SSO Benefits for Your eMarketplace Platform

Get the marketplace platform you need.
SSO Important Features

User Benefits of SSO for eMarketplace

In an eCommerce marketplace, the general concept for single sign-on is allowing an existing infrastructure for sign-on, within an enterprise or an organization, to work with another system. This allows a set of users, with their related fields, roles, and authorization to access certain parts of different systems to be carried into a eMarketplace platform.

We see this a lot with clients who are leveraging buying groups, working with large organizations that are becoming part of the marketplace, and enterprise integrations with external systems. This can often be a really valuable aspect for registering folks, so allowing folks to use typical protocols for single sign-on, such as a Google, Apple, or social media account.

SSOID

Important SSO Concepts: Authorization and Authentication

One of the most common protocols that’s used for this is called Open ID Connect, or OIDC. Many systems that have single sign on utilize this framework, and it’s pretty standard across the board. Other frameworks include SAML, SAML 2.0, Active Directory, etc. Whichever system you choose, they all have requirements for standard integrations that are commonly broken out into authentication and authorization.

Whenever we’re integrating your eCommerce marketplace with a third-party organization that needs single sign-on, or if those you work with will need single sign-on capabilities, we’ll need to integrate a standard set of protocols as well. Most people who have single sign-on are going to use it more for authentication, and less for authorization. Authentication is typically about whether this is a successful login. The mechanism that the single sign on uses to enable access to a system using single sign-on establishes what is generally a source of authority—the authorizing endpoint.

authorization and authentication for SSO

For example, let’s say that someone is single signing in with Google as their single sign on provider. We’re going to check with Google that the account is logged in already, and if not, the user is going to be redirected to Google to log in, and then redirected back to your eMarketplace site. We’re then able to show the user that they’re authenticated to be able to log into the system. And this is just a simple, are they successfully logged in or not according to whomever the single sign-on is with.

Gather Meta-Information

SSO Benefits for Retrieving Information

SSO benefits of retrieving information

Then the next thing that we can do is retrieve what are referred to as claims. This means providing advanced information like additional meta information, such as name and email address, or something related to the entity, such as user entity and custom metadata around that entity.

If you’re doing a single sign-on with a tool such as Okta, Azure, external identities, or Active Directory, or a legacy system that might be an internal Active Directory, rather than for example Google, there will be robust metadata that we can bring in whenever somebody is authenticated. We can then even see things like what they’re authorized for.

In summary, authentication is whether they are successfully logged in or not, while authorization is about what they have access to and what roles they have. Authorization is commonly associated with roles, and per system that we’re integrating with for the single sign-on, the authorization metadata can be different.

Importance of SSO for Customer Experience

Make SSO a Seamless User Experience

The essential concept is the same across all these systems and is about what access the user has and what they will be able to do. The important takeaway for single sign-on is to make it as seamless as possible to persist the information they have already input and they are already managing for this external provider. And the external provider is trusted and has single sign-on authentication and authorization.

So, the user then needs to be able to go to the eCarketplace system and go through the registration process and have a seamless experience when they are selecting single sign-on. Whenever you are working with an eMarketplace provider that provides single sign-on, you want to make sure you work with a company that has worked with Okta, Azure, Salesforce, OIDC, other systems, and other providers who utilize OIDC, such as Google, Microsoft, Active Directory, etc., and be able to integrate others like Twitter, LinkedIn; the list goes on.

Ultimately, being able to offer these different single sign-on providers so that the user has a convenient set of options. But they can manually input their information too. For most companies, it makes sense to allow them to manually create an account or leverage single sign-on.

sso for user experience
Have Different Levels of Access: SSO Registration Process

Benefits of Single Sign-On for Enabling Access

Now for some vendors, they really need to have a certain level of security and be required during registration to use an approved single sign-on provider. Therefore, they may need to have an account in Okta, for example, or in another system. So, a question to ask is, does your marketplace eCommerce vendor have the workflows and the customizability to allow you to enforce these requirements and governed properly within your marketplace?

Based on the type of registration, we need to enforce different steps to ensure that all vendors have an Okta single sign-on. But end users could maybe use common social media accounts that they already have or just register directly within the site.

access with single sign-on

This registration process is really important, and during the registration process, if someone does have a single sign-on account, we need to be able to show the user the fields that have come over from the single sign on provider. A lot of times that data isn't necessarily what the user wants to use within this particular marketplace eCommerce application.

So whenever I single sign on during my registration process, I'm going to bring over metadata that's associated with my account on this provider, for example, Okta. If I already have an Okta account, I will have already filled in a lot of detail there, potentially. And whenever I'm registering with the marketplace eCommerce site, that detail will transfer over if it's mapped. So, we want to be able to present that to the user so they can change it based on the context of the eMarketplace. Maybe the information is different, maybe they have multiple companies that they are part of, or maybe they have multiple website properties, and so on. But ultimately, there could be details that they've input in this single sign-on account that they need to change during registration.

Source of Record when Using SSO

Choosing Which Data to Use During SSO Registration

It's also really important that whenever a user is updating fields in their single sign on account that we bring those updates into the eMarketplace if we want the single sign on system to be a source of record. In other words, if the end user makes changes to the eCommerce profile that they have, and to the single sign-on profile, that might be with their Apple account, or it might be with they’re social media account, which system do we want to enable as the source of truth? Should it be the eCommerce profile that they've modified? Or should it be something that gets potentially updated a lot more often like their social media account?

