“What is SSO?”
I had just settled into my seat for the SXSW session, “SSO (Single Sign On): Why Does It Suck So Often,” when I overheard this question in the row behind me. Upon hearing the answer that it was “when you use a social identity to log into a site,” I helpfully turned around and corrected the guy. “Actually, that is known as social login. Single Sign On is when you use one identity to access multiple websites or applications.” The group thanked me and I turned back around, as the session was about to start.
Imagine my surprise and mild embarrassment when the moderator kicked off the session by informing the crowd that SSO really was about using a social identity to access a brand’s website. So I guess regardless of what I or wikipedia think, my first take-away from the session is that the definition of SSO has changed. (Shamefully, I didn’t turn around and apologize for acting like a know-it-all when apparently I don’t know much of anything).
But despite that inauspicious start, the panel offered a lively debate on the pros and cons of using social login (I’m still having trouble calling it SSO) and some good nuggets for the audience to take away. David Carr has written a nice summary for InformationWeek, so I’ll just post a few quotes and best practices I found interesting:
- Joseph Smarr, from Google, who said, “SSO solves two major challenges for technology startups (and I’d expand this to all companies interacting directly with consumers on the web) – acquiring new users and converting them through registration.”
- He went on to say, “if I were creating a startup tomorrow, I would start with SSO. I wouldn’t want to build my own identity system.”
- The reason for this is that simplifying signup solves a major challenge – you risk losing customers every single step in your registration process.
- There was a good conversation about what data a site should collect from the Identity Provider(s) (like Google, Facebook, LinkedIn, etc.), and how to best do so.
Two additional takeaways for me that are relevant to what we talk about with customers were:
- Offer more than one provider for your users. Consumers want choice. And data from our more than 365,000 customer sites shows that consumers choose the top provider (Facebook) only 42% of the time.
- Only ask for that data you really need at that time. “Progressive permissioning” enables you to build trust with your consumers so they are willing to give you information as they want to more deeply engage with your brand.
The panel concluded that the reason SSO (social login) “sucked so often” was that developers didn’t follow best practices, and thus created more problems for themselves and their users than is necessary. If you’ve got questions on how to implement social login, we’ve got a team of digital strategy experts that do this every day.