Security

Looking for a PeopleSoft ‘Quick Win’? Integrate SAML for Single Sign-On (SSO)

By Scott Lavery • April 7, 2020

It’s no secret that managing PeopleSoft passwords can be challenging. This has been a hot topic for years – and with COVID-19, we’re seeing a resurgence from increased remote access. A remote workforce can quickly put a strain on IT help desk services – especially with resetting passwords. Btw, hackers know that passwords are being reset at a record pace, as demonstrated by the massive uptick in phishing attempts (+667% since Feb. according to Forbes.)

With a myriad of IT projects and an ever-changing list of demands from the organization, setting priorities can be difficult. We’d suggest PeopleSoft customers prioritize a single sign-on for (4) key reasons:

PeopleSoft Passwords are a Security Liability

I eluded to this above, but the statistics speak for themselves. According the 2019 Verizon Data Breach Investigation Report, ‘91% of hacking attacks begin with phishing/spear phishing attacks.’ Organizations try to mitigate this by using a VPN. However, after the expense and potential disruption in service after a large percentage of your workforce is accessing critical business transactions using a VPN – there is little ROI in this strategy.

Might I suggest, requiring VPN access for ‘high privilege’ access only? Normal users that are accessing self-service can be secured by leveraging a Single Sign-On (and possible multi-factor authentication.)

IT Resources Need to be More ‘Focused’ Than Ever

We don’t need to belabor this point but suffice to say that changing your business operations overnight (in the case of COVID-19) causes complexity. Ensuring network/server availability and using help desk services to troubleshoot strategic issues is better than one-off password resets.

The ROI of an SSO Project (over time) is Very High

When you count up the hours spent managing passwords (80% of help desk calls), you quickly find that removing the complexity of PeopleSoft password management, is an ROI positive project. Add in the lost productivity of users not being able to access business transactions (because they’re waiting for their password to be reset), then the ROI increases. Bottom line, an SSO project will delight both users, IT teams, and your CFO alike!

This Project Can be Done Quickly (2-4 weeks.)

We’ve come to the (sort of) tricky part. Organizations have tackled SSO projects using customizations and home-grown solutions – all of which modify PeopleSoft code and create challenges down the line. Needless to say, if you’re looking for rapid deployment, with minimum complexity (today and in the future) – than a configurable approach is recommended.

This is where Appsian comes in, as we’ve developed the native SAML connector that can seamlessly integrate your Identity Provider (OKTA, ADFS, Azure, Shibb, etc.) with PeopleSoft – creating a configurable Single Sign-On. Thus, not effecting underlying PeopleCode or having an impact on future application upgrades.

Bottom line, if you’re looking to quickly alleviate a lot of the complexity around PeopleSoft identity and access management – Appsian can help! We have worked with hundreds of PeopleSoft customers around the world, helping them remove costly customizations and implement a SAML-configured Single Sign-On for PeopleSoft.

Let us show you! We can get you up in running in a couple of weeks!

Stay Updated

Tips and Techniques

The Keys to Avoiding a Failed PeopleSoft SSO Project

By Scott Lavery • April 19, 2018

In a previous blog ‘Time is Money’ we discussed what lacking a PeopleSoft-integrated SSO is costing your organization.

By now, we all should fully understand what the recurring password recovery cycle is costing organizations in terms of lost end-user productivity and excessive calls to the IT help desk. Organizations can use a single sign-on (SSO), to establish a centralized authentication system that allows IT to manage support costs and efficiently perform password database provisioning. An SSO also greatly reduces user downtime associated with password reset and recovery.

Off-the-shelf SSO solutions DO NOT work with PeopleSoft

There are numerous vendors who promise that the same SSO that you implement across all of your enterprise applications will also work seamlessly in your PeopleSoft environment. Unfortunately, when it comes to implementing that off-the-shelf SSO in PeopleSoft (specifically) those projects are destined for failure. The reason being that off-the-shelf SSO solutions rely on SAML based technology as an identity federation standard – and there’s no native SAML support in PeopleSoft. Unaware of this fact, SSO vendors will assume that PeopleSoft supports SAML (similar to your other applications) and eventually hit a roadblock during implementation/testing. This complication typically results in the recommendation of added customizations and web server(s) in order to save your PeopleSoft environment from being alienated from the rest of your enterprise applications.

The downsides of fitting a square peg in a round hole

Off-the-shelf SSO solutions need to go through extensive customizations in order to have any communication with PeopleSoft. Firstly, organizations need to build extensive frameworks to integrate SAML based identity providers (ADFS, Shibboleth, etc.) with PeopleSoft using a reverse proxy configuration. These custom developments require procuring and setting up additional infrastructure (hardware, web server(s), etc.) – resulting in prolonged project timelines and budget overruns. Secondly, these customizations (once implemented) are fragile, difficult to troubleshoot and require constant intervention – especially during PeopleSoft updates.

PeopleSoft Single Sign-On – a square peg for a square hole

Organizations can save both time and money by opting for an integrated SSO, exclusively designed for PeopleSoft. For years, the demand for a native SSO utilizing SAML identity providers was a hot topic in the Oracle community – fortunately, this solution is now a reality. Being the only native SSO solution for PeopleSoft, PeopleSoft Single Sign-On by GreyHeller allows organizations to support SAML-based authentication technology without any customizations or additional infrastructure. PeopleSoft Single Sign-On eliminates the need for end-users to utilize multiple (weak and easy to remember, but easy to crack) passwords and empowers them to seamlessly transition between PeopleSoft applications using a single, strong login credential. It also empowers IT teams to centralize authentication management and makes it easy for them to provision password databases as employees come and go in the organization.

Once implemented, PeopleSoft Single Sign-On enables your employees to:

  • Authenticate PeopleSoft sessions via the leading identity providers such as: ADFS/Office 365, Shibboleth, or OKTA
  • Access PeopleSoft via deep link navigation (sent by email or other enterprise communication channels)
  • Utilize PeopleSoft links from a 3rd party portal

When it comes to your enterprise applications, opt for the peg that fits rather than hammering the one that doesn’t into a shape that partially fits! To learn more – request a live demo of PeopleSoft Single Sign-On with an Appsian Solutions Expert email us at info@appsian.com.

Stay Updated