What are identity providers and why do they matter?

Imagine a world where you did not need identification to get on a plane, drive a car, get prescription medication, buy alcohol, tobacco, watch movies or vote!

Can you think of how many problems this could cause? I can.

In our daily lives, we need to provide an ID to do quite a lot, and that’s a good thing! Our world relies on IDs, and for things to work as intended, these IDs have to be authentic. That’s why, in order to get a valid ID, you typically go to the driver’s license bureau or passport office, and have to provide pieces of paper which hopefully prove that you are you (birth certificate, bills, credit card, etc.).

What is an identity provider (IdP)?

In the physical world, your state’s DMV office or the Passport Office act as identity providers who authenticate you and provide you with an ID that proves you are who you say you are.

Similarly, in the digital business world, you need to provide identification in order to check your email, use teleconferencing or access other corporate systems. Many organizations have hundreds or even thousands of different applications and systems in their environments.

So, how do you enable secure authentication without driving your users crazy with various login prompts?

This is where IdPs can help. These organizations help create and manage digital IDs so your users can effortlessly and securely authenticate into the various systems and services they need to use.

How do IdPs work?

In order to get a valid digital ID, you need to provide the IdP with pieces of information that prove you are you (username, password, answers to security questions, rotating number on a fob, etc.). The IdP then issues you a token which serves as your digital ID.

This token is digital proof that you are who you say you are.

Think of the IdP as a driver’s license bureau, it is a service that provides a token of your identity that another service can trust, so you can access certain resources based on information contained on the token.

The following table below shows the parallels between the real-world license bureau and the digital-world IdP:

Isn’t that what Single Sign-On (SSO) does?

An IdP ultimately provides similar functionality as an SSO, but in a more standardized way that allows applications and authentication services to limit the protocols they support.

This means there is no need to support custom authentication schemes. You also limit attack exposures by adhering to known and trusted protocols.

Why do IdPs matter in content services?

Modern content services platforms are not the rigid, monolithic application suites of a decade ago. They are designed to be open, integrated and extensible to give you the flexibility to use the technology in ways that best fit the needs of your various users.

It’s all about establishing an information strategy that delivers content to the right people, at the right time, from any location or device.

This means users may no longer be consuming content services from the same single interface. Perhaps they are simply using Enterprise Search from inside their CRM application. Or maybe they are using an application you custom-configured for them that combines several content services like capture and workflow with third-party systems like ERP and cloud sharing.

Componentization of your IT architecture offers a lot of benefits, but can also add complexity. This is where IdPs offer several advantages, including:

  • A standard authentication experience

One benefit of an IdP is that it establishes a standard authentication experience across multiple applications and systems. Your users know what to expect and what to do to log into all your applications. Their experience is not dictated by each application.

This has security implications as well – if your users come across a login screen that is different from the standard screen in any way, their degree of suspicion should increase.

  • A standards-based authentication experience

Another benefit of an IdP is that by using open standards, it becomes easy for applications to integrate into the shared authentication experience. Your IT department does not need to develop independent authentication code for internal applications, and solutions you invest in or subscribe to can easily integrate with the IdP.

  • Automated authentication experience

As noted before, identity providers can also deliver SSO service to enable secure authentication into multiple applications, giving you a more seamless experience so users focus on being productive instead of typing passwords.

Innovation matters

The growing demand for IdP functionality is just one example that underscores the importance of continued innovation in content services. Legacy enterprise content management systems are quickly falling behind in their ability to support infrastructure modernization initiatives and meet the evolving expectations of both users and customers.

This is why we continue to invest in innovating the core elements of our platform to meet modern demands. We view our work on identity and access management (which includes IdP) as especially critical to not only helping improve your user and developer experience, but also in providing IdP capabilities that help your organization meet modern security and compliance requirements.

Hyland IdP uses standard protocols (OAuth2 and OpenID Connect) and allows you to not only authenticate with Hyland credentials, but can also federate to your existing authentication solution – be it an internal active directory based solution or an external hosted solution such as Okta or Ping Federate.

This means we can seamlessly integrate with your existing authentication experience to allow your users simple access to Hyland solutions. Because the less time they spend logging into different systems, the more time they have to get their work done.

Interested in learning more? Talk to our experts.

* Originally published on Workflowotg.com.

Cliff Bender

Cliff Bender

Cliff Bender is a software architect at Hyland.

... read more about: Cliff Bender

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.