Want to deter prying eyes from seeing the proprietary content on your benefits microsite, without ruining the employee experience? Just sharing passwords won’t be enough. Use a special URL that automatically logs employees into secure microsites.
What’s the Problem with Shared Passwords?
When a company wants to deter the public from seeing their benefits microsite content, the easiest solution is to password protect the microsite and share the password throughout the company. The benefit of this light-touch approach to content security is that spouses and family members can easily access information outside of the company firewall as long as they have the passcode. This keeps the company’s benefits information slightly secured from competitors since it wouldn’t be publicly visible on the internet.
If HR needs to link to a particular bit of content on the external microsite from inside the corporate intranet, employees need to log in twice.
Also, a shared passcode adds a layer of secrecy that prevents the content from being easily discoverable on search engines. Because if the search engine robots/spiders want to, they could index a microsite even if we tell them not to using the handy “no index / no follow” commands.
The problem is, this security comes with a layer of inconvenience for employees in a specific, but common, situation. If HR needs to link to a particular bit of content on the external microsite from inside the corporate intranet, employees need to log in twice. Which, from our experience, is just enough friction to make them less likely to want to use the microsite, missing out on important benefits information.
The Alternative, SSO, is too Much
Typically Single Sign On, or SSO, is the only option our HR partners are aware of that solves this inconvenience. But that comes with its own set of challenges. SSO is complicated to implement and requires lots of time and coordination between us, the outside vendor, and the client’s IT department.
But we understand the impulse to gravitate towards SSO. It’s become so standard that people don’t realize how difficult it is to implement.
SSO is complicated to implement and requires lots of time and coordination between us, the outside vendor, and the client’s IT department.
Also, this heavy-handed approach to content security locks out spouses or anyone outside of the company’s firewall. They would need to use a VPN to be able to take advantage of the SSO features, replacing one inconvenience with another. For instance, imagine an employee at a doctor’s office, who needs to review their benefits prior to making a critical medical decision, SSO denies them access or at least makes it challenging to enter the microsite.
So, what do you do when you don’t want the high security (and headaches) of SSO but also don’t want the inconvenience of a passcode?
Enter Authorization Links: The Best of Both Worlds
We came up with Authorization Links to make logging in to secure microsites a breeze for employees. These links are special URLs that have the passcode feature built-in, so when clicked, the user is automatically logged into the microsite. This way, we’re making it super easy for employees to log in, without sacrificing security. And, just to clarify, Authorization Links are meant to be a handy addition to the passcode process, not a replacement. Basically, we’re taking the convenience of SSO (without all the extra hassle) and combining it with the simple security of passcodes (without the inconvenience).
These links are special URLs that have the passcode feature built-in, so when clicked, the user is automatically logged into the microsite. This way, we’re making it super easy for employees to log in, without sacrificing security.
How Does it Work?
The passcode is turned into an authentication token by “hashing” it, aka turning it into gobbledygook so prying eyes can’t make sense of it. Then, whenever our HR partners or their clients need to create a secure link from inside the intranet to the microsite, they can add the authentication token to the end of the URL.
Like this: /benefits/medical/?auth-token=asdgobblidigook
Once we give them the auth token they’re free to use it on any link in the intranet.
To sum up, shared passwords might keep the company’s benefits information secure, but they make it a hassle for employees who have to log in twice if they’re coming from the company intranet. SSO, on the other hand, can make things easier, but it’s a headache to set up and cuts off access for anyone outside the firewall. Authorization Links, on the other other hand, automate the login process while still keeping things secure. So, no more double logins, and no more restricted access outside the firewall. It’s the best of both worlds!