Providing single sign on and single sign off functionality will enable users to easily move around an array of integrated Service Providers, such as a community, while enjoying full access and functionality granted to their (online) identities.
At the same time, SSO enables you as the governing organization hosting the SSO module, also called Identity Provider, to manage your users in a central location, saving time and costs of administration.
This central database enables organizations to have direct control over users’ characteristics, permissions and behavioral data, acquired across a series of applications. This is true for “My Acme”-type customer environments, usually provided by commercial organizations to facilitate self-service to consumers, but also for third parties such as social networks, acting as a hub for the users which it identifies.
The positive characteristics of an SSO-enabled series of integrated applications don’t stop at benefits involving efficiency. Often cited advantages cover areas of user experience, community integrations, information security, customer service, segmentation and data profiling as well. Let’s have a quick look.
The amount of time saved spending re-entering passwords for the same identity is easy to imagine. But the implications this has for the user are more far-reaching. While having registered once at the Identity Provider, customers using SSO do not need to exchange information like their email address and customer number multiple times in order to get accounts for each Service Provider, including the community. If verifiable customer data such as customer or telephone number are involved while setting up a user profile, the Identity Provider has the advantage of verifying this immediately in the back office. And when logging in using social media, even the profile picture gets adopted automatically into a community avatar, saved with their account.
Regardless of the type of SSO authentication mechanism used, the inSided platform will trust the Identity Provider in having verified all email addresses already. This effectively means that those users do not need to receive and respond to additional confirmation emails, to activate their community accounts. This will encourage the usage and boosts activation of web applications such as the online community due to easier access, and help increase customer satisfaction.
Because of the one password needed for authorization, customers also experience less friction in terms of cognitive load, or mental effort. Especially in this day and age where we use many different services online, remembering these details often becomes hard and unreliable. If no SSO solution is provided, this can result in users having trouble logging in to many web applications, by guessing of various username and password combinations, also known as password fatigue. If these users do not succeed in doing so, they either need to retrieve a new password (time-consuming and frustrating experience), contact customer service (also adding up to organizational cost) or give up on the use of the Service Provider altogether (lowers engagement and increased risk of the customer churning).
The inSided community platform allows for deep functional integrations with any digital channel, using the inSided REST API. A popular use case is enabling users to interactively share comments to certain content on the main website, for example a company blog. These comments will automatically be saved within the community, starting new topics based on the blog’s content, reflecting the conversation on both locations in real-time and actively luring additional people to this content. If SSO is in place to authenticate users’ identities, it will be possible to allow for a user-friendly flow in which the user can be already logged in to the website while posting to the community, without additional registration or even authorization. Without having SSO in place, this use case will become more complicated and practically limits certain user behavior and data connectivity.
As SSO Identity Provider must centrally translate and store credentials, while providing authorization and decoupling services for secondary integrated applications, risks involving information security (confidentiality, integrity and availability) are limited to one system only. This drastically eases the technical effort it will require to safely maintain such a system, while also increasing auditing and compliance opportunities. Furthermore, it enables the authorizing system to enforce any password characteristics business rules or identification measures it sees fit, independently from integrated service providers.
Reducing Personal Data Storage
Service Providers using SSO, such as an online community, require only processing and storing the bare user details explicitly necessary to perform certain tasks. This may only be a user’s email address, for sending activity notifications. And depending on community configuration, possibly some other meta information such as place of residency or service level. Most importantly, passwords don’t have to be transferred in any way, neutralizing the risk of high impact personal data loss in the event of a security breach on any of the secondary applications.
One of the business cases making the most use out of SSO is that of providing customer service. Without SSO, customer service agents would have to manually determine if a certain user, having a problem, is already a customer and if so, what is known about his or her case. This could be done using the email address as a unique identifier, provided by the user while having registered on the community, but this will often fail. Email addresses used for both services (commerce and community) can diverge from each other, or another family member could be the one having subscribed, for example. If SSO integration is setup, the unique identifier known for the community user will most often be the CRM customer ID (or “SSO ID”) used within the organization. This will enable company agents to easily and reliably identify community users and recall historical and commercial case details from each customer.
Data Profiling and Segmentation
SSO solutions are great in building a 360° customer view. A logged-in community user who automatically carries its personal meta information regarding CRM details, such as commercial subscriptions, can be exposed to a whole new set of experiences. For example, the community can be configured to have various user roles, or groups, related to possible subscriptions. By automatically placing the user in their appropriate group, dependent business rules can then allow for personalized access to subforums, ranks or badges. This will allow marketers to target certain content towards the user. It can also provide for a fully integrated experience overlapping several channels, for example by awarding the user with relevant gamification perks on the community, based on their purchases made earlier elsewhere within the company. This can be a great commercial differentiator and raise customer satisfaction.