Or do we want to do this on a field-by-field basis? Maybe there are certain fields that need to be coming from the actual single sign-on account and getting updated regularly from that, but other fields will never be updated from the single sign-on metadata; it should only be coming from the eCommerce profile once a user updates it there. These are some considerations for the registration process and for the ongoing updates that, data-wise, are available within the single sign-on system.

SSO Authorization Capabilities

SSO Benefits for Authorization Mapping

Furthermore, it's critical to be able to understand what some of the authorization options are within the single sign-on system. The single sign-on system may have a lot of different authorization capabilities that might be very different between different single sign-on providers. So there may be, in particular with a Okta system, a set of assignments to different roles that we're going to be able to bring in that just are not available in the social media account that we're using as a provider for single sign on. The roles may be named differently as well.

Between these different systems we need to be able to identify a mapping of roles within the eMarketplace with the roles and authorization details that we're going to be able to pull over from those single sign-on providers. This is really important because whenever somebody is creating a single sign-on account, if we want them to be authorized right out of the gate, then it's really important that it be as much self-service oriented as possible. By properly mapping the authorization, we can allow the user to get right to it based on the authorization that they have in this third-party single sign-on system.

SSO benefits for authorization mapping

SSO Metadata
SSO Benefits for Metadata

Metadata Is Important for SSO

In addition to the authorization mappings, it's imperative to be able to look at metadata. For example, it's very common for many of our clients to have multiple locations and possibly even subsidiaries, or specific division information with these different locations. There might be different warehouses or different distribution centers, etc. So different users have access to different roles, but they also might have access to just certain locations or location information. This could be true for vendors, customers who are purchasing, and internal team members.

For example, for internal team members, they may only have rights to manage and edit content within a particular set of countries that they’re the content manager for. Based on their single sign-on, we want to make sure that we’re properly limiting their access to just those regions that they have control over based on their roles. This can be really important so that they're not accidentally modifying other regions or other areas. This is something that the single sign-on from an authorization perspective needs to be able to handle.

In particular for vendors, we need to be able to properly manage what regions they have access to. They may have an agreement where they can drop ship items in particular areas, for example. Maybe the data that they can upload is restricted based on them being a vendor and in a particular region. Properly restricting access for internal users and vendors is a key concept of single sign-on. Also, it’s critical for customers, especially those in different pricing sets, pricing offerings, and/or different regions, or overall different customer types, that they have restrictions and will only see certain products or will only have access to certain distribution centers. They may also have specific pricing that’s set up just for that customer level.

These are all concepts that implementation-wise are really important with the single sign-on provider in the authorization rules that are passed along as well as the metadata that's coming in from that single sign-on body that we get and response to a successful authorization. We will need to be able to see some of these advanced metadata in them and properly map it.

Utilize Full SSO Abilities

Take Advantage of All SSO Benefits

use sso benefits

Now if this doesn't happen and users are using single sign on, they're really not getting to take advantage of the full benefits of having single sign-on. And if you think about a marketplace at scale, it's really important that the authorization and the access to different aspects of the system be as automated as possible. It's absolutely necessary to be precise and accurate, so that folks don't have access to too much but they also don't have to wait for manual access and manual processes to kick it in order for them to be able to do their job.

So those are some of the aspects of single sign-on that are extremely important. Being able to go through and test all of this is a really key aspect as well. For many of our clients that have single sign-on with their marketplace eCommerce systems, they have a lot of different single sign-on offerings and making this part of the ongoing Q&A and ongoing updates and patching to have a robust set of testing that goes along with all of the patches and updates and maintenance is logistically really nontrivial. It’s crucial that the vendor that you’re working with to implement your eMarketplace really respect this within both planning and budgeting and then actually executing on full testing and validation if you have a single sign on implementation for your marketplace platform.

Clarity Can Help

Clarity’s experts have experience dealing with all these different aspects of single sign-on. We’d be happy to discuss your current projects, challenges, and ways we can implement opportunities for your marketplace eCommerce platform. Click the button below to talk to one of our experts and get a free demo and no-obligation price quote.

Contact Us
ecommerce development team

FAQs

  • Why is SSO important?

    Single-on allows users to sign in to another system using an existing account on another platform. It is useful because users can bring in their associated fields, roles, and authorization data automatically without having to input the information again. This allows for easier and quicker registration to an eCommerce site, enhancing the user experience. Enabling a seamless customer experience is extremely important for eCommerce marketplace, as this is a large part of what will keep customers coming back to your site.

  • What are SSO benefits?

    Not only does single sign-on enable a smoother registration process, but it also enables specific authorization access to certain parts of the marketplace platform. This means that using their single sign-on, vendors and customers can have restrictions and permissions on what they are allowed to do on the site. This is beneficial to properly governing the marketplace platform. Governance and management are key to a successful e-marketplace.

  • What is SSOID?

    SSOID, or single sign-on identification, is the login information you use in one system to log into another system. For example, Google is a common SSO provider, so your username or email address for your Google account would become your SSO ID for the marketplace platform you signed in with Google.