Even if you're not a sports fan, you're probably familiar with the image of a coach and a clipboard. Using X's and O's to depict the players on their clipboard, coaches can communicate a plan to their team.

Like any good coach, you too need to understand the X's and O's of an important concept - "Single Sign On" - so you can properly communicate and advise your clients on the strategy and benefits of this important and ever evolving technology.

You need to become conversant in why passwords are important, the fact that corporate security and personal employee information are key drivers, and how the pieces fit together. Doing so puts the coach's clipboard in your hands.


Password overload

In today's Internet world we can all relate to trying to keep track of multiple user IDs and passwords needed to access multiple sites like bank accounts, bill pay, social networks, etc.

A Microsoft research report published in 2007 stated that Internet users have an average of 6.5 passwords and access an average of 25 accounts. (The report also showed that people use the same password for multiple accounts.) And this is just for personal accounts - our jobs require a whole other set of application login credentials.

With the advent of online benefits, employees have even more logins to deal with - portals for plan comparison, for online enrollment, for access to FSAs, 401(k) accounts, personal health records and more.

Password administration is one of the top IT items involving requests for assistance from employees. HR administrators and IT support are overwhelmed with supporting these systems.

Passwords are the most common method used to meet security requirements for online systems.

Highly secure environments often utilize physical access controls such as biometrics or smart cards, but those environments are beyond the scope of this discussion.

Best practices for password management of online accounts continue to evolve.

Common sense rules like "don't put passwords on sticky notes on your computer" and "don't use easy-to-guess names" (like the names of pets, chlidren's birthdays or wedding anniversary dates) are well known. Password expiration (typically 90 days), password strength requirements, and limitations on the number of login attempts are becoming standard fare of corporate software security.


Increasing standards

Adoption of more restrictive standards is being driven in part by HR departments' increasing concern about the sensitivity of personally identifying information and personal health information.

Regulatory requirements like HIPAA continue to drive requirements for control over access to and transmission of both PII and PHI.

Ultimately, HR has to balance security requirements with ease of use of corporate systems by employees - policy versus productivity.

Fortunately, SSO helps with both needs.


SSO to the rescue

Simply stated, SSO authenticates a user (employee) one time and then allows that authentication to be shared among the applications an employee needs access to. SSO is shared authentication among independent applications.

Authentication is done at the technology level and therefore it is transparent to the user. This eliminates the need for an employee to remember all their user IDs and passwords and significantly reduces the administrative burden on HR. Moreover, corporate security is actually enhanced.

SSO lends itself nicely to the "what and how" model of technology solutions. In this model the focus is on "what" users want, not on "how" IT is going to build it.

Given this reality, perhaps the best way to understand SSO is from the perspective of an employee or other individual - that is, what will the solution look like to the people who will actually use it?


Visual connection

The diagram on p. 60 illustrates the SSO concept. First, visualize the diagram without any arrows. In this scenario, employees have to remember their credentials for a total of five different applications (not to mention the separate URLs) - corporate network (company Intranet), benefits portal, pay stub, flex spending and 401(k). Of course, there are other applications like HSAs and HRAs, but you get the idea.

The arrows in the diagram represent SSO connectivity. So, for example, an employee begins her day by logging into the corporate network, which gives her access to the company Intranet.

From the company Intranet portal, a secure link grants her access to her personal benefits portal. The benefits portal, in turn, provides access to her pay stub and FSA and 401(k) accounts. No additional logins are required.

Of course, there are different ways to draw this diagram depending on the needs of a given employer.

Maybe there isn't a company Intranet or the company doesn't have the IT resources to work on SSO. Either way, in this case the benefits portal becomes the initial entry point for employees.


Leverage what you've got

One of the key benefits of SSO is that it allows employers to leverage their existing technology.

They shouldn't have to switch applications or systems to implement SSO and are free to select best-in-class applications (and related services) for the systems HR provides employees. And when an employer decides to switch or upgrade applications, SSO should be high on the list of capabilities of any potential new vendor.

Shared authentication projects are not difficult or expensive, but they do require the various systems to be integrated at the technology level.

In an SSO implementation, the technology details fall to the different vendors, so communication among the IT groups is paramount. Fortunately, standards have evolved around SSO that include the usual array of acronyms - SAML, OpenID, OTP Tokens, etc.

Employers might require the use of a specific technology, but often these are based on industry standards and are easily accommodated.


Beneficial to all

The benefits of SSO to employers are significant - improved adherence to security policy, reduced administrative overhead and empowered employees. Any time an employer can leverage existing technology, the value of each application increases.

Why should brokers care? Because becoming an SSO coach is another step in becoming a true consultant and trusted adviser. Helping to broker SSO solutions for your clients puts you in a position to guide and advise, maybe even provide, all of the benefits employers need. EBA

Lamb is senior vice president and general manager, Benergy Interworks, at A.D.A.M. Inc., in Atlanta. You can reach him at jlamb@adamcorp.com.

Benefits technology updates

Mercer's outsourcing business reported a 55% increase in chat sessions handled by its contact center staff in the first half of this year, compared to the first half of 2009.

"Chat supports people going online and looking at their benefits. And if they have questions, they don't have to make a phone call, they can just start chatting and get answers to their questions," says John Conroy, director of contact center services for Mercer's U.S. outsourcing business. "Clients like that because they want their employee base to be educated about their benefits, the value of those benefits, understand how they should be thinking about their coverage or their retirement. The more they can get folks to look at stuff online, the more educated their employee base is going to be."

A number of Mercer clients plan to offer chat capabilities to employees later this year, and it's an area Conroy expects to see grow. "When you add a communication channel - whether it's phone calls, chats, e-mails, whatever it is, and maybe it will be social media some time in the future - it seems to me people embrace them," he says. "More online communication is the preferred method, at least to younger people.

"Video is also a good forum for communicating longer, more in-depth messages, such as health care reform or overall benefits strategy. "Web technology has totally changed in the last few years, so some of these things that used to be prohibitively expensive are now really affordable, even for small and midsized organizations," says Jennifer Benz, president of Benz Communications.

Adam Wootton, senior consultant with Towers Watson, was involved in helping an employer communicate a move to a consumer-driven, high-deductible health plan. The company used a series of online videos to communicate the change. "It was done in a very friendly, conversational format," he says. "And we found that was very, very engaging for employees. Watching a video and hearing someone explain what an FSA is, what an HSA is, is a lot more effective than a document going out. That's an area where we will see a lot of growth." - Andrea Davis

Register or login for access to this item and much more

All Employee Benefit Adviser content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access