Knowledge
The Unicorns
Language
The password chaos is caused by the use of many online services with separate accounts, which often leads to weak or repeated passwords. One solution offers single sign-on (SSO), which enables a consistent user experience through a single account. It allows seamless integration of third-party providers, without logging in again, and enables granular rights management. Login data is managed centrally, and services only receive temporary tokens, which increases security.
In our daily work, we use a variety of different online tools for smaller and larger tasks. With one account for at least the ticket system, the company chat, the video conferencing solution and version management for software development projects or specialist applications, this is account chaos pre-programmed. For convenience, users with numerous independent accounts and logins quickly tend to choose weak passwords or even reuse passwords.
If I offer my customers several independent applications on one platform, such as a shop and a support site, but which do not use the same account and different login details, password chaos is even more inevitable.
Especially as a platform operator, the implementation of a central login provider offers numerous advantages. The biggest difference from a user perspective is obvious: The user experience appears consistent and seamless. Users only need one account for all services on the platform and (hopefully) use a single but strong password.
In recent years, single sign-on (SSO) has emerged as a widespread solution, both in private and business contexts. Everyone will quickly think of at least a handful of websites in a private context that support logging in via Google or Facebook. In the private sector, OpenID Connect (OIDC, based on OAuth) is mostly used, and in an enterprise context, the Security Assertion Markup Language (SAML) is often still traditionally used.
The seamless integration of third-party providers makes it possible to switch between different services without logging in or registering again. This includes the following functions offered externally and internally:
There is a conceptual separation between authentication (Who is the user?) and authorization (What can the user do?) instead of. Among other things, this enables granular rights management, which allows you to define exactly which information a service provider has access to (e-mail, location, customer number...) and which functionalities can be used by users.
To increase security, user access data is managed exclusively on the central login provider. Service providers only receive short-term “tokens”, which are regularly renewed.
The extension is flexible because each new application is configured as a separate client at the login provider and can therefore usually be connected without programming and with little effort.
