Single sign-on, or SSO, allows your members – and really anyone who has an online account with you – to avoid keeping track of multiple usernames, passwords, permissions, and roles. One login gives them access to all your connected digital components they have rights to access. It also allows you to manage who has access to what. Restricted board content, digital downloads, personalized recommendations. SSO opens the door to the experience your member is often already getting in their daily life.
If you are a member, you do not care that the association provides benefits from different platforms and likely don’t notice SSO details until they are absent. You just want to use the tools that make your association membership worthwhile without having to type a new password at each step.
If you are an administrator, or IT professional, SSO and how it is implemented matters a great deal. The technical differences between identity, authentication, and SSO are the subjects of many books, but for the sake of this article, let’s just say they are security technologies that allow the real member to work in your systems securely without infecting you or each other. They achieve this by understanding who is at the keyboard and what they can do automatically without asking the user for more information. While there are nuances between identity management, authentication, and SSO, for now, we’ll talk broadly about secure member access to your content and their data.
Do I know you? What are you allowed to do? Hey job board this is “Jeff”, he is good to go, Hey Breezio this is “Jeff” he is a board member, Everyone…. “Nancy” just got hacked, kick her out of every system now!
Security has come a long way. Things like PII, PCI, and GDPR weren’t on our radar when we first started asking members to log into our websites. Whether asking them to update their mailing address or find the agenda for the board meeting, we had rudimentary safety precautions around our login information – at least by today’s standards.
Today, storing usernames and passwords in your AMS puts you – and your member – at risk. I’m sure your General Counsel has thoughts on the liability risks of a password solution that doesn’t live up to today’s standards. During the pandemic, the FBI reported a 300% increase in the number of cybercrimes, from about 1,000 cases to between 3,000 and 4,000 cases each day.
Enter Commercial Identity Management. Whether you set your system to timeout after a session or not, knowing that you can confidently rely on the top security in this commercial solution gives you and your leadership peace of mind. It also gives your members not only peace of mind but the ease of use.
- No more remembering multiple passwords for their community and membership and content.
- No more struggling through forget your password steps
- No more disconnected experiences between platforms within your organization
We support almost any Identity management system, but we use and recommend Microsoft Azure B2C for three reasons.
- It is ultra-reliable, Azure Active Directory has an SLA of 99.9%. Service reliability and availability is one of the top considerations for our customers in choosing an Identity and Access Management solution. With Azure AD being the largest enterprise cloud identity service, reliability and security of service is a top priority for Microsoft.
- It protects you and your members from dangerous hackers
- It is free till you hit 50000 authentications a month and after that, it’s incredibly affordable
AzureB2C understands volume with a trillion security transactions a day. It facilitates identity verification and proofing by collecting user data, then passing it to third-party systems to perform validation, trust scoring, and approval for user account creation. It knows if Grandma’s computer is hacked, and it knows that George the member cannot be in San Francisco and a coffee shop in Lagos at the same hour.
AzureB2C allows you to set up your SSO connection to your other systems such as a job board or community site in an hour or so. AzureB2C allows you to control the authentication, including letting your members use Facebook, LinkedIn, or their email to log in. AzureB2C knows if it is the member’s computer at their office or house and logs them in automatically. You decide how loose or tight you want the controls to be and how long you want to trust the member.
AzureB2C has all the “Register” and “I forgot” login built-in. You are out of that business and now your staff can focus more on creative pursuits to push your mission forward, rather than the clerical issues of identity management.
In this day and age, any Web or AMS project should include commercial identity management. It benefits us, it benefits you, and most importantly, it benefits your members.