Single Sign-On (SSO) for the SMB

Most people want another password like they want dental work.  They'll get it done, but only because they have to and the pain of not doing the work far outweighs the long term implications.

Having one password for everything has long been a Holy Grail in the technology world.  Large companies have spent small fortunes trying to make this a reality.  And in recent years, at least on the consumer front there has been some progress on the SSO front with Facebook, Yahoo! and OpenID leading the charge.  By which we mean you can use the one set of credentials (your username and password) for many sites.  

For example, Gannett's website for local newspapers (e.g. The Journal News) no longer have their own unique commenting system, they simply use Facebook.  Flickr, the popular photo sharing website (owned by Yahoo!) allows for authentication with not only Yahoo! credentials, but Facebooks and Google as well.  

But most businesses probably do not want to have their security entrusted to a third party that has absolutely zero accountability to them. 

Recently a small crop of companies have been popping up that are making the dream of SSO a reality for companies of all sizes. 

One of those such companies is Okta.

They have over 1,000 websites (read:  cloud-based or SaaS applications) supported with their service, plus Microsoft Active Directory (AD).  So if your company has grown to the point where you have your own server, you can have passwords inside and outside your firewall automatically created and provisioned.  Meaning you create a user in AD, and then automatically their new Salesforce.com credentials are created at the same time.  When they move on, accounts are deprovisioned in the same fashion.

Depending on the features you require, their service runs anywhere from about $1 / user / month to about $10 / user / month. 

The auto-provisioning and deprovisioning is the true time, money and sometime (company) life saver.  With a few clicks all the necessary accounts are created.  And when they leave (especially under "extreme" circumstances), the ability to disable everything in one-shot is not just about saving time, it could be about saving your company's reputation or very existence.  

Posted on December 9, 2011 by Henry Ferlauto and filed under Security and tagged Cloud Facebook Okta Open ID SMB SSO SaaS Single Sign-On Small Business Software as a Service authentication security.