myOneLogin: Single Sign-On for the Cloud
Single sign-on may seem like a service whose time has past. Meant to provide access to multiple resources through one set of credentials, it initially seemed like a godsend for enterprise I.T. At least, until reality set in. Soon people realized that single sign-on was difficult to set up, risky if not paired with other strong authentication mechanisms, and darned near impossible in real life use cases - so much so, in fact, that some people now prefer the term "reduced sign-on" instead. For the end user - the very person the whole system was supposed to help - SSO was never really that convenient either. But that may be about to change, and all thanks to the cloud and a service called myOneLogin.
One Login, All the Cloud
MyOneLogin aims to bring back the glory days of single sign-on, without all the hassle. Having grown out of a company that originally provided SSO authentication systems on-site for millions of customers, many of which were financial service companies serving banks, the company knows a thing or two about authentication. Secure, bank-grade authentication, that is. After watching its customers turn around and use the technology to provide authentication services to banking clients, the folks at TriCipher, myOneLogin's corporate parent, thought that perhaps now was the time to start offering a secure SSO product.
The product, myOneLogin, has been available outside beta for the past year and is currently being used by a number of business customers, including Motion Media Solutions, Ingres, Ferrilli Information Group, and Comergence Compliance Monitoring.
Essentially, myOneLogin is a hosted service that customers can use for their own systems without installing any additional hardware or software on-site or on their devices. Although the service can work with any behind-the-firewall browser-based application, its true potential is in providing SSO services to new hosts of cloud-based applications that are sneaking their way into the enterprise today. Applications like Salesforce, Google Apps, Zoho, Outlook Web Access, Yahoo Mail, WebEx, WordPress, Picasa, Amazon, and LinkedIn are just a handful of the hundreds upon hundreds of supported cloud apps.
What's more, the service isn't limited to just "business" apps. Today, the line between what's for work and what's for personal use has blurred. Isn't Facebook just as much for business networking as it is for fun? When you book your airline tickets at Expedia for your business trip, don't you also return to book your vacation, too? With the myOneLogin service, all these applications - both business and personal - can be wrapped up together for secure SSO authentication.
How It Works
Without getting too technical, the myOneLogin service simply downloads a small marker to your computer or your internet-connected device the first time you go to use the service. This marker is nothing more than an encrypted cookie in most cases, unless the I.T. admin has specified that a browser certificate should be used instead. (With the certificate, the end user has to click "Yes, I accept" one time but the cookie is hidden from the user, requiring no action.)
Next, the system either asks you a series of security questions to verify your identity or the system can send a code to your cell phone, again depending on how your I.T. administrator has configured the service. Keep in mind this is only done the first time you use myOneLogin on a new device, not every time. You also have the option of going through these identity-verification steps for one-time use of a public PC, like that at an internet cafe or hotel business center. The system will confirm your identity, but won't install the marker on the computer.
To access your personal list of web applications, you visit a portal page provided by myOneLogin. The page can be entirely customized with the company logo, etc. as the business sees fit. Alternatively, the page can be used within an iframe so as to embed it into whatever portal the company already uses - like SharePoint, for example.
For applications like Google Apps, Salesforce, and WebEx, and some internally-used enterprise applications, SAML (Security Assertion Markup Language) can be used. SAML even works with a couple of VPN providers - Juniper SSO VPN and Microsoft's Internet Access Gateway. That's handy for companies wanting to support both internal and cloud-based applications. For other systems, myOneLogin acts as a password proxy, learning the username/password combination and then providing it to the requesting application.
When the time comes to remove a company employee's access to systems, the beauty of the myOneLogin system is that there's just one place this has to be done. Unfortunately, that's because the heavy lifting still needs to be done on the front end when provisioning access for the user. However, the system is so easy to use that it can even be self-provisioned by I.T. Alternatively, myOneLogin can do the provisioning for you. And fast, too. In fact, one large insurance company in California provided myOneLogin with a list of applications they wanted to make SSO-enabled, and when, the next day, they were all available on the portal, the company's security guy was amazed, saying "this cannot be that easy." But it is.
As far as infrastructure goes, myOneLogin hosted service runs as a single instance in a multi-tenant environment which allows them to provide the cost benefits of the Software-as-a-Service (SaaS) model with their customers.
Pricing
The system is surprisingly affordable. It's only $3 per month per user. Considering that the average user accesses 12 or so web applications per month and has an overall cost associated with them at about $500 per month, says Jack Martin, a VP at TriCipher, "what's $3 then?"
As more companies continue to implement external applications which they don't have control over, I.T. is becoming concerned about security and control. What's more, many of these applications don't have secure authentication built-in. That's why Martin believes now is the time for a return to SSO - except now it's a cloud-based service designed for the cloud-based applications that businesses today want to use. That doesn't sound like too bad of an idea. What do you think?
Facebook
Sponsored by
-
Is the Relational Database Doomed?
February 12, 2009 / 112 Comments -
IBM Launches Cloud Platform For Software Developers
November 5, 2009 / 2 Comments -
Microsoft To Offer Application Marketplace In Sharepoint 2010
November 6, 2009 / 6 Comments -
Netvibes Goes From Web 2.0 To Enterprise 2.0 In Partnership With Sage Software
November 3, 2009 / 5 Comments -
Microsoft Embraces Open Source (in the Online Ad Business)
November 2, 2009 / 8 Comments
-
Novell Pulse: Security and Backup to Google Wave
November 4, 2009 / 6 Comments -
Don't Forget About Security on the PC
February 17, 2009 / 11 Comments -
Microsoft To Offer Application Marketplace In Sharepoint 2010
November 6, 2009 / 6 Comments -
Switching From Gmail to Relenta (Cautiously)
February 16, 2009 / 34 Comments -
Terabytes Missing From The National Archives: Would the Cloud Be Safer?
