Google adopts single sign-on for more desktop, mobile apps
With enhanced OpenID Connect Identity Provider support, Google Apps administrators will be able to add single sign-on capabilities to mobile apps and to SaaS (software-as-a-service) apps available through the Google Apps Marketplace, said Shashank Gupta, product manager for Google Apps for Work. Google also added support for SAML (Security Assertion Markup Language) 2.0 for popular SaaS providers and made it easier for administrators to add custom SAML app integrations.
Organizations are increasingly adopting single sign-on because it improves corporate application security. Employees don't have to remember complex passwords for each application as they just use their Google Apps credentials to sign in.
"These single sign-on options help us address the growing demand for a central cloud based identity service," Gupta said.
Single sign-on makes it possible for users to switch seamlessly across different Google applications, such as Drive and Gmail, without having to retype the password every single time. Google already supports single sign-on for external applications via SAML, including Salesforce.com, Dropbox, Freshdesk, Concur, Workday, Amazon Web Services, and Zendesk. With the enhancements to OpenID, Google Apps administrators will be able to provide the same type of invisible login to their employees across more applications.
Administrators can turn on single sign-on from the console and choose from a list of SaaS apps that have been pre-integrated into Google Apps. Because Google Apps acts as the identity management server, administrators don't have to manage individual user IDs and passwords for each application.
"At Netflix, we leveraged Google's OpenID Connect standards support as part of our migration to a 100 percent cloud-based single sign-on solution," said Justin Slaten, manager of enterprise technology and client systems at Netflix.
Making it easier for users to log in to applications also reduces IT workload. With single sign-on in place, DoIT International's support team has seen a 25 percent reduction in helpdesk tickets, and the IT team spends 20 percent less time on troubleshooting, said Vadmin Solovey, founder and CTO of DoIT International said. "Google Apps identity service has made single sign-on to services we use every day like Salesforce and Zendesk much easier for end users."
SAML support has not been sufficient for mobile apps, but Google's enhanced OpenID can be used for IT mobile apps and SaaS mobile apps. SAML 2.0 was built under the assumption that users would use the desktop Web browser, making it hard to adapt for the mobile ecosystem. By using Google's enhanced OpenID, mobile app developers don't have to take creative approaches to incorporate single sign-on with SAML.
Developers can enable the new single sign-on features by following the API guides in the Google Identity Platform.
Google's identity services can also be combined with Google Apps enterprise mobile management controls, such as password strength, lock screen requirements, and app management, and used in tandem with other mobile security options, such as Google's Smart Lock, Gupta said. The layers of security protect both the app and the device.