Anyone who has used websites that require user information has seen the sign in with Facebook or sign in with Google buttons. These are called single sign-on buttons and the provider is an Identity Provider (IDP). We’re going to give you an introduction into identity providers by answering some of the most common questions about identity providers:
- What is an Identity Provider?
- Why do I need an Identity Provider?
- What are the benefits of using an Identity Provider?
- When should I use a Custom built or SaaS Identity Provider?
- How do Identity Providers Work?
What is an Identity Provider?
An IDP is a trusted third party provider that provides personal information to a less well known company. They are typically major tech organisations like Google, Microsoft, and Facebook. They provide the ability for a single sign on feature that allows the user to share their information with a company without having to have separate log-in information. This is considered a technology best practice because it limits the number of places that a user has shared sensitive information.
Why do I need an IDP? What are the benefits of using an Identity Provider?
As an organisation there are a variety of reasons you need an IDP including:
- Build Trust
- Security Protocols
- Reduce Support Requests
- Better UX
- Reduce Liability.
- Higher Profit
Build Trust– This builds trust because you have obviously taken the time to comply with the trusted organisation’s terms of use at least enough to implement SSO.
Security Protocols– When seeking certification for security protocols many require the ability to prove that all identifying information has been removed. This obligations falls on the Identity Provider because they are the one who has collected the personal information.
Reduce Support Requests– Many support requests are users forgetting their password, some sites claim up to 20% of support requests are for forgotten passwords. Using an IDP or SSO removes the need for multiple passwords, which reduces the likelihood of forgetting your password. Depending on the way the IDP is used, you may not need a password at all. In addition, the support requests for password changes would go the the IDP as opposed to your organisation.
Better UX- The User Experience is better with SSO because it is a familiar process that is easy for the user to navigate that filling out all their information for every site they use.
Reduced Liability– If a cyber security attack occurs because of the IDP, they hold the liability. This can save substantial money should a lawsuit occur due to a security breach.
Higher Profit- The combination of reduced support request, better UX, and Reduced Liability are sure to help you save money and generate more profit assuming everything else stays the same.
When should I use a Custom built vs SaaS Identity Provider?
SaaS identity providers are best for when the database is going to be connected to a third party database. This is because others own the resources and therefore you should try to set up your system where you can limit your liability.
Custom built Identity Providers are best when using your own database or when the cost of a SaaS provider becomes prohibitive. Because SaaS providers charge a per user fee, organisations that have many users may be able to reduce expenses using a custom solution.
How does SSO Function from a user standpoint?
An IDP starts by asking you to sign in see screenshot below.
I chose to use google as my SSO, so a popup occurs that redirects to Google. It looks similar to the image below. On this page you select which account to use and then you can start using the original site. The next time you come back, you don’t have to remember your log in information. You just repeat and are good to go.
I went and edited some information in my profile and then signed out. After I sign back in, all the information is there.
I hope covering these frequently asked questions has helped you better understand Identity Providers and how they can help your business. If you have any questions or need help with the programming contact team@flyingdonkey.com.au.
Cheers!
