Authentication and Consistent Experience: Making It Seamless Across Apps and Devices

A consistent authentication experience across apps and devices can reduce helpdesk calls, increase productivity and improve user satisfaction. Here’s how to keep it simple and secure.

rsa bp article 10 istock 452709573 copy

As much as you’d like to deliver secure access with minimum inconvenience to users, there will always be times when they have to take an extra step to prove they’re who they claim to be. But when step-up authentication is required, you can strive to ensure they enjoy a consistent experience across apps and devices, at the very least.  With users accessing so many different resources from so many types of devices, that’s a tough challenge, but not impossible. The key is combining single sign-on (SSO) and risk-based authentication, as well as including applications that aren’t integrated with your SSO solution.

SSO: The Foundation for a Consistent Experience

SSO is great for providing a consistent experience across applications, regardless of where and how users are accessing those applications. When users only have to remember one password, they’re less likely to resort to high-risk behaviors such as using the same password over and over, or only changing it very slightly. But that’s not enough. To offer a consistent experience, plus the additional security of identity assurance, you need to implement SSO in tandem with a risk-based authentication solution.

Risk-based authentication requires additional authentication effort from users when context demands it—such as when behavioral anomalies are detected while a user is attempting to access applications. Most SSO providers offer some type of basic two-factor authentication (2FA) or multifactor authentication (MFA), but it’s generally not robust enough to provide identity assurance or to require step-up only when context warrants it. What’s needed is a solution that’s designed to enforce context-based rules and policies around access risk.

But What About Apps That Aren’t Integrated with the SSO Solution?

There’s nothing unusual about having some apps that aren’t integrated with the SSO solution. Perhaps the SSO solution is optimized for cloud and therefore doesn’t cover on-premises applications. Or it’s a legacy web access management (WAM) solution into which all the cloud solutions aren’t integrated. Or, as is often the case, the VPN and thick client apps just aren’t part of SSO.

Resources that aren’t integrated into your SSO solution can still be important to your organization, and just because they’re excluded from SSO doesn’t mean you should exclude them from your identity assurance platform. It’s the job of the identity assurance solution, and those who administer it, to be sure the user experience is simple and consistent while maintaining the required security posture. Choose a solution with that priority in mind.

Users are focused on getting the information they need to do their jobs. They don’t care if the application they’re accessing is in the cloud or in a data center. And why should they? They just need a consistent interaction across applications and devices—one that doesn’t frustrate or slow them down. Offering that consistency enables you to address authentication issues while increasing user satisfaction and reducing helpdesk costs.

Learn more about how RSA SecurID Access can help you deliver access that’s both secure and convenient in this eBook.

Copyright © 2017 IDG Communications, Inc.