The benefits of supporting OAuth & SAML to utilise other Identity Providers

Single Sign-On (SSO) technologies help to meet everyday user needs by making it easier for end users (from customers and citizens to students and staff and other constituent users) to easily authenticate, and sign-in to access and track secure, highly personalised digital services. This is especially the case where organisations look to provide a true depth in their digital service delivery that can only be realised by implementing a wide range of software products and services to meet the growing demands of digital service consumers.

At the same time, security and identity play a leading role in how services are controlled and delivered by any organisation today, and it’s an area that demands constant attention. Providing central identity control for the ongoing maintenance of user accounts assists in the effective management of day to day processes, such as on-boarding, off-boarding and general identity management practices such as password resets, name changes and so on.

JADU works in Higher Education in the US, where SSO and identity provision are the mainstay, must-have technologies across the institution. Universities and Colleges manage authentication and identity centrally for their staff and students accessing multiple systems so they only need to remember a single set of credentials. Solutions such as Shibboleth, CAS (Central Authentication Service) and ADFS (Active Directory Federation Services) are now ubiquitous across the higher education space.

In the UK, whilst GOV.UK Verify has made some progress to centralise identity and the verification of this, the delivery of citizen authenticated services is largely being handled by suppliers with the foresight to see how important it is. 

For SSO to truly work for an organisation today, we think that adopting a standards based approach and ensuring our customers are not bound to any one specific portal technology for identity management provision, is key to meeting this need.

The JADU CXM service currently provides a framework for allowing the authentication of a registered user account and sharing necessary account details with integrated 3rd party provider systems using OAuth2 and OpenID Connect (OIDC) protocols. 

We worked with Northgate Public Services for instance on delivering OAuth2/OIDC based SSO with their suite of Citizen Access portal products. This means that citizens using services through the JADU MyAccount only have to sign in once with a single set of account credentials. After that, accessing personal self-service data is much easier. 

We've also worked with our users, including Scottish Borders Council to integrate the Scottish Improvement Service’s mygovscot myaccount solution, so that a Scottish citizen’s central identity record can be used to authenticate into the council's own website MyAccount to utilise their digital services.

So what is SAML? A small animal? 

SAML (Security Assertion Markup Language) is an open standard that allows identity providers to securely authenticate users and share attributes of their identity with third party service providers from a centrally managed account.

One of the areas of development inside our product teams right now is the introduction of support for SAML to facilitate the use of other identity providers that provide support for SAML (similar to the principles of what has been delivered with the mygovscot myaccount integration to date).

We initially plan to introduce SAML into the JADU CXM service and, as user needs become clearer through iterative roll out and testing, extend the framework across the rest of the JADU platform. 

What all this jargon means for the end user is that they can use one set of credentials to log-in once, and be able to access many linked websites, portals and third party applications - making life easier. For example, a citizen could check their council tax balance, manage their car parking account and more, just by signing in with their Google account.

This will start to take on real value with the roll-out of new technologies, such as our work with Amazon Lex and AWS Virtual Contact Centre. With our US customers really driving the needs around central identity management, we’re focused on ensuring we deliver a framework built on interoperability standards and, once other identity and verification platforms deliver and potentially become mainstream, we should be more than ready. 

If your organisation uses CXM, watch out for more updates and demos as we deliver SAML based integrated services.