Is Your Product Enterprise-Ready? (Part 1: Enterprise Authentication)
For many companies, creating an “enterprise-grade” product is the ultimate dream: Build an early version to fit smaller organizations’ requirements, demonstrate market viability and, finally, scale to larger customers. To be sure, that process of building an enterprise-grade SaaS product – and growing into a stable company that can support it – is no small feat.
Here at Okta, we sit at the interface between global Fortune 500 enterprises and the 4,000+ SaaS products they use every day. Through our work with an array of companies and teams building B2B cloud services, we’ve learned a few key steps to becoming enterprise-ready. The first? Establishing proper authentication.
In the first installment of our series, “Is Your Product Enterprise-Ready?”, we’ve identified a few key guidelines for getting enterprise authentication up and running within your product:
Enable Easy, Secure Access with Single Sign-On First and foremost, your enterprise customers will require a secure, simple way for their employees to access your product. The best way to approach this is with standards-based federation to support single sign-on. With federation, your product outsources authentication to your customer’s owned and operated identity provider, which is responsible for authenticating the user, applying access policy and, upon successful authentication, sending the user into your product.
Better yet, with federation, employees only need to log in once into your enterprise customer’s identity provider to access all their corporate applications – including yours. This means users don’t need to remember yet another password when they adopt your product.
Build for Scale It’s important to design your federation and SSO configuration in a way that will help your company scale to tens, hundreds and even thousands of customers efficiently. We’ve seen many teams build a minimum-viable federation capability, but this can increase operational costs, slow down the sales cycle and delay time-to-revenue.
Allow for Autonomy and Self-Service The key to successful federation is self-service configuration. Many implementations stop short of providing this, which results in significant manual work on the part of customer-facing operations, sales and support teams. By allowing your customers to configure SSO on their own, you can accelerate the proof-of-concept process, troubleshooting and customer on-boarding after a sale.
Without self-service, configuration is a slog. Your team must manually exchange configuration information and certificates with the customer, and the process is error-prone, expensive and slow.
Further, contextual help and documentation goes a long way to help speed up the interaction on the SAML configuration screen. Designs vary, so it’s important to remove any ambiguity about definitions and data flows. Highlight required fields, define your terms and explain various product behavior with hover-over tips.
Of course, not every enterprise customer will want to federate, and some will prefer that you manage authentication and passwords within the product itself. We’ll tackle this topic – and many more – in future installments of our “Is your Product Enterprise-Ready?” series.