Why you should be using one solution for IdP, SP & SSO
Posted 2 months ago
IdP, SP SSO: another 3 wonderful acronyms that are part of any ID (Identity) management or Identity Access Management (AIM) speak. If you are new to Identity management…and to save you reaching for your Acronym app: they stand for Identity Provider, Service Provider and Single Sign-on. However, they are central in the Identity Management strategy. They represent three of the core functionalities that are required in every effective and future proofed implementation.
One of the issues and complexities is that these elements and indeed requirements, often translate into multiple services and software solutions implemented to support every aspect; thus increasing the complexity and the cost of the solution and its implementation.
What other issues can multiple solutions cause?
As well as the overall cost of separate solutions, organisations also need to consider multiple maintenance and running costs.
More often than not, piecing together a solution from different providers and systems doesn’t satisfy 100% of the organisations needs and leads to ‘non’ user-friendly workflows and fragmented processes.
Should we just build our own IDAM solution?
The same applies when deploying a single solution that is designed around its own company’s concept of Identity and Access Management and not defined specifically around the customers’ culture, methodology, rules and processes. So, either way it’s a no win? Particularly given it appears as though, to meet complex processes and the customer’s unique requirements…no single system addresses the complete application range or complex role definitions and requirements.
So what is the solution?
As customers, we want productised, ease of install and product priced options that deal with but don’t match our complexity or uniqueness. Our customers needed to define roles that stretched any definition of Identity management. Individuals may have 5 roles in the organisation and work across different sites and geographical boundaries. Their permissions and access to information and applications was thus defined, with differing security credentials and to complete the picture…they sometimes had or used different names.
Such complexity seemed like a good place to start in our continual development of our Able+ Cloud solution where Single Sign-On and central content and app access has featured for so long.
Make it configurable and anything’s possible!
Able+ Cloud with its flexible configuration, is based on micro services. It contains all of these IdP, SP and SSO functionalities and offers the possibility to configure them to the exact needs and requirements of the organisation. Identity and access cannot be solved with an ‘out-of-the-box’ solution.
So an IAM or IDAM solution needs to be built around the core of the business identity and be flexible enough to provide a robust framework that delivers exactly what the organisation needs as well as providing the highest level of security.
The IDP service can support both SAML and OpenID and can be configured to use different backends and/or source of truth. Able+ Cloud can also serve as a source of truth in order to streamline and centralise the ID solution.
SP service supports both SAML and oAuth based protocols and offers the option to be configured as both a direct service provider (so able services can be accessed using an external IDP and/or a federated identity) or also can serve as a Broker/Proxy IDP for solutions that do not support modern SP protocols (SAML and/or oAuth)
And there you have it…
Using these combinations, we set out to provide a complete, configurable SSO solution that adapts and supports the authentication scenarios identified and required within the organisation. All this is delivered within the same solution making it both centrally managed and more cost effective.
The SaaS model of offering also removes the complexity and the costs of traditional on-site solutions normally used to satisfy all the requirements.
So that’s it then. The challenge is to find a single solution not designed for one size nearly or doesn’t fit all. Or developed by a player around its own solution set…doesn’t mix well with their competitor apps or small apps outside of their partnership framework. Find one that molds to your definition of Identity and Access Management rather than bend to the system.
Of course, we might be biased – but we truly believe that Able+ Cloud is everything you need from an IDAM solution. No matter how big, small or complex your IDAM project is – you should be talking to us.
Because everyone’s identity is different.