What Is SSO and How Does it Keep Websites Secure?
Corporate website creation means dealing with sensitive information, and you don’t want that information to be accessible to anyone outside of the organization. Whether your company has a need to protect internal website content or safeguard the collaborative workflows behind launching external sites, you’ll want to explore implementing single sign-on (SSO) technology.
SSO requires employees to log in to view website content, but they don’t need to memorize another username or password (or worse yet, have an unsecured, shared password). Login sharing is problematic on multiple levels; not only does it create a security risk with employee turnover, but it also prevents the enforcement of appropriate role permissions. With SSO for websites, your employees have unique logins they don’t have to enter manually, and they can use the same credentials already in place for accessing other corporate tools.
Using SSO for corporate websites is a smart business decision that can reduce failed login attempt frustration, boost productivity, and protect proprietary ideas. This can encourage greater innovation and information sharing across teams, which helps to alleviate siloed workflows and improve collaboration. SSO is useful for both protecting internal websites that are part of your intranet and for keeping your external website creation process locked down to approved contributors.
When evaluating a website platform, choose a solution that offers flexible SSO options to fit your custom needs, prioritizes hands-on partnership, and works with any existing technology in your organization. Having a knowledgeable team at your disposal to guide your setup and consult with you on strategy can mean the difference between a smooth SSO launch process and a challenging one.
OAuth2 vs. SAML
Two commonly used SSO systems are OAuth2 and SAML, which work differently to accomplish the same goal of gating website access. OAuth2 is short for Open Authorization, and it works by greenlighting user access between applications without displaying their login information. Users can sign in to one application and receive access to others without having to log in again by virtue of an access token.
A service provider containing your employee credentials will generate the access token upon request from an application, and tokens may communicate different permission levels. In other words, you can control the type of access your employees have within applications.
Security Assertion Markup Language (SAML), in contrast, connects identity providers, or keepers of employee login information, with service providers. This link allows users to access multiple platforms with a single set of login credentials, and SAML verifies authorization by speaking the same technical language that both types of providers need.
Is OAuth2 or SAML better?
To determine which option is optimal for your company, it’s important to distinguish the concept of authorization from that of authentication. Authentication means verifying user identities, while authorization controls the privileges that users have while interacting with platforms. SAML is an authentication tool that centrally manages user identities, while OAuth2 authorizes users’ access to applications and determines how they can function within them.
In fact, you don’t have to choose between OAuth2 and SAML and can use both, if desired, as part of your comprehensive SSO strategy.
Simplifying it with Squarespace
Purchasing a Squarespace Enterprise plan means you can integrate your website(s) with your SSO provider. There are standard integrations with preferred OAuth2 providers like Okta, Azure, and ClassLink. If you have SAML technology or require something more specific, you can coordinate with Squarespace’s engineering team to build a custom integration (or take advantage of Squarespace’s Google integration with SAML).
One perk of using Squarespace’s Okta integration is the ability to designate permissions for Admins and Website Editors through Okta groups, which means employees get the right permissions the first time they log in to Squarespace. Users can also access Squarespace from their Okta dashboard, and use the Okta button to log in through the Squarespace website.
No-hassle SSO activation for website and web pages viewing
Squarespace Enterprise also provides you control over managing SSO protection for individual websites and web pages. With SSO for private site viewing, you can turn on SSO protection for any site or page of your choosing without assistance. If your company has multiple SSO providers, simply choose the one you want to activate or select more than one option.
This feature eliminates the need to coordinate with Squarespace, your IT team, or add custom code to protect your internal website content. You can also opt to customize the SSO login screen that team members will encounter upon accessing your content to appear brand-appropriate.
Security benefits for team collaboration
Secure website collaboration also depends on assigning your team members the right role permissions to optimize their contributions and restrict capabilities where necessary. Your Enterprise plan provides you the opportunity to select from more nuanced roles than are available on the standard plans.
For example, less experienced employees may benefit from the draft editor role permission, which permits them to create and update page drafts but not publish them. On the other hand, you can designate more tenured employees as website managers who can support you in managing universal site design styles and adding custom code.
Your Enterprise dashboard enables you to assign and change contributor roles at will, so you can adjust preferences as employees develop within your organization.
Making it happen
Once you’ve found a website partner who can support your preferred SSO provider, you’ll want to verify their commitment to facilitating your onboarding process. The right partner won’t simply leave you to coordinate implementation at your company alone; they’ll provide helpful guidance and recurring support as you manage your SSO launch.
SSO through Squarespace Enterprise
Having such a personal resource to assist with best practices, technical questions, and problem solving can significantly reduce your onboarding time. Every Squarespace Enterprise customer has a dedicated account manager to guide them through SSO setup and support their goals throughout their Squarespace journey.
Opting for the SSO-only plan
If you only want SSO protection without the full suite of Squarespace Enterprise benefits, you’ll still be paired with a dedicated onboarding specialist for the first 60 days of your partnership. They’re available to offer expert product guidance through phone or video call upon request, and to serve as a resource for troubleshooting. After their service period ends, they’ll continue to reach out quarterly via email to confirm your satisfaction with the platform and announce any product enhancements that become available to enterprise customers.
Summing it up
Whether you choose to use OAuth2, SAML, a combination of both, or another provider, implementing SSO means reducing friction in your employees’ login experience. And, more importantly, it means keeping your website (and your good work) secure.
