        |
Everyone struggles to decide; it resonates through organizations around the world. Should you your team create its own proprietary solution, or is stand-alone, standards-based software like PingFederate the best way to ensure your SSO investment? There are costs and benefits associated with each. Let’s explore them.
Standards-based single sign-On provides the ability for an identity provider’s (IdP) users to access applications provided by a service provider (SP) without the need to re-login. Standards-based SSO employs a committee-approved authentication language to communicate users’ identities, like SAML or WS-Federation. PingFederate provides flexible, integrated support for all versions of the SAML protocol (1.0, 1.1, 2.0), as well as WS-Federation. To learn more about how SSO works, see our White Paper: Secure Internet Single Sign-On 101.
Because writing SSO software is unlikely to be your IT department’s core competency, there are serious time, cost and security implications when trying to develop your own software, including:
Uncertainty of immediate costs. How many more people do you need to hire? What toolkits do you need to invest in to create this new program?
Development time. How long is it going to take? There is a huge learning curve with developing Internet SSO programs. It is quite common for proprietary SSO deployment to take more than 9 months, if the project succeeds at all.
Total Cost of Ownership. How does the initial investment compare with the long-term expenses? How much does it cost to support, maintain and develop? Who is responsible for this new burden?
Multiple Connections. How many connections may I need to support? Proprietary SSO software is most commonly developed to connect one specific IdP with one specific SP. This leads to a scenario where your organization has SSO with 50 partners, with 50 different ways of doing it! With proprietary software, each new connection needs to be developed separately.
Incompatibility. What protocols do my connection partners use? Often, proprietary systems built are incompatible with the external applications and partners you are seeking to connect to - intra-network compatibility is an important issue.
Security. How secure is your proprietary SSO software? Internet SSO requires you to open a port in your firewall to the outside world, which means you need robust security. Internet security is a highly complex, challenging field where the knowledge base and the stakes are going up. Everyone has to stay ahead of the hackers. Even well-established, standards-based capabilities like XML encryption are subject to attack if not implemented properly. Are the developers building your proprietary SSO implementations, or are Internet security experts?
Complex implementations. Do we have the skills in-house to develop our own SSO program? Writing your own proprietary SSO software is fraught with challenges. When leveraging open-source toolkits to build your own proprietary solution, developers must code the full IdP or SP SAML implementations. Although toolkits commonly provide raw libraries for reading and writing SAML through object level code, numerous complex functions, such as validation of the assertion to ensure compliance to the SAML specification, need to be coded on top of the library. Improper validation is often a prime contributor to interoperability issues with other vendor products.
With a PingFederate’s standards-based software, you can create additional connections using the same PingFederate software. There’s no need to re-write code for each connection, the point and click GUI guides you through the connection process.
Deployment in Less Than 30 Days. PingFederate customers often implement secure Internet SSO in 30 days or less. PingEnable’s methodologies, support and services walk you through the process from identity federation proof of concept to implementation of your 100th connection.
Security. Developing appropriate security protocols without loopholes is difficult; PingFederate was designed from the ground-up to ensure that providing secure Internet SSO for your organization is as easy as possible.
Works With What You Have. As a standalone software application, PingFederate eliminates expensive upgrades of identity management system components. By providing a myriad of integration kits, integrations with first and last-mile applications are dramatically simplified.
You’re In Good Company. Over 250 large enterprises, service providers and government agencies rely on PingFederate for standards-based federated identity management, to provide secure Internet SSO for their users to safely access resources over the Internet without the need to re-login.
  |
