Okta enables cloud-based single sign-on for Xerox Canada

As companies sort out their cloud strategies, some are finding cloud-based single sign on (SSO) can be a high-tech “perk” for customers.

Canadian package-delivery service Purolator Inc., had that in mind when it made the Okta Inc., cloud-based single sign-on capability available to Xerox Canada, its customer for which it had set up an e-returns portal at Salesforce.com late last year.

With Okta SSO integrated into Salesforce.com, Xerox Canada could arrange pickups of recyclable items such as printer cartridges from its own customers without customers or Xerox employees having to remember yet another password. This was especially apt since Xerox had worked to set up its own SSO system used internally and by Xerox Canada customers to access Xerox applications.

“Right now, Xerox Canada does 20,000 log-ins per month, via the SSO function at Salesforce.com,” says Graeme Shiomi, director of solutions delivery at Innovapost, the technical services firm affiliated with Purolator. It’s a customer high-tech convenience that unites the businesses.

The Salesforce.com-located Purolator portal is mainly for use by Xerox Canada customers for returns and printing out labels. It allows authorized entry when the SSO provider, Okta, passes the user credentials from the Xerox site to the Purolator site and authenticates them against the existing user stores and directories. For Xerox end users, this cloud-based federated identity process is transparent.

Under the arrangement, Xerox Canada can administer which employees or customers have SSO access to the Purolator e-returns service. But Purolator, which pays for the Okta SSO, acts as the top-level administrator. This type of arrangement is now something Purolator is offering to other customers that may want it as well.

Other examples abound.

In the healthcare industry, Santa Barbara, Calif.-based BioIQ, which has health-screening products and a Web portal that can unite employer and insurance content resources, is finding cloud-based SSO a natural fit for its self-described “wellness” business.

After struggling with its own home-grown single sign-on a few years ago, BioIQ decided to use the cloud-based SSO service from Ping Identity, says Aaron Campos, the chief technology officer at BioIQ.

The Security Assertion Markup Language (SAML) is a core component for standards-based SSO but when it came to the technology integration needed to facilitate the SSO experience with various partners, the firm decided this was “not our core business,” says Campos. The in-house work used to involve considerable software management and staging; “now we just point to a URL in the Ping system,” he says.

BioIQ is now seamlessly integrating its “wellness” Web portal with healthcare partners that include products provider Alere for SSO authorized access for individuals. SSO has emerged as a customer convenience to eliminate another layer of passwords that BioIQ is willing to pay for, but it does also mean that its use has to be spelled out in business contracts.

Ellen Messmer is senior editor at Network World, an IDG publication and Web site, where she covers news and technology trends related to information security.