Single Sign-On (SSO) solutions have emerged as the gold standard in identity management. While poor password practices continue to prevail, the effectiveness of the ‘username and password’ as the main authentication model has deteriorated.
Password management can be a nightmare for IT, as it reduces department productivity and increases service costs. However, SSO solutions allow administrators to centralize identity management, as end-users utilize a single set of credentials to access every enterprise application.
Establishing an SSO for PeopleSoft
PeopleSoft applications are a vital part of an organization’s enterprise architecture, and unfortunately, integrating PeopleSoft into an enterprise SSO can present challenges. This has lead administrators to look to the market for help – and as you evaluate an SSO solution for PeopleSoft, you should ALWAYS ask these 6 questions – the answer will be the difference between project success and failure:
How does your product interact with PeopleSoft?
To successfully implement an SSO solution, organizations first need to integrate all applications with a centralized ID provider. Most popular ID providers such as: Microsoft Azure Active Directory, OKTA, etc. use SAML – the open federation standard that allows identity providers (IdP) to communicate with enterprise applications.
Many off-the-shelf SSO vendors claim to support PeopleSoft. However, they ignore the fact that PeopleSoft applications do not natively support SAML. With a conventional SSO solution, PeopleSoft applications are likely to stay alienated from the rest of the organization’s business applications. Organizations must ensure that their SSO provider addresses the SAML problem upfront. Or it can lead to a ripple of problems with the implementation (ex. inflated budget, time lines, complexity, etc.)
Is there a need for customizations?
Exclusive to PeopleSoft, most SSO providers are required to build an extensive framework of customizations. Customizations demand extra resources and prolong the implementation timeline – thus, increasing the project liability. Even after that, custom SSO solutions can be insecure, fragile, lack functionality for some transactions and be prone to problems that are difficult to troubleshoot. Moreover, building and maintaining a customized framework requires both coding and PeopleTools expertise – which is a rare skill combination. Alternatively, PeopleSoft customers can seek a configurable SSO based on logic workflows built outside of the PeopleCode.
Are there additional hardware/server requirements?
In most cases, organizations will be required to purchase additional hardware to support the customizations designed to simulate communication between PeopleSoft and their respective Identity Provider. The procurement of new infrastructure (reverse proxy servers) is not ideal and can result in unexpected project budget overruns.
Does the solution support deep embedded links?
One of the primary benefits of an SSO solution is allowing users to bypass login with the use of deep links or embedded links. These links, when sent to a user, can take them to a specific transaction using the previously authenticated SSO session. Thus, saving time and increasing user satisfaction and productivity. However, most off-the-shelf SSO providers don’t support this functionality. With increasing remote access on mobile devices, deep-link navigation can be important to usability and engagement. For instance, a user can go straight to an intended transaction by following a link (sent via email, text, etc.) even if they are required to authenticate an SSO session on a device they don’t use frequently.
How does the solution impact PeopleTools Lifecycle Management?
PeopleSoft’s native functionality is continuously evolving with every single image released via the PeopleSoft Update Manager (PUM). These updates include frequent changes in the authentication model, which means that a customized solution would demand excessive upgrade and alteration with each update. The constant need for upkeep can adversely affect the adequate use of customer resources and time, making room for an increased scope of errors and subsequent troubleshooting.
What if we decide to switch an ID provider?
One of the most important decisions organizations need to make while choosing an SSO solution, is the flexibility of adaptation if and when they decide to switch IDPs. Ideally, organizations must look for a configurable SSO instead of a coded (customized) one. Reason being, when an organization plans to switch to a new ID provider, a custom solution would require building a whole integration framework. Therefore, a custom SSO can prove to be tedious and time-consuming, unlike a configurable SSO that can allow a seamless switch.
Designed to create a simple, extensible, and easy-to-maintain approach to the implementation of modern authentication, Appsian’s PeopleSoft SSO Connector is the only turnkey solution for native SAML-compatibility in PeopleSoft – enabling customers to: