Welcome!

OpenStack Journal Authors: Elizabeth White, ManageEngine IT Matters, Liz McMillan, Pat Romanski, Ed Featherston

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, @BigDataExpo, SDN Journal, OpenStack Journal

@CloudExpo: Article

Three Approaches to Single Sign-On for Cloud Application Providers

Ignore, pretend or do something about it?

Did you know that:

  • Half of paid SaaS customers do not use the application at all
  • Nine out of 10 has left an application when they forgot a password, instead of restoring it
  • Eighty-six percent may leave a web site when asked to sign up
  • Two out of five would rather scrub the toilet than come up with a new password

These figures, based on research from Totango and Janrain in 2012, clearly show that sign-up and sign-on are major issues for any cloud application provider.

If you are providing cloud applications to businesses, single sign-on must at least have been up for discussion. Like with most other challenges, there are three possible approaches you can choose between:

  1. Pretend it is not your problem
  2. Pretend you are doing something about it
  3. Do something about it

Let's look at how your choice affects your business, which after all should be your guiding light.

Pretending it is not your problem
This approach is very popular to any challenge, because you get away without doing anything.

Many application providers decide to outsource management of user accounts and password to the customers. They offer some kind of web based administration interface, which one or more local administrators can use to create new user accounts and keeping old ones up-to-date.

However, this approach has some major drawbacks for your business. According to the research mentioned earlier, sign-up and sign-on are among the most critical processes for any online business. This approach transfers the responsibility for these critical processes to people you have no control over, and who have little or no incentives to support your business.

Pretending you are doing something about it
Another popular approach to any challenge is to pretend to do something about, because then you at least have your own back covered.

Some application providers choose this approach by deciding that they only support standards. The problem is that there are no widely adopted standards in this field. SAML is promoted as an industry standard, but that is of little value when your customers haven't adopted it. According to Eric Olden, one of the fathers of SAML, in an article in Computer Magazine in 2011: "The problem with federation and SSO is that, after more than a decade, SAML adoption has not risen above 10 percent of enterprise apps - apparently due to the excessive costs of infrastructure software. There simply is not enough return on investment for most service providers to implement, expand, and manage a complex federation network". The adoption among large enterprises is not any bigger, and especially among mid-sized enterprises SAML is practically non-existent. In my own personal opinion, SAML requires too much from too many to make it mainstream any time soon.

If you pretend you have a solution, then you have to pretend the benefits as well. If half of your business comes from large organizations, and if 10% of them support SAML, then this approach can only bring improvements to 5% of your business. From a business point of view, having a solution that improves 5% of your business is nice to have, but it is by no means strategic.

Doing something about it
Doing something about it is always the hardest choice, because it means that you have to go out to the customers and figure out what would work for them.

So, what are customers using today? As stated above, some large organizations have invested in SAML, but what about the rest? The least common denominator is a network, a user directory, a web server and an internet connection. The most typical setup is a Windows Domain, Active Directory and Microsoft IIS. Active Directory has a market share that is reported to be above 90%, and that figure gives a good indication for the other components as well. Such adoption rates are required by true de facto standards, which are solid enough to build strategic solutions on.

If you are serious about growing your business with large and mid-sized organizations, then it is of strategic importance to eliminate adoption and engagement obstacles related to signing up and signing on. You have to proactively convert as big a share of your customer base as possible to automated sign-on as fast as possible. In order to succeed, requirements on your customers have to be as low as possible in terms of time, investments and expertise. In practice this means that you need a solution, which does not require anything more from your customers than the least common denominator described above. From a business point of view, SAML is just a bonus, and only if you have customers who have invested in it.

If you are interested in such a solution, I would love to continue talks in person.

More Stories By Kjell Backlund

Kjell Backlund, CEO of Emillion, is a seasoned software business entrepreneur with over 20 years experience in international business. He founded Emillion in 2001, with the vision that automating sign-on and user management would be essential to the success of SaaS and Service Desk applications(www.emillion.biz).

@ThingsExpo Stories
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
IoT generates lots of temporal data. But how do you unlock its value? You need to discover patterns that are repeatable in vast quantities of data, understand their meaning, and implement scalable monitoring across multiple data streams in order to monetize the discoveries and insights. Motif discovery and deep learning platforms are emerging to visualize sensor data, to search for patterns and to build application that can monitor real time streams efficiently. In his session at @ThingsExpo, ...
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, explained how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Early adopters of IoT viewed it mainly as a different term for machine-to-machine connectivity or M2M. This is understandable since a prerequisite for any IoT solution is the ability to collect and aggregate device data, which is most often presented in a dashboard. The problem is that viewing data in a dashboard requires a human to interpret the results and take manual action, which doesn’t scale to the needs of IoT.
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
“delaPlex Software provides software outsourcing services. We have a hybrid model where we have onshore developers and project managers that we can place anywhere in the U.S. or in Europe,” explained Manish Sachdeva, CEO at delaPlex Software, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effi...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
Big Data engines are powering a lot of service businesses right now. Data is collected from users from wearable technologies, web behaviors, purchase behavior as well as several arbitrary data points we’d never think of. The demand for faster and bigger engines to crunch and serve up the data to services is growing exponentially. You see a LOT of correlation between “Cloud” and “Big Data” but on Big Data and “Hybrid,” where hybrid hosting is the sanest approach to the Big Data Infrastructure pro...