Logging on to two single sign-on systems, is that really possible?

It should be a contradictio in terminis but some companies do have them: To log a fault ticket with the IT help desk you log into the first SSO system with one set of credentials, then a moment later when you have to submit your time sheets or update the CRM system you are asked to log-on again with a completely different set of credentials on a second portal that proclaims to be an enterprise single sign-on solution.

 “That doesn’t make any sense” you may say, but unfortunately in the world of corporate mergers an organisation may very well end up with two of such beasts that never should sleep in the same lair. Just look at the underlying URLs of such systems and you will soon discover and old company name buried in there. So the new company C decided that merging company A had the better CRM solution, but the IT help dek was better in company B.

 A better solution would be to engineer a federation based on SAML, where once you are authenticated against one of those systems, you are automatically trusted in the other. How hard can that be? Within a new merged company you wouldn’t have to worry about the usual legal niceties of a SAML based solution, which is usually the tricky bit in a federated solution.

About lasancmt

Passionate about Identity Management Disgusted at #ukip and #brexit
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s