Single sign on (SSO) is the ability to access several software programs with one login. It’s a feature most software buyers look for—and a marginal gain that can help EHS professionals mitigate against under-reporting. Here’s how.

The average person has a whopping 70-80 passwords, and EHS software is yet another application that requires a login. However, single sign on means software systems are linked, and users only log in once.

SSO uses one service to authenticate the end user for all connected apps they have rights to, eliminating future password prompts and password fatigue. It reduces the number of credentials an employee must manage.

Download the Guide to Office 365 as an EHS Portal →

Switched-on EHS professionals will recognize SSO as an asset in encouraging employees to participate in EHS reporting.

Let’s look at the considerations, contexts, and benefits through the lens of EHS.

Examples of single sign on

A clear example of single sign on is Office 365, which one in five corporate employees uses.

Log in once, and access all available tools, like SharePoint, Pro-Sapien, Power BI, Outlook and so on.

Logging into Office 365 for the first time shows a message about staying signed in
Logging into Office 365 in the browser shows a message about staying signed in

Interestingly, SSO can get even more seamless for Microsoft-invested organizations. Devices can be joined with domains (domain-joined) so that employees are logged into Office 365 apps as soon as they unlock their device. This is called Azure Active Directory Seamless Single Sign On.

Another common service, particularly on personal-use apps, is signing in with Facebook/Google/Twitter/LinkedIn. This single sign on uses your social media credentials as the sole authentication.

Some apps offer single sign on using social media credentials
Some apps offer single sign on using social media credentials

Definitions of SSO in EHS software

EHS professionals should be inquisitive when told an EHS software solution supports SSO. Different vendors mean different things:

  • Some vendors mean one new login for their EHS system gives the user access to all modules deployed within it
  • Other vendors mean using existing credentials that a user has for other corporate IT to access all modules within the new EHS system

Pro-Sapien refers to the latter. Users log in with their current Microsoft ID, gaining role-based access. We achieve this through integration with a client’s Active Directory.

It’s a similar story for other Microsoft add-ins, such as LMS365.

Benefits of SSO in the EHS world

Single sign on assists the removal of one barrier to EHS participation: difficulty.

This is particularly true in the Pro-Sapien SSO context, where no new login credentials are required.

In fact, with domain-joined devices, users have already done the login work for Pro-Sapien when they unlock their device in the morning. This is the most beneficial level of SSO.

Consider two scenarios:

  1. An employee observes a near miss involving unsafe behavior. The employee unlocks their device to report the problem, navigating to the company’s safety software. This tool isn’t used every day, so they’ve forgotten their password. After 2 failed attempts they click “Forgot Password” and wait for the reset email to come through. They go to their inbox to find the email, create a new password, and finally get access to the system.  (Total time: 10 minutes)
  2. An employee observes a near miss involving unsafe behavior. The employee unlocks their device to report the problem, navigating to the company’s safety software. This tool isn’t used every day, but the system knows who the user is already via the device unlock, so they’re in straightaway.  (Total time: 5 minutes)

Which scenario is more likely to result in the user actually reporting the near miss?

Even if the user hadn’t forgotten their password in scenario A, it is still more effort than in scenario B. When an employee is short on time and, in their opinion, deems the hazard "not worth it", you've lost some valuable information.

The time is a small difference, but one with a potentially huge impact. One Pro-Sapien client saw a 370% increase in Near Miss reporting after the roll out of our convenient system.

In another vein, which user is more likely to complete a safety training refresher course?

Travis Damgaard Campbell, Senior Business Manager at LMS365 said:

"With LMS365's deep integration within Office 365, learners are signed into their learning environment as soon as they start their computer. This means that LMS365 users enter a well-known environment, where the platform already knows their profile, job and training needs.”

How single sign on works

Regardless of the context used, SSO starts with one login page. In an Azure AD domain-joined device example, that would be this one:

Microsoft Windows 10 Sign-in Screen
The sign-in screen for users of Windows 10 devices

The user enters their password, then the following conversation would take place:

Device: "Hey Active Directory, it’s me, Laptop 1. I’ve got Joe Bloggs logging in."
Active Directory: "Hey Laptop 1, thanks. All looks in order and I’ve authenticated you for Joe's Office 365."
Device: "Thanks AD, you’re the best."

The authentication by Active Directory allows the user to now access all other connected apps on this device, even through the browser (domains). If Joe Bloggs was to go to Pro-Sapien to report a hazard, he wouldn’t need to log in again. Our simple diagram explains:

A simple diagram showing the process of single sign on to Office 365 with a domain joined device
A simple diagram showing the process of single sign on to Office 365 with a domain joined device Expand ⭧

The following would take place instantaneously when the user navigates to one of their Office 365 apps:

  • SharePoint: "Hey, I see AD already authenticated you. Welcome to SharePoint."
  • Pro-Sapien: "Hey, I see AD already authenticated you. Welcome to Pro-Sapien."
  • Teams: "Hey, I see AD already authenticated you. Welcome to Teams."

And so on. The user only had to log on that one time when they started their computer.

Security considerations

SSO solves a common business problem. It allows companies to outsource authentication to trusted providers, such as Microsoft, removing the burden internally.

On the other hand, single sign on is not without security considerations. To combat the risk of an attacker gaining control over a user’s SSO details, organizations can enforce corporate policies such as password complexity, expiry, and multi-factor authentication.

To continue the Microsoft theme, it’s worth noting that using an Azure Active Directory login is more secure than using a 3rd party system login, out with IT control.

Conclusion

In summary, single sign on has the benefits of:

  • Convenience
  • Speed
  • Security

In an EHS setting, convenience could be the deciding factor in an employee reporting a hazard, meaning EHS professionals cannot ignore the risk-reducing benefits of SSO.

Therefore, be mindful of the definitions and look for proof of SSO when you’re choosing new EHS software. Consider the corporate IT you’re already using as a source of authentication to really deliver a consistent, simple user experience.

Keep reading: 3 Better Alternatives to "Export to Excel" in EHS Software

Intrigued by EHS Software on Office 365?

Download the guide for more benefits alongside SSO

Download paper »

One Comment

Leave a Reply