Using OpenID Connect in your SAML environment

Author: Mathijs Brand

Last updated: February 21, 2019

As e-commerce becomes increasingly normalized, your customers and business partners now expect to interact with your business online. Frictionless and fully secure, of course. Anything less risks hurting your bottom line. Your IT department is working around the clock to facilitate this, but SAML has its limits. For one, most modern Identity Providers (IDPs) require OpenID Connect. But this ready-made solution is not compatible with SAML environments... at least not without some smart assistance.


Reliably identifying digital users in the finance industry

As solution and enterprise architects, we must constantly adjust our systems to developments in security, customer experience, and digital technology without disrupting our core processes. After all, we have spent a lot of precious time and resources building the environment we currently have. Most financial institutions, including insurance providers, are running SAML environments. This presents a problem, as most modern and reliable Identity Providers (IDPs) – the ones customers tend to like – require OpenID Connect. Short of rebuilding your full system from scratch or setting up an entirely separate environment, what options do you have?

What is OpenID Connect?

OpenID Connect can be used in conjunction with OAuth 2.0, serving as a flexible identity layer on top of your existing protocols. It provides an access token and an identity token for users once their identity has been established. OpenID Connect is simple and flexible, and works with multiple identity providers. The security and privacy characteristics can be scaled up or down depending on your requirements. OpenID Connect was designed to work for a wide range of clients including web, mobile devices, and JavaScript. All in all, an ideal tool for managing the balance of security and a smooth customer experience in the context of identification.

The trouble with identification protocols

The problem of securely verifying the identity of online users, particularly consumers, is a tricky one. Trying to build this functionality in-house will open up a big can of worms. There are too many moving parts: from the requisite level of technical expertise and changing consumer preferences to industry regulation on security and privacy, not to mention the various types of end users whose identity needs to be verified (partner organizations, for example, should be treated quite differently from customers). As OpenID Connect is added on top of an existing OAuth 2.0 structure, it is non-invasive and can continue to meet external and internal requirements while your underlying protocols remain intact. This gives you the flexibility you need to meet consumer and security requirements as and when they arise.

Onegini can bridge the gap

Not running OAuth 2.0? No problem. You can still reap all the benefits of OpenID Connect using Onegini Connect. Onegini Connect will slot into your existing structure without disrupting it and act as a flexible central hub to bring together all your systems, databases, and the functionalities you need. This allows you to build on all the hard work you have done so far and future-proof your organization by opening it up to modern developments. It solves your most difficult technical challenges, including:

  • Session management across devices, browsers, and portables
  • Central identity management
  • Mobile security
  • Keeping up to date with technical and regulatory developments

What else can Onegini Connect do?

Onegini Connect was designed especially for the finance industry. This gives it a range of advantages over more generalist CIAM solutions. The platform was designed for use by consumers, has native banking-level security, and is fully customizable to your requirements. It offers everything you need to create a seamless and secure customer experience. This will allow you to promote self-service, saving time and money and increasing customer loyalty. Moreover, it is constantly updated to meet the latest security and privacy regulations relevant to the finance industry.

 Onegini Connect provides:

  • an extensive and clean API for web and mobile to help you create the best possible user experience
  • the level of assurance you need when granting access to external consumers and agents
  • easy integration into your existing architecture

Is Onegini Connect right for me?

Want to find out how Onegini Connect can improve your setup? We’d love to explore how we can help. Contact us today for an in-depth chat – no strings attached!