Delegated authentication is a security concept that is applied to the area of authentication. A company can outsource the authentication process to a third party – thus offering the major advantage of specialising in identity verification. The company cannot implement complex authentication systems to guarantee IT security.
Delegated authentication also has a user-friendly benefit: users who want to log on to a program or system don’t always have to log on separately. That’s because the external identity provider can confirm their identity wherever delegated authentication is implemented. Single-sign-on (SSO), for example, also uses the authentication concept. Read on to learn how delegated authentication works and what other advantages this method has to offer:
How delegated authentication works
The traditional authentication approach is where an application uses its own methods to verify users. Delegated authentication, on the other hand, allows identity verification to be performed by a specialised external service, often with the help of standards such as OAuth, OpenID Connect or SAML. This is how the process works: the user tries to access an application that supports delegated authentication. The application directs the user to an external authentication service that checks the user’s identity using the username, password or other methods. Successful verification is certified by a confirmation token that is sent to the application and allows access to that application.
How does this work in different industries and areas of application?
- Payment transactions:
Three parties are used for identification purposes in payment transactions – the issuer, the acquirer and the card systems.
The issuer is effectively the customer’s bank and manages the authentication process.
The acquirer transmits the payment information to the issuer to verify the transaction. Sometimes, the acquirer also acts as the company’s payment service provider.
The card systems and the issuer – the bank, in other words – are responsible for creating and validating the proof of authentication.
In the case of delegated authentication, the authentication normally performed by the issuer is forwarded to the acquirer. This allows the acquirer to control the process and its quality, thus improving the purchasing experience and reducing efficiency losses.
- E-commerce and online services:
The use of delegated authentication – such as social logins or single sign-on options – makes it easier for users to log in and improves the user experience. This, in turn, increases the likelihood that customers will return. - Healthcare:
Delegated authentication makes it easy for patients to access their medical information across different medical facilities. - Company applications and SaaS platforms:
Companies use delegated authentication to enable their employees to access various cloud services and SaaS applications easily. - Social media platforms:
With the help of delegated authentication, social media sites can allow users to log in to other platforms or apps using their existing accounts. - iGaming industry:
Gambling platforms use delegated authentication to make it easier for players to log in with their accounts or social media logins. This enhances user-friendliness and encourages customer loyalty.
One of the major benefits of delegated authentication is that it effectively increases security. What’s more, it improves the authentication experience, which in turn leads to higher conversion rates while at the same time reducing fraud.
What are the other advantages of delegated authentication?
- Improved security:
Third-party providers of authentication services are often more experienced and adept at security than many companies. Outsourcing authentication to a trusted provider enables the use of proven security measures – thereby reducing the risk of security breaches – especially for security-critical applications. - Ease of use:
Delegated authentication provides a seamless login and registration experience for users. Using their existing credentials from a known and trusted service, they no longer have to log in to each service or application separately. This improves the user experience and promotes customer loyalty. - Single sign-on (SSO):
Delegated authentication is an important part of single sign-on, which allows users to log in once and then automatically gain access to multiple connected applications. This boosts user productivity because there’s no need to log in repeatedly to different applications. - Time and cost efficiency:
Companies may find it more cost-effective to outsource authentication to a specialised third party than to develop and maintain their comprehensive authentication system. It saves time and resources because the company does not have to implement an authentication system from scratch every time a new application is developed. - Scalability and availability:
Third-party providers of authentication services typically deploy powerful and scalable infrastructures that can handle high user loads and demands. This guarantees reliable authentication and availability – even during peak periods. - Compliance and data protection:
Reliable third-party authentication service providers can meet specific compliance and data protection requirements. Using this type of provider helps the company to ensure that it is complying with applicable laws and regulations.
Delegated authentication in practice – an example
Let’s imagine there’s a patient portal that allows patients to access their medical data such as records, appointments, lab tests and other health-related information. Several medical facilities or healthcare providers use this portal – yet each of them have their own internal authentication for their employees and systems.
Instead of developing a dedicated authentication system for the patient portal, the company operating the portal decides to delegate authentication to the various medical facilities. This involves choosing a reliable third party to handle the delegated authentication process.
In a patient portal, patients have the ability to access their medical data – such as records, appointments, lab tests and other relevant information. To make this possible, the authentication of users is outsourced to a trusted third party.
The procedure operates as follows:
When the patient accesses the portal and wants to access their data, the portal forwards the user to the third party responsible for authentication. There, the user is asked to identify themselves with their credentials (username and password) or other authentication methods. The third party verifies the user’s identity and issues a confirmation token stating that the authentication was successful. Once the patient portal receives the confirmation token, it grants the patient access to their personal medical information. This process enables secure and convenient access to medical information across different medical facilities.