Simplified logins with single sign-on authentication and federated identity verification
As people create a myriad of accounts that require unique credentials for their online activities and have to navigate the workplace with repetitious layers of security, juggling log-in details becomes burdensome. With this problem in mind, single sign-on (SSO) and federated identity verification have found a ready audience from people who wish to condense all their log-in details under one user ID and password across related or unrelated systems and applications to streamline the process, and enterprises seeking reduced attack surfaces and efficiency improvements.
SSO covers the authentication of a person’s digital identity by centralizing multiple, yet related, log-ins and security checks for one domain with one set of credentials. SSO frees the user from having to recall many log-in and password details, which comes with the benefit of expediency, better security, fewer calls to the help desk and improved productivity. Examples of SSO are Google’s universal log-in that encompasses Gmail, YouTube, Google Play and Google Docs, or Microsoft’s Azure Active Directory.
Federated identity verification is the broad umbrella under which SSO lies under. This term refers to the creation of a trusted relationship between distinct organizations and institutions that facilitates a transfer of attributes about the user that allows them to sign on to unrelated systems without having to sign in again. A digital token, or a nugget of authentication information about the user, is shared across those groups and received by verification or delegation methods like OpenID, OAuth, Security Assertion Markup Language (SAML) and Windows Identity Foundation. Like SSO, federated identity verification simplifies log-ins with the same positives.
The two approaches can help reduce credential sprawl, password resets, and through the reduction of credential databases, enterprise liability.
Popular implementations familiar to many consumers include systems that invite users to ‘Sign in with Facebook.’
However, SSO and federated identity verification systems are still vulnerable to hacking attacks which would risk not just one account, but many. To further boost security, companies and governments integrate biometrics into SSO. By using the unique bodily features of the user, it can replace passwords and digital tokens that can be hacked or stolen from a password-based SSO system or become an additional security measure as a part of multi-factor authentication.
To help address these vulnerabilities, biometrics providers like BIO-key and Nomidio have integrated biometric authentication service with federated identity platforms like Azure Active Directory. Hospitals and healthcare providers look to biometrics integrated into SSO to eliminate repetitive levels of log-ins that caused delays in administration and medical service. The UK’s government funded a prototype of a biometric-based SSO to access public services.
Click here for more explainers on concepts in the field of biometrics.