Two views of Federation: inside out, and outside in
- by Darin Pendergraft
IDM customers that I speak to have spent a lot of time thinking about enterprise SSO - asking your employees to log in to multiple systems, each with distinct hard to guess (translation: hard to remember) passwords that fit the corporate security policy for length and complexity is a strategy that is just begging for a lot of help-desk password reset calls. So forward thinking organizations have implemented SSO for as many systems as possible.
With the mix of Enterprise Apps moving to the cloud, it makes sense to continue this SSO strategy by Federating with those cloud apps and services. Organizations maintain control, since employee access to the externally hosted apps is provided via the enterprise account. If the employee leaves, their access to the cloud app is terminated when their enterprise account is disabled. The employees don't have to remember another username and password - so life is good.
From the outside in - I am excited about the increasing use of Social Sign-on - or BYOI (Bring your own Identity). The convenience of single-sign on is extended to customers/users/prospects when organizations enable access to business services using a social ID. The last thing I want when visiting a website or blog is to create another account. So using my Google or Twitter ID is a very nice quick way to get access without having to go through a registration process that creates another username/password that I have to try to remember.
The convenience of not having to maintain multiple passwords is obvious, whether you are an employee or customer - and the security benefit of not having lots of passwords to lose or forget is there as well.
Are enterprises allowing employees to use their personal (social) IDs for enterprise apps? Not yet, but we are moving in the right direction, and we will get there some day.