint, SSO is a must for any business process management tool. Your IT director works hard to ensure that you have a smooth SSO experience to ensure data security and ease of managing user access. For end users, SSO eliminates the frustration of keying in unique credentials every time they log into a portal and their dependency on IT if they get locked out. Business process management tools with SSO capability can easily integrate into an enterprise ecosystem, allowing users to utilize its services with a single click of a button.

Why IT Directors Insist on SSO

Imagine your entire company is going to an amusement park, and the IT director is in charge of tickets. With SSO, the IT director can give a blanket entry pass to everyone so they can get on any ride they want in the park. Without SSO, the IT director has to track and get individual tickets for the wooden roller coaster, the water slide, and every other attraction.

SSO is integral to an enterprise’s user access management because it solves major security and access issues. The SSO capability for a business process management system validates the username and password of the user with an account at a different domain (e.g., Google) in order to allow access to the system.

In the context of business process management solution, the SSO redirects the user to the default page of the BPM suite once the authentication is established.

Using the same username and password for every platform makes users highly prone to data theft and creates a security risk for the IT director. SSO, in contrast, makes use of multi-factor security approaches like verifying an authentication token to allow users into a system.

Singular Signing, Multiple Options

A business process management system may come with one or multiple SSO implementation options – it’s up to your IT department to determine which fits best for managing your enterprise’s access management. A rule of thumb is to ensure that the implementation allows users to uniformly access cloud-based and on-premise resources, based on their original user rights.

When a BPM suite offers hassle-free SSO capabilities, your enterprise IT doesn’t have to worry about user provisioning and identity management for all applications at each instance. Likewise, users without access to your existing set of applications are automatically bounced from the BPM software.

Here is a list of different SSL implementation choices most common in the enterprise circle:

• Federated authentication is an SSO use case that allows a user to access two independent applications through the use of a single set of credentials.
• Security Assertion Markup Language (SAML) implementation employs three parties: a user, an ID provider, and a cloud-application service provider to allow access to the user to the BPM suite after the applications are configured.
• The OpenSSO project offers a powerful yet easy option to implement SSO between legacy software that don’t support SSO natively.
• OAuth is an open standard for authorization that does not deal with authentication, but authorizes third-party applications to fetch a user’s account without exposing their passwords.

A 2014 survey conducted by Cloud Security Alliance with partnership with OneLogin found that 97% of SaaS vendors back SAML-based SSO over others. However, OAuth 2.0 is fast catching up in popularity because of the simple solutions it offers to integrate different applications.

Root For The Best

When shortlisting a business process management system with SSO functionalities, you have a few easy options that are based on the diversity of applications your enterprise runs on. Depending on your company’s application preference or its size, your enterprise can fall into any of these three categories:

• If your company uses G Suite – like many companies do – choose a BPM that comes pre-integrated with SSO capabilities for Google accounts. Google uses OAuth 2.0 for providing secure access to users without displaying their passwords.
• The second largest group of enterprises bank on Office 365 as an alternative to Google Apps. Many business process management tools don’t offer this integration, but there are some who do (like Kissflow Process).
• If your enterprise doesn’t use either of these services, you can choose a third-party vendor who offers active directory service to establish a way to authenticate user identities and centralized access, e.g., OneLogin or Centrify.

Many megacorporations, such as PepsiCo, have such a variety of application portfolios that their SSO requirements hardly fit into the above mentioned categories. Because they need granular control over the SSO experience across their systems, these businesses acquire a customized active directory software from a third-party vendor and host SSO service within the company network. The specialized software is installed on the company resources, and it facilitates integration between existing and future systems that the enterprise might acquire.

Build Your Own Theme Park

The bottomline is, if you are an IT Director, you want to start moving as many applications as possible into your virtual, single access theme park. Any new business process management solution you look for should not be without SSO. If you are an SMB, Insist on a cloud-based, out-of-box SSO implementation with Google and Office 365 by default. Larger enterprises should buy a third-party service and act as the SSO provider.