Having too many logins and trying to remember each password for different websites can be extremely time-consuming and often frustrating.
The solution? Single Sign-On. This means you no longer need specific credentials for each of your platforms. Instead, you can login to one central IDP (identity provider) allowing all your other systems to authenticate you and let you login without having to re-enter any username or password. Easy right?
What is Single Sign-On?
Single sign-on (SSO) is an identification system that allows applications, like Brand iQ, to use other trusted sources to verify users. This eliminates the need for the application to store any passwords in the database which cuts down on login troubleshooting, and drastically reduces the damage orpossibility of unauthorised access.
What are the benefits?
Convenience – Their central Microsoft 365 login now gives users access to Brand iQ without the need formultiple passwords.
Data control and accuracy – All the data for a user is stored in Microsoft Azure and therefore it can be kept up to date as the one source of truth and used for multiple systems.
Reduced Risks – Brand iQ is no longer storing passwords in the database and users cannot create weak passwords, which can reduce the risk of leakage or hacking.
Speed – Users no longer have to go through a lengthy sign-up or login process to use Brand iQ.
In summary, adopting SSO will make life easier for you and your users and ensure that data remains consistent and secure.
How does it work?
SSO systems work as an identity provider similar to an ID card.
For example, when someone asks for you to verify your ID, you can show your passport and as a trusted source of identity, the passport validates your ID. Similarly, with SSO, Brand iQ doesn’t make you prove your identity by logging in. Instead, it checks with your SSO provider (in this case, Microsoft Azure) to see if it can verify your identity.
A simple step-by-step of how this works is below:
1. Firstly, you access your brand centre URL.
2. You will then see the option to login via your identity provider. (e.g Microsoft Azure).
3. You click this option.
4. If you’re already logged in, then your identity is verified, and you have access to the brand centre.
5. If you’re not logged in, you will be presented with a login box for Microsoft 365.
Once authenticated there you will be redirected to the brand centre.
How does this work with Brand iQ?
The process for logging users in via SSO to Brand iQ is simple, but there is also a lot more going onbehind the scenes to ensure the right user has access to the right information.
Brand iQ has a multi-layered hierarchy meaning that users can be grouped together by organisations and groups to define what assets and functionality they have access to. This information can also betransported over via the SSO process.
As an example, let’s say that “Employee A” is part of the Marketing Team and specifically works as a Copywriter.
1. An organisation exists within Brand iQ called Marketing.
2. A group exists within Brand iQ called Copywriters.
3. There are already fields in Microsoft 365 containing this data.
4. When a user tries to login to Brand iQ via SSO from Microsoft 365 for the first time, there is an exchange of data via the SSO, which will put “Employee A” into the correct organisation andgroup automatically. This happens instantly behind the scenes meaning that the user has the right level of access as soon as they login.
User management and Auto provisioning
Taking the SSO concept a step further allows us to help centrally manage users and permissions. Via the SSO integration Brand iQ can automatically create new users and place them into the correct organisations and groups ensuring that the user will always have the personalised user access and permissions.
Users can also be updated via the SSO meaning that you can rest assured the data is always up to date based on the data you hold centrally.
If you want to find out more about how you can benefit from deploying a brand management platform of have questions about SSO, get in touch with one of the team: firstname.lastname@example.org