Using OpenID for single sign-on

February 9th, 2010   /     /   Product and Technology

OpenID has been around for half a decade now. First developed in 2005 by Brad Fitzpatrick, it has received much attention and massive adoption. At least on paper. But are you using OpenID for anything? Why not?

We recently had the opportunity to analyze the database of a SaaS provider with more than 3,000 active business accounts. The analysis showed that out of those accounts, only 1 percent were using OpenID to log into the application. And when we looked a bit further into those accounts, only one or two users had it configured on their user record.

There may be hundreds of millions of OpenIDs in circulation, but people are not using them, at least not for business use. Here are some reasons why:

  • OpenID URLs are hard to remember and must be entered upon logging in to a site
  • An extra off-site authentication step is required to grant permission to the site
  • Most people are unaware that they even have an OpenID
  • OpenIDs are usually personal and not owned by the organization

The big advantage of OpenID is that it takes the password out of the loop, but the user experience is usually not great. We would like to change that. OneLogin is an OpenID provider and all of our users are automatically issued an OpenID like this:

      https://app.onelogin.com/openid/mycompany.com/joe

The URL is a little long, but it shouldn’t matter since doesn’t have to be typed in during the login process. Once the OpenID is provisioned in an app, the user can log in by simply selecting the app on the OneLogin dashboard. This is possible because OneLogin handles both providing the OpenID to the app as well as handling the all the back channel communication with the app.

This provides for a great OpenID experience. In summary, OpenID with OneLogin has the following benefits. 

  • Users do not need to know their OpenID
  • Password-less login
  • Organization owns the employee’s OpenID identity for its business apps
  • Effectively preventing phishing
  • Combine with strong authentication

We use OpenID wherever possible now. That was not the case in the past.

About the Author

Thomas Pedersen, founder and CEO of Onelogin, has more than 15 years of experience in building and selling carrier-grade billing systems for phone companies, initially at Cisco-backed Digiquant in Denmark and later at Intec Telecom Systems in the US. After having helped Zendesk grow to 5,000 customers as VP Business Development, he is now laser-focused on making OneLogin the most widely deployed identity management solution in the cloud.

View all posts by Thomas Pedersen