Secure Way to Sign-in to SaaS/Cloud Services with Only 1 Tap

Everyday at my work, I need to sign-in to SaaS applications. As a person working for a SaaS company, most of my work is done on the cloud. Recently my way of signing-in to SaaS/cloud services at my company has changed. And, since the sign-in process became super quick without sacrificing security, I couldn't stand without sharing this experience with others. Therefore, I would like to share my sign-in process to our SaaS/cloud services.

Demand for secure but easy sign-in process to SaaS/cloud services is increasing

According to a report by Gartner, 88% of organizations have been encouraged to work from home around the globe during COVID-19. Prior to COVID-19, the SaaS market was growing fast and a report by Blissfully shows that mid-market businesses use an average of 137 apps. From these statistics, it is easy to imagine that many people working from home are using multiple SaaS services.

Cloud services such as SaaS can be accessed from anywhere. In fact, one of the benefits of SaaS usage is that users can access from anywhere. However, if users can access from anywhere, it would be difficult to control access. Limiting access from certain IP addresses will not work in the situation where everyone is pursuing remote working. Hence, the use of strong passwords will be encouraged. However, a survey result by Google pointed out that up to 65% of passwords are reused. And, a report by Verizon reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. Even if users manage passwords well, Google survey pointed out that 75% of Americans respondents get frustrated trying to keep track of their passwords.

Therefore, rather than relying too much on the strength of passwords, relying on multi-factor authentication (MFA) became a better solution. Multi-factor authentication is to authenticate a user by not only 1 factor but with multiple factors. Today, the most popular way of multi-factor authentication is to use smartphones as a second factor of authentication. According to an article by Microsoft, multi-factor authentication (MFA) can block over 99.9% of account compromised attacks.

What is HENNGE One?

Before getting into explaining about the sign-in process, let me introduce briefly about our product HENNGE One. HENNGE One is a SaaS product which provides secure single sign-on (SSO) for SaaS/cloud applications. If a company uses multiple cloud services and SaaS, it would be inefficient to sign-in each time users access different SaaS applications. Plus, it would be difficult for a user to manage different passwords for multiple SaaS applications. Single sign-on(SSO) is a solution to authenticate multiple SaaS applications with one set of identity and password. With this solution, users will not be required to manage different passwords for different SaaS applications. Plus, once a user authenticates one of SaaS applications, the user can use other SaaS applications without going through the sign-in process again.

The value HENNGE One provides is that HENNGE One will add a variety of secure access control features in addition to single sign-on(SSO) features. Previously, when most employees worked from the office, IP address restriction was popular which limited access only from workplace static IP addresses. If there are some employees such as sales who often need to access from external locations, the administrator could create an access group and allow only those employees to access from external.

However, as remote working becomes popular and as more people start to work from external locations, it becomes difficult to restrict access only by IP addresses. That was the timing where we introduced the HENNGE Device Certificate.

What is HENNGE Device Certificate?

HENNGE Device Certificate is a feature to provide users to authenticate themselves by using a digital certificate. By this, HENNGE One users will be able to sign-in to SaaS/cloud services by using client-side digital certificates. In order to use this feature, each user needs to install a digital certificate to their device. But, this process will be done easily by using HENNGE One.

What HENNGE Device Certificate does is that it allows users to sign-in only if they have a valid digital certificate installed to their device. Some benefits of digital certificate authentication compare to password authentication are 1) users don't need to remember password, 2) the administrator doesn't need to worry about users to set weak passwords, 3) users don't need to have a step to input their password for sign-in, and 4) the administrator can set expiration date to force renewing certificates regularly.

Digital certificates are a series of long string random characters which are difficult to copy by others so that it will become more secure to sign-in. Plus, the sign-in process without recalling password and typing password each time, will make users more efficient and smooth on signing-in to cloud services or SaaS.

How does HENNGE Lock make it easy to sign-in?

However, if a company is using multi-factor authentication (MFA) with the one-time password(OTP), a user still needs to input the one-time password(OTP) which is sent or generated to the user's mobile device. Although a one-time password(OTP) might be only a 6 digits number, it is a little annoying to input those numbers each time to sign-in.

HENNGE Lock is a mobile app which will add multi-factor authentication (MFA) to HENNGE One. When a user uses HENNGE Lock with HENNGE One, HENNGE One will send a push notification to the user's mobile device asking whether to approve sign-in or not. Once the user taps the approve button, the approve information will be sent back to HENNGE One and HENNGE One will continue with the sign-in process. This authentication is called push authentication.

Achieving 1 tap passwordless login

Once HENNGE Device Certificate is installed to the device such as the PC provided by the company, and once HENNGE Lock is installed to the mobile device, the sign-in process to cloud services and SaaS in the company will be only 2 taps. Tap to notification when the mobile device receives a notification and tap again to approve. Even though the action is really simple, within the sign-in process, authentication using the device digital certificate is done, which is a more secure way to authenticate compared to ID and password. Plus, multi-factor authentication using push authentication has been done.

Furthermore, this is the part I got really excited about. HENNGE Lock iOS version can be used with Apple Watch. When I allow HENNGE Lock notification to notify my Apple Watch, it directly shows the accept button. Therefore, when I use HENNGE Lock with my Apple Watch I only need 1 tap to sign-in to every SaaS/cloud service in my company. Moreover, since my watch is on my wrist most of the time, I don't need to look around for my iPhone to sign-in. I just need to raise my arm to tap. And, this is how my sign-in process became super simple. Lastly, I use the MacBook Air as my company PC and I use Touch ID to login to my MacBook Air. As a result, I never type my password to do my work.

WRITTEN BY