Single Sign-on integrates WEM applications in your Enterprise

We’ve all been there. You had a rough night, get into the office, poor yourself a large cup of black coffee to get started and start up your computer. You log on, open Outlook and work your way through the ever-present emails. You start your main application and log in. Oops, wrong password. But the coffee helps you to stay semi-alert and you remember the correct password. That’s when you realize that you forgot to record the hours you spent on that account last night, so you start the time registration software and log in. Again, a wrong password. This is frustrating. After 3 attempts you’re finally able to take care of registering your hours. This “start application – log on – do your work” process continues during the day.

We have all grown accustomed to the frustrating situation that every application you use has its own username/password combination. It gets harder and harder to remember them all, so we resort to writing them down (insecure), buying password management software, or any other tool to help you deal with this login-mess.

Single sign-on

To improve this situation, many applications have implemented single sign-on functionality. That means: you start the application, the application checks if you are already logged on to the company’s network and uses these credentials to give you access to the application. Now you only have to log in once, and all applications that support single sign-on grant you access without the need of entering the username/password combination over and over again.

The single sign-on scenario works fine for applications that are installed locally on your computer. Web applications are physically located somewhere in the cloud, not within the infrastructure of your company, which makes single sign-on a bit tougher. However, at WEM we think that integration of your applications with the outside world is crucial. The WEM Modeler has the best integration features you can find on the market today to integrate data and other systems with your WEM application (and the other way around). So obviously, the next step for us to take was to enable you to add single sign-on support to your applications, which is now available.

How it works

By using the Authentication Node Authentication-Node in the WEM Modeler you add single sign-on functionality to your application. It is very easy to use: just add an authentication node to your flowcharts, and let the node do the authentication for you. You only need to think about what the flowchart should do in case the authentication is successful or when the authentication fails.

SAML 2.0

We have based our single sign-on functionality on SAML 2.0. SAML (Security Assertion Markup Language) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties. In particular, between an identity provider and a service provider. WEM is the service provider, and the identity provider is the service that takes care of the actual authentication and authorization. This is where all user credentials are stored. This means you need an identity provider. Microsoft Active Directory, Microsoft Office365, Google’s G Suite, Oracle, Salesforce, these and many other companies support SAML and may be used as your identity provider.

With the support for SAML we enable you to model your business application and fully integrate it in your company’s environment. Next, we’ll launch support for OAuth. This open standard for authorization is used by companies such as Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites. We’ll make sure to let you know when OAuth is available in the WEM Modeler.