Single Sign On - our platform, your identity

The Awareness platform includes a nice identity management system that handles usernames, passwords, profile attributes, etc for users in the communities that we host.  However, customers often come to us with their own identity systems in place and they want their existing users to be able to log into Awareness-powered community with their existing credentials.  And they are in luck!  The Awareness platform has a flexible and powerful Single Sign-On (SSO) integration capability that allow Awareness-powered communities to integrate with existing identity providers and also to share key information between our system and the customers' systems about profile info, content access permissions, and more.

The Awareness SSO system is very flexible.  In the past, we've integrated with all kinds of identity systems, from standards-based solutions like Active Directory and LDAP to homegrown, proprietary systems. This all works because we use a loosely-coupled model to link our system with our customers' systems.  Basically it works like this:
  1. A user navigates to a Community page (hosted by Awareness) that requires authentication
  2. The user is re-directed to a Login Handler page that is usually hosted on the Customer's infrastructure.  This Login Handler page must be able to access the target identity system - that's how this all works.
  3. The user is authenticated by the Login Handler page and key info about the user is encrypted
  4. The user is redirected back to the Community along with the encrypted info.  The info is decrypted.  The user is added to the Awareness system if necessary and then logged in. 
  5. The user is now logged in to the Community and on the page they wanted to see.
Now, from the user's perspective, this is seamless and they aren't aware they've been moving between systems; it looks like a regular login flow.  But behind the scenes, the Awareness platform and the customer's identity system have shaken hands securely and logged in the user without Awareness ever knowing the user's password.

SSO is great for logging people in to the community using their existing credentials, but it can do a lot more.  As part of the handshake that occurs, the customer's system can package up a lot of useful information about the authenticating user that Awareness can take advantage of.  For example, profile information can be included, so that the user's community profile automatically shows things like their city and state or date joined.  It's good to pre-populate profiles so they look "lived in".

Even more powerful is including security group information as part of this handshake.  This way, the customer's system can tell Awareness that a particular user is part of a particular user role. like "Premium Users" or something like that.  And membership in user roles is what determines access to specific content in the community.  So SSO is really a very efficient way to manage who can see what in a community without having to do any management in the community admin console itself.

I'm not expecting a ton of comments here but if anyone else has some examples of ways they've used SSO to make their community more user-friendly and more-integrated, I'd love to hear about it.
Tags: sso
  • Comments (0)
  • Permalink
  • Print

Ford's Social Media Strategy - From Zero to 60

Who do people trust to get their information from? This is the question posed by Scott Monty, Ford’s head of social media when we had a chance t...
more »

    » Follow Us

    Upcoming Events

        No Posts

    Photo Gallery

    Tag Cloud

    RSS Feeds