We are increasingly getting calls for SSO/SAML authentication against Azure AD (and to a small extent Okta).
Many of these clients engage with other cloud services for CRM, payroll, training, medical records management, policy/compliance, incident reporting, etc. Each of these vendors offer SSO against Azure and Okta as an option.
Each vendor has an internal authentication system (like Smartermail) AND the option to use SSO/SAML. Some customers allow each of their users to choose, while others block onboard authentication and force the use of SSO via Azure or Okta.
An email system (like Smartermail) is a perfect candidate for offering SSO as an option, because authentication requests to Azure AD (or Okta) use email address and password.
Ideally, Smartermail will allow each domain to use either (or both) authentication methods:
(a) log in with the method we have today, and/or
(b) click an SSO button on the webmail login page which kicks the user to the Microsoft credentials page. Once Azure/Okta has authenticated the user, they are redirected back into Smartermail. Seamless and elegant.
BENEFITS
1.) Employees can use the same email and password to log in to Smartermail as they use for other vendors of the employer.
2.) Does not require convoluted LDAP setups (in Smartermail) connecting back to the in-house domain controllers of each Smartermail customer domain.
3.) Is EASY to set up when the vendor (in this case, Smartermail) publishes their SSO/SAML component in the Azure Enterprise App library, for point-and-click setup.
4.) Using Azure or Okta allows additional security options ("Conditional Access") the client can enforce, WITHOUT making any changes in Smartermail itself, because all of the authentication and Conditional Access steps take place in Azure (or Okta) at the time of sign-in. Let the SSO provider do all the work authenticating the user. Smartermail only sees whether the user has been authenticated or not-- without having to do ANY of the heavy lifting.
5.) SSO/SAML is becoming the de facto standard for "Modern Business" applications, and Smartermail needs to be among them for long-term survival.
We recently dealt with a customer that decided to go with Exchange 365 solely because 365 offered SSO, while Smartermail did not.
Based on our conversations with prospects and customers, it's clear SSO/SAML has become a must-have for products and services moving forward.