Reward Gateway supports logging in directly, using Social Sign On (via Facebook, Google, LinkedIn and Twitter) and Single Sign On with SAML (using Microsoft Active Directory etc.). Each of these sources is known as an identity provider and they can all interoperate to create a login solution unique to the employer and their employees.
What is the benefit of using multiple identity providers?
Put simply, convenience. In a mobile world, employees' expectations of accessing their engagement platform have changed and we want to support our clients in making it as easy as possible, whilst still secure, for their employees.
By offering a range of providers, the hassle of 'signing up' or logging in to their account is eliminated by:
- Using Active Directory when signed-on to the work network while allowing an email address and password to be used at home.
- Letting people link their account to, for example, use their Linked In profile and click once to sign-in anywhere they are logged in to Linked In.
How are these identity providers combined?
Reward Gateway keeps the unique ID for each account separate from the ID provided by each identity provider. This is known as the registration criteria.
When employees log in from a new identity provider, we either ask them to register or to provide us with their payroll number again (a short, one-time process.) In some cases, if the identity provider is giving us a verified e-mail address, we'll use this to link the account automatically.
The client's access control and management of who has access to the engagement platform still only relies on the first ID.
Deciding which identity providers to allow
It's useful to keep the following questions in mind when thinking about this (and getting IT and Security departments involved, too):
- If you're wanting to introduce Single Sign On with SAML, can people log in to the portal from work only? Do they need to go through a lot of steps at home (if they even can)?
- If you're thinking of using Social Sign On, what is your companies appetite for using social media in the workplace? It is possible or are these sites blocked?
- If you want to use email address and password login only, are you requiring people to use work email addresses that they can't check externally? Do you want people to have to remember/manage another login?
Why is Social Sign On a good option?
The use of social networking within work environments is a hotly contested topic and we don't want to weigh-in on the pros and cons to your organization. Instead, focusing just on the login element of the platform, using these can save your end users significant time and shortens the registration process substantially. This leads to higher engagement but is ultimately your decision.
We will never post content to your employees' profiles and make this commitment highly visible on the home screen.
The security of each method is independent, but the same checks and audit trails about where people are accessing the site from, what device is being used etc. cover them.