Introduction
Single sign-on (SSO) is a technology used to allow secure access to a system without requiring the user to register an additional account with a user ID and password.
We all already have too many user ID's and passwords to remember so using SSO really helps to make life simpler and easier for users. Over 60% of Reward Gateway clients have SSO with another login provider. The technology is robust, easy to use and setup, and it's secure.
Reward Gateway allows SSO from any platform that supports the industry-standard XML-based Security Assertion Markup Language 2.0 (SAML) protocol.
SAML is used for communicating user authentication, entitlement, and attribute information. It was developed and continues to be advanced by the Security Services Technical Committee of the open standards consortium, OASIS (Organization for the Advancement of Structured Information Standards.) It is regarded as the de facto standard protocol for identity management.
Benefits of Single Sign-on
Reduced Administrative Costs
With single sign-on, users only need to memorize a single password to access either network resources or external applications. When accessing Reward Gateway from inside the corporate network, users are logged in seamlessly, without being prompted to enter a username or password. When accessing Reward Gateway from outside the corporate network, the user's corporate network login works to log them in. With fewer passwords to manage, system administrators receive fewer requests to reset forgotten passwords.
Leverage Existing Investment
Many companies use a central Lightweight Directory Access Protocol (LDAP) database to manage user identities. By delegating Reward Gateway authentication to this system, when a user is added to the LDAP system, they can immediately access all resources that Reward Gateway offers.
Time Saving
On average, a user takes five to 20 seconds to log in to an online application; longer if they mistype their username or password and are prompted to reenter them. With single sign-on in place, the need to manually log in to Reward Gateway is avoided. These saved seconds add up to increased productivity.
Increased User Adoption
Due to the convenience of not having to log in, users are more likely to use Reward Gateway on a regular basis. For example, users can send emails that contain links to web pages in Reward Gateway. When the recipients of the email click the links, the corresponding Reward Gateway web page opens automatically.
Increased Security
Any password policies that you have established for your corporate network will also be in effect for Reward Gateway. In addition, sending an authentication credential that is only valid for single use can increase security for users who have access to sensitive data.
Choosing Which Login Source To Enable For SSO
Choosing the right system to sign in with is critical to ensuring that it increases usage of the employee engagement platform. Choosing the wrong system initially can negatively impact usage, sometimes severely.
Here are some useful steps to go through when thinking about enabling SSO with an existing login provider.
Step 1: Consider the Options
Most clients have more options than they initially think. They include:
- An existing or new HR System such as Workday, SAP, or BambooHR
- Payroll system such as ADP or Ceridian
- An existing or new benefits selection system - sometimes called a Flex or flexible benefits system - such as Thomsons or Mercer
- Company intranet
- Google Apps for Business
Step 2: How Will the Program Be Used By Employees?
What will users be doing with their Reward Gateway products? Will they be reading company news, sending social recognition cards, using ad-hoc benefits, sending short notes, searching for an HR file?
On average, how many times a day will the client be doing that? Is it a planned experience, or is it more sporadic?
Step 3: Where Are the Users Going To Be?
Where will employees be signing in to the program from? Will they mostly be doing it at an office desk? Will they be at home or on the road? Will they be doing it from a mobile phone, and if so, will it be a work provided or personal mobile?
In the case of discounts or wellbeing benefits products, will a restaurant or health club catch their eye and trigger an interaction? Will they be already logged into the source SSO system at that point?
Other Considerations
Choosing single sign-on is easy and the answer from our customers is nearly always "Yes, we should do that". Choosing the source system for single sign-on is critical to the success of the Reward Gateway products each client has implemented.
To be successful, clients need to choose a source system that all their users are using on a daily or hourly basis and that they have easy or automatic access to on all the devices that they will be using.
Key features within Reward Gateway's products need almost one-thumb access whilst our clients are walking down the street. If users must log into their program through a cumbersome process that doesn't work flawlessly on a mobile device, then usage and engagement will suffer.
The chart below shows SSO sources chosen across all 1,600+ Reward Gateway clients worldwide:
Availability & Cost
Our single sign-on (SSO) technology is available to all SmartHub customers worldwide at no additional cost.
More Information
For more information, speak to one of our Consultants, Account Managers, or Client Success Managers about SSO.