Single Sign-On with Okta (Michal Woznica, Senior Dev)

Insight

Use your organization’s credentials to log in to AutoloMATE

Managing employees’ accounts across multiple platforms is time-consuming and resource-intensive as each platform requires setting up and maintaining an account for every employee with varying access levels, defining password policies and Multi-Factor Authentication methods.

Every time an employee’s access gets expanded or restricted an administrator needs to log in to each and every affected platform and manage users for that platform in a unique way.

On top of that every administrator and user needs to remember several unique login credentials.

With large organizations, this alone can clog up the in-house IT team, create long support queues and cause simple requests to take days to reach their turn.

There is also a security risk that arises from this. Both administrators and users have to manage multiple sets of unique login credentials for every platform raising users’ cognitive load beyond limit. That may push some to take shortcuts and recycle their passwords verbatim or with an incremental postfix.

There are of course password management software solutions that can generate unique and randomised passwords and store them behind one master password to be remembered but that in turn introduces another software and another set of accounts to manage.

Thankfully, there is a much simpler solution to this problem:

Single Sign-On

Single Sign-On (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

Although that might sound like using the same set of login credentials everywhere, it is far from that. The key difference is that with the SSO approach, the user authenticates with only one system of elevated trust – the Single Sign-On provider. Once logged in, the SSO system in turn certifies to other systems that the user is who they claim to be without sharing their login credentials or personal data.

The other systems then create a unique and anonymised identifier for the user, which allows them to internally store their settings, progress, and platform related data.

You may have already used Single Sign-On without even being aware of it when engaging with Sign in with Google or Sign-in with Facebook dialogs:

Advantages of using Single Sign-On

Beyond the convenience of using one set of credentials, this paradigm also comes with other benefits such as:

Easier platform administration

Using the SSO approach eliminates the need of maintaining and managing multiple elevated permissions accounts across all supported platforms. Instead, one centralized administration panel is used. Through it, designated administrators can set up applications, one for every third party platform they wish to integrate with. In this context applications refer to administrative entities that act as a virtual contract between your organization’s SSO account and third party platform. Applications encapsulate settings, rules and behaviours commonly used to control access.

Independently manage your employees’ access to AutoloMATE

Similarly, you can manage all your users for all your platforms from the single panel. Users can be grouped and assigned individual or group access to specific applications. That in turn controls their access to integrated platforms.

Set your own password policies and multi-factor authentication methods

For each user, group, and/or application, administrators can set individual password policies with granular control over the attributes of passwords to match the organisation’s security specifications.

An example of Password settings:

Similarly, different methods of Multifactor Authentication (MFA) are supported. 

Be in charge of your employees’ data

For each application that you assign users to, you can control the amount of data that your organisation is willing to share with the platform. By default, each platform is given the absolute minimum amount of data needed to perform its functions (i.e. an email address). You can grant more by explicitly setting which personal data belonging to the user the platform can request (e.g. address).

AutoloMATE SSO

In Autolomous we value our customers’ time as much as we value our own. In order to streamline the login process and lower the complexity of managing users, the AutoloMATE platform – following eight successful integrations with external systems – added Single Sign-On to its integration roadmap. In line with the needs of our existing customers, the first SSO supplier we have chosen to integrate with is Okta.

Okta SSO in AutoloMATE®

AutoloMATE seamlessly integrates with Okta through the dedicated authentication widget that communicates securely with your organization’s SSO account. It adapts to policies set in there and funnels users through the authentication process that satisfies your organization’s security and compliance requirements. Once authenticated it certifies users to the AutoloMATE platform which in turn logs them in.

Future SSO roadmap

We are looking to integrate with other Identity Providers that offer the Single Sign-On functionality. These are some of the ones that we are considering:

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft’s enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems.

Google

Google Account SSO enables existing Gmail and Google Workspace users to sign-on to other application integrations.

If you would like to stay up to date with the AutoloMATE® integrations, follow us on LinkedIn, Twitter or email us at collaboration@autolomous.com

About Okta

“Okta, Inc. is a publicly traded identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices. It was founded in 2009 and had its initial public offering in 2017, being valued at over $6 billion.”– Wikipedia