Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Why your cloud app should be SAML-enabled

April 2016 Information Security

By David Meyer, VP of product at OneLogin.

For many companies, SSO (Single Sign-On) and MFA (Multifactor Authentication) have gone from being ‘nice extras’ to ‘must-haves’. If you haven’t already lost business because your application doesn’t support these features, chances are good that you soon will.

David Meyer, VP of product at OneLogin.
David Meyer, VP of product at OneLogin.

In many regulated industries such as healthcare and legal, identity management and SSO are mandated and other industries, such as high tech, that place a high value on efficiency and business integrity, simply won’t use a product that doesn’t support SAML (Security Assertion Markup Language).

Doug Meier, the director of security and compliance at Pandora says, “Identity management SSO is so crucial to Pandora that if a prospective cloud app vendor doesn’t have a SAML-connector for its SSO system – which happens about 30 percent of the time – the company will walk away.”

Other companies may not require SAML, but without a doubt, they sure would love to have the features SAML provides. One of the top feature requests for HipChat, with 2768 votes is SAML. Commenters are begging for SSO because the ease would increase app usage by employees, while others reveal they have given up the app after three years of unmet requests and have turned to a competitor.

Implementing SSO and MFA is time consuming

Getting it wrong can be disastrous: just like with any other crucial technology decision, choosing a solution that turns out to be difficult to maintain or doesn’t hold up over time can be a major setback in time and money.

Therefore, your focus should be on finding a solution that is hassle-free and long lasting. Managing federation with a slew of different providers or rolling your own MFA adds a significant amount of technical debt.

For early to mid-stage startups, simply rolling out SAML enables organisations using an identity management system such as OneLogin, to layer MFA before authentication happens via SAML, effectively increasing the security of your application, with no work on your part. Add a line like this to your FAQs: “We support multi-factor authentication through our cloud IAM partners,” and call it a day.

SAML is hassle-free and long lasting

SAML is easy because it doesn’t take a lot of time and money to implement. SAML is an XML-based, open-standard data format for exchanging authentication and authorisation data between parties, in particular, between an identity provider and a cloud application. It’s true that SAML used to be a huge and complex investment to enable. However, now you can enable SAML in as little as two hours. Learn how to enable SAML at www.onelogin.com/resources/saml-toolkits.

And SAML is safe because it is an industry standard that has been around since 2002 and is used by thousands of applications and all the leading IAM vendors. It isn’t going to disappear any time soon or be replaced by some new flavour-of-the-day that comes along.

Add value (that you can charge for)

By enabling SAML, you’re increasing the value of your app through all the benefits SAML provides: SSO, better usability, speed, and phishing prevention. You can enable SAML on your higher cost plans, such as an enterprise plan, and be reimbursed for the value you added.

Improve your application’s security profile

By using SAML to authenticate an identity instead of passing a username and password, it can decrease your vulnerability to several attacks:

• Completely eliminates the phishing attack vector. The user doesn’t even have a password that they could enter and they won’t ever see a login screen.

• Users often reuse passwords between sites. If another site is compromised and the passwords leaked, they won’t be able to be used on your application.

• Password resets can be used to compromise an application if a user’s email account has been hacked. With SSO there is no password to reset (and no users sending frustrated e-mails that they can’t login).

If your application is easy to use and automatically provisioned for employees, the likelihood that they will use it increases significantly. For many applications, the hassle of trying to remember the password or ask a co-worker to ‘add you to the account’ slows adoption.

Being an industry-standard not only makes SAML safe, but also improves your credibility – because when you follow the industry standard, you prove to potential customers that you know what you’re doing.

OneLogin offers free open-source SAML toolkits ( www.samltool.com) in five different web development platforms: .Net, Java, PHP, Python, and Ruby.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
] A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.