It used to be the case that computer users only ever needed to log on to one or two different systems while at work. Today, it’s usually many more. This creates challenges for employees – and for businesses. Firstly, it’s frustrating. Each new login takes time and means managing a plethora of different user names and passwords; often with different rules and expiry dates. If passwords are long or complicated, they are easy to forget or mistype, so there is a danger of getting locked out – and all of the hassle that involves. Secondly, it’s not secure. Since it’s difficult to remember multiple passwords, we write them down and store them in insecure places, or use the same credentials across multiple system. If one system is compromised, others may be at risk too.
Single Sign-On (SSO) is an approach that lets companies manage employee logins in a way that’s good for the user and good for the security of the business. At its most simple, it allows users to log in just once in order to gain entry into several applications.
Single Sign-On in Cezanne OnDemand
With the latest release of Cezanne’s HR software, we’ve extended support for Single Sign-On to include SAML 2.0 (Security Assertion Markup Language). SAML is a widely used standard that allows applications to exchange user authentication and authorisation data securely.
IT can now configure Cezanne OnDemand to use the same credentials as other business applications that make use of the SAML protocol, such as Microsoft Active Directory or Salesforce CRM. This means, for example, that once an employee has logged into their company network using Active Directory, they can go straight into Cezanne OnDemand without having to retype their credentials.
There’s also the option to decide where to direct users when they log off – perhaps to your company intranet. It’s a much more seamless – and secure – experience. Customers can still continue to use other authentication options available with Cezanne OnDemand. This includes being able to make use of Google, Microsoft Live and Twitter authentication, as well as ‘out of the box’ support for Open ID.
For more information, please contact us.