Single Sign-On (SSO) is a powerful tool that enhances user convenience and security. It allows users to log in to their Identity provider (usually an internal intranet system or a standardized IDP such as Okta or Azure) using their work credentials one time and gain access to multiple systems without needing to log in again for each one. SSO is an important feature for any online store that wants to provide a seamless and secure experience to its customers or employees. It enhances ease of use for the end users, while can improve the retention rate of your client.
What is Single Sign-On (SSO)
SSO (Single-Sign-On) is a system that simplifies authentication processes across multiple platforms by using one set of login credentials (usually their work credentials). The versions of SSO that we accept are:
SAML (Security Assertion Markup Language)
If you would like to integrate a new store to have users sign-in via SAML SSO, please contact our sales team to get this process started. You can reach them by calling 1.800.466.5930 and dial ext. 1 for Sales.
JSON Web Tokens
A JSON SSO creates user accounts via API, generating an authentication token that enables users to sign in without needing to log in manually. This lightweight solution is perfect for modern, API-driven applications and is ideal when SAML is either unavailable or lacks the necessary customization options for the client. Otherwise, using SAML SSO is recommended.
Google SSO
Google provides an OAuth-based SSO solution that enables users to log in using their Google accounts. It's popular due to its ease of use and the widespread adoption of Google accounts. This solution integrates seamlessly with Google Workspace and can be limited to a company's specific domain.
What are the Benefits of SSO's?
- Enhanced security: SAML transfers credentials securely via encrypted tokens
- Streamlined user experience: Users only need to log in once, improving usability and making it much easier to place an order.
- Centralized authentication: Administrators of the company you are working with can manage who has access to your webstore from their system.
- Reduced Troubleshooting: Fewer password resets means less customer service calls
What SSO Packages Do We Offer? (Only Applies to SAML SSO)
Standard SSO
This option covers basic SSO functionality, which is often sufficient for most smaller businesses or straightforward authentication requirements. The most important point to consider here is that you can only bring basic user fields in a Standard SSO. These attributes are
- First name
- Last name
- Username
Advanced SSO (SAML ONLY)
Advanced SSO goes a step further. It can accept all the attributes that a Standard SSO can, but it can also accept additional attributes, such as:
- Groups (for permission purposes)
- Employee ID
- Order Approving Manager
- Account Balance
- So much more!
Additionally, you are able to pre-upload user profiles if you need to by utilizing our “Upload Users” Spreadsheet. This is not possible in a standard SSO.
What Questions Should You Ask Your Client?
When discussing SSO with prospective clients, here are the key questions to ask:
- Which identity provider do you currently use? This helps determine the compatibility of their existing system with your SSO offering (e.g., Google, Okta, Microsoft Azure AD). Also, does your Identity provider support SAML SSOs.
- What user information do you need to pass between the systems? When dealing with SAML, it's essential to know what details the client expects to share via SSO, such as name, email, groups, account balance, etc. This will determine if you need a Standard SAML SSO or Advanced SAML SSO.
- What kind of user experience are you aiming for (SAML SSO Specifically)? Specifically, how will users sign in via SAML SSO? Are you envisioning a sign-in process through an internal intranet, accessible only to authorized users? Alternatively, would you prefer users to log in via a link on the store's website? In technical terms, would you prefer a Service Provider (SP)-initiated or Identity Provider (IDP)-initiated session?
Comments
0 comments
Please sign in to leave a comment.