July 6, 2009 / 15 Comments
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteEnterprise posts
Isn't this what OpenID is supposed to do...for free?
David: OpenID = consumer-focused; myOneLogin = SMB/Enterprise (as I understand it)
David, you caught my question precisely. That's what I was thinking right from the point at which I read the title and especially at the point where I saw the list of "apps". What gives? Why would I want to pay?
Looks like someone FINALLY realized that enterprises will have to manage SASS logins as business assets. great idea.
Providers of SASS apps have to do the work themselves to support OpenID - some do, most don't. looks like TriCipher handles these disparate login systems
OpenID is a great protocol for single sign-on. There are others like SAML too. It would be great when all web application vendors would use that protocol and then we users would never need to remember another password again. However, until we reach this “nirvana”, myOneLogin gets you there with all the web applications TODAY. It also supports federation standards like SAML. Also, myOneLogin provides 2-factor security to protect access to all your web applications using familiar technology used by major banks today – it’s convenient and secure. Most OpenID providers use just a simple password and that exposes users to phishing attacks. One password exposed and the phishers get access to all your web apps – myOneLogin secures this front door to your web apps.
The huge benefit to SMBs is controlling their users/employees access to business applications. Instant access and importantly denying access once employees leave (given the current economy). Also, allows SMBs to run reports on user access to their business applications.
I've been using MyVidoop.com for several months now and it seems to offer a similar service for free that works for any website, as well as SASS applications. I use it with Google Apps, BaseCamp and Facebook.
It appears that MyOneLogin operates in a similar way, with the advantage of offering a single on/off switch to a Company's Network Admin, perhaps preventing an employee from changing their passwords for individual services. Also, I wonder about the relative effectiveness of MyOneLogin security protocol compared to the MyVidoop image badge security, which seems extremely robust.
Vidoop's image badge strikes you as security? It is the main reason I don't use that service. Its not a "protocol", it is a gimmick.
Lots of security features/options on myOneLogin. It's like OpenID on steroids. Maybe these guys should just issue OpenID credentials that are more secure.
Sorry, but $3/month for this is NOT "surprisingly affordable". This should clearly be a freemium offering.
Looks more fiction than fact. Who invented the 4 charactor password...bank level authentication/security is nothing to brag about.
"The average user has 12 web apps and spends $500/month." I would like to see some industry publications to back that up. That pegs I.T. support at $6000/year per employee for web apps alone. That is astronomical. Add the cost of lost productivity using the webapps and add any onsite I.T. support staff and you probably have a company going out of business.
$3.oo vs 0.00 for OpenID.
Google apps $0-$4.00/mth, TriCipher $1.50/mth to access Google apps.
The numbers just don't add up and that is not even addressing the security issues involved.
I just don't get it. You must identify the problem before solving it. This will not change the single source logon dilemma.
Frickin' brilliant.
I am currently evaluating the product and am really impressed. I have about 20 applications in the cloud and managing the numerous passwords / accounts for all of our users is a nightmare.
This product will enable us to add new users in minutes, give everyone a Portal to find their provisioned applications, remove access in seconds (if some leaves the company or their role changes), and support "shared" logins, when necessary.
$3 per month per user is a deal in my opinion.
I am currently evaluating the product and am really impressed. I have about 20 applications in the cloud and managing the numerous passwords / accounts for all of our users is a nightmare.
This product will enable us to add new users in minutes, give everyone a Portal to find their provisioned applications, remove access in seconds (if some leaves the company or their role changes), and support "shared" logins, when necessary.
$3 per month per user is a great deal in my opinion for the improved security this product provides. Also note that they have been amazingly responsive in adding new "cloud apps" at no additional charge.
MyOneLogin also has a hosted service for SAML-enabling web applications. We're using their "Federation as a Service" offering to make our SaaS application (eXpresso) comply with SAML and it shaved a ton of development time off of what we needed to do to support this standard. I bet they will support OpenID in the future too, but as things stand right now for businesses that want Single Sign-On access to our application we receive far more requests for SAML support than anything else. I'm a user of both the consumer-side of MyOneLogin and the web-app identity federation side and so far I'm extremely impressed. Keep it up guys!
The 2.0 industry would probably say "more fact than fiction." Enterprises ARE moving to SaaS, cutting operational costs, doing more with less and facing new issues. Password management is a problem, and myOneLogin provides the solution. A friendly secure user experience to password management with cloud based Strong Authentication for enterprise security. Everybody wins.
CRM Landmark puts industry standard SaaS CRM pricing at approximately $400/user/month, alone. So $500, over multiple applications, with some enterprises using 20+ apps, is far from astronomical, closer to realistic. Like Jack said "what's $3 then" to secure it?
There are easy solutions based on OpenID that already exist for this problem that don’t require the remembering of a plethora of passwords or complicated challenge questions and ARE FREE. myVidoop.com for example.
myVidoop.com uses images to recall a secret that only you know that can then auto access whatever web site you want to visit. Remember one secret and your password organization challenge is over.
If you can relate to this video: http://www.youtube.com/watch?v=8m1a26kFQrg
Then there is a solution:
https://myvidoop.com/
I like your video presentation, informal but very much effective! my compliments
Davide