Single Sign On (SSO)

I published in July a listing of trends from 2001, here is my first recap.

This trend is certainly becoming reality, and is the most requested feature from our HR clients and the most miss understood. We all know the pain it is to remember multiple passwords, and we have all probably forgotten our far share as well. There are numerous methods to try and combat this problem some people standardise on a single password for all systems, others write them down, some just forget them we all have our own methods. The promise of SSO is that once you have entered your password once you no longer need to enter them again.

There are several approaches that we have taken with clients depending on their IT infrastructure. The first and probably simplest is to try and enable password syncronisation between our system and another, however this does require the systems to either store passwords in plain text (not recommended) or employ the same encryption mechanisms for password comparison not always possible.

The next would be to have, what I call, true SSO, where once the user has entered their password for the computer/network then they have access to the HR systems in the same manner as the user does with Outlook. The down side of this is there is no, explicit authentication on our application. This type of arrangement can be acehvied easily when working in an environment with Windows servers, such as NT, 2000 or 2003. Due to the lack of explicit authentication most clients do not like this approach, understandably.

The third method that is used is via LDAP. LDAP or Lightweight Directory Access Protocol which while allowing us to authenticate the password also provides numerous other features and benefits for organisations. The down side of LDAP is we still need to store the relationship between an employee id/payroll no and the user id used within the organisation. Many times this has not been established and the implementation of a Portal or Employee Self Service application is the catalyst within the organisation. As part of the implementation someone needs to own the relationship between the data elements, the question is should it be HR or IT? In reality it does not matter as long as the relationship is established, and maintained in a timely fashion.

In an early draft of the Cedar/AHRI HR technology survey I was lucky enough to review (no more info, you will have to wait for the survey) also highlighted that this is still a big area of growth and interest.

---