Modernizing single sign-on for digital citizen services

Dean Scontras has over a decade experience advising government agencies on their cloud and identity modernization initiatives. Currently, he serves as Senior Director of Public Sales for Auth0, where he is focused on solving identity and authentication for digital citizen services.

The pandemic was a forcing function to accelerating digital citizen services. For many state and local agencies, the crisis created a test bed to launch pilot projects and engage with citizens digitally when offices shut down.

Dean Scontras, Senior Director of Public Sales, Auth0

The DMV, social security, unemployment offices and courts are just a few of those agencies who needed to urgently scale their digital service offerings. But in order to build a better user experience, streamlining identity and access management (IAM) will need to take top priority.

That calls for simplifying how agencies work behind the scenes with developers to provide quick and safe access to these services, both for citizens, as well as between entities at state and local levels. While single sign-on (SSO) authentication promises a simplified user experience for citizens — one credential for multiple logins — with so many applications across states’ various services, that has proven to be a time consuming and elusive goal for some agencies.

However, an identity solution commonly used in the private sector — referred to as customer identity and access management (CIAM) — can provide state agencies with a modern approach to SSO and streamline the way developers integrate IAM into citizen-facing applications.

For government agencies, where the citizen is the “customer” a government-to-citizen (G2C) IAM solution is the answer to helping agencies securely standardize citizen authentication and to help developers roll out applications at a quicker pace.

Make it easier for developers to develop

Identity authentication for government agencies remains fraught with complexity because of the gamut of applications that have been developed over time. A standardized SSO would mean that developers can integrate authentication code into the development process for new digital services — and modernize older ones.

A strong G2C solution, like Auth0’s, provides a combination of common identity management features that facilitate user registration, self-service account management, consent and preference management, single sign-on, multi-factor authentication, access management, directory services and data access governance. The platform is extensible and customizable in order to make the IAM component easy for developers to integrate directly into new and existing applications.

At Auth0, we have worked hard to make a broad-based library of code available within our CIAM tool so that developers can more readily select and match the right codes for specific applications and deployments. That’s why, frankly, developers love working with us. They can concentrate on creating a user-friendly, scalable and secure digital tool, and not worry about the authentication because it is already solved for them.

The benefits of federating identity

That’s become even more important with the convergence of users, devices and applications, all of which demand an identity-based security approach. Identity is the new perimeter, and therefore to keep up with security across digital services, organizations will need to modernize their approach.

With SSO, not only will agencies be able to federate identity across services to ensure stronger security controls, but it also makes it easier to build applications and consolidate data.

For example, we worked with Providence — a not-for-profit healthcare system — to integrate a more effective consumer-facing digital strategy for their patients. Providence struggled with a siloed system of patient records, resulting in fragmented care, wasted time and frustration for their patients and healthcare workers. Auth0’s approach to IAM allowed them to take advantage of multi-tenant administration, social federation capabilities and passwordless connections.

Part of that success stemmed from Auth0’s built-in adherence to General Data Protection Regulation (GDPR), Health Information Privacy (HIPAA) and National Institute of Standards and Technology (NIST) frameworks. By integrating compliance directly into the IAM solution, regulated industries have security assurances built into their authentication solution.

We’ve similarly helped global corporations, like Siemens, build a single login service for individual operating companies across their organizations. Siemens was able to give developers the ability to update and integrate applications more easily, while ensuring end-users got the benefits of the same login experience every time.

Federating identity and authentication no longer has to be the struggle it has traditionally been, thanks to the power of Auth0’s developer tools. For states and municipalities, those same tools can help fast track efforts to streamline citizen access to multiple services and deliver improved services.

Learn more about how Auth0 can help your agency with citizen identity management.