The one constant element of technology lies in its ever-changing nature. As digitalisation evolves at a rapid rate, advancing in different areas, so does the technology that accompanies it. When it comes to our nation’s efforts to embrace digitalisation, the Singapore government has always been progressive and forward-looking, foraying into new digital endeavours and encouraging the adoption of new technologies.
One such initiative includes the shift to using OpenID Connect (OIDC) for Singpass integration and authentication. This makes it especially important for businesses relying on Singpass to integrate OIDC into their systems as well. In this article, we look at the different aspects of OIDC organisations need to know
What Exactly Is OIDC and How Does It Work?
OIDC is an open authentication protocol that adds an identity layer to OAuth 2.0. OAuth 2.0 is an authorisation framework allowing third-party applications to access a user account by delegating authentication to the service provider that hosts it. With OIDC, clients can verify the identity of an end user via authentication by an authorisation server. Furthermore, it provides a single framework for securing APIs, mobile native apps, and browser-based apps.
OIDC starts by asking the user to authorise a request. OIDC scopes will be included along with any additional areas of user information that the client wants. In response to the request, the client will receive both an ID and an access token that carry claims containing information about the user. For the remaining claims about a user, the client can then contact the UserInfo endpoint of the authorisation server. OIDC empowers greater discoverability and more seamless IT security management.
How can OIDC help my business?
For one, OIDC improves IT security by enabling the checking of authorisation across resource, user and device levels. This multidimensional security approach minimises unauthorised access. Moreover, as mentioned above, since OIDC works by issuing access tokens, data will only be accessed by authorised users. Organisations gain visibility to the users accessing their data, which leads to greater peace of mind and overall enhanced IT security. Secondly, OIDC provides convenience and eliminates the hassle of having multiple applications and separate databases of information. When digital identities and authorisation access are securely encapsulated on one platform, IT resources can be maximised elsewhere.
Last but not least, OIDC is efficient and intuitive to use. Since OIDC is built upon OAuth 2.0, it is API-ready, providing a complete, standardised setup across all touchpoints, from the authentication process to the display of the outcome. The response-request format is human-readable as well and works well for data-interchange operations.
What is the difference between SAML and OIDC?
Before Singpass integration shifted to OIDC, it relied on SAML. With SAML, an identity provider and a service provider can authenticate with each other through XML. SAML was one of the first to be used for federated access, establishing it as a major player in the SSO arena. Though both SAML and OIDC are similar in function, allowing for authentication and secure transmission of user information between authentication systems, they are different in many ways. Below are some differences between the two.
Why is OIDC migration critical for Singpass integration?
OIDC is simpler to integrate than SAML, and it supports a greater range of apps. It consists of the following features:
- Simple-to-use identity tokens: Client apps receive an ID token, a secure JSON Web Token (JWT), which contains the user’s identity. These tokens are simple and portable, with a variety of signature and encryption algorithms you can choose from.
- The OAuth 2.0 protocol: To receive ID tokens, clients employ OAuth 2.0 processes, which operate with both web and native mobile apps. OAuth 2.0 also implies that you may use a single authentication and authorization protocol for obtaining access tokens.
- Simplicity with sufficient features: OIDC is easy enough to integrate with basic programs while simultaneously providing capabilities and security choices to suit even the most stringent business needs.
Partnering with Adnovum for Seamless Integration
With Adnovum's expertise in IT security in Singapore, organizations can trust a seamless integration of OIDC into their IT infrastructure. Adnovum ensures that the integration meets the diverse needs of both internal and external users. Contact Adnovum today for more information on making the OIDC transition a success for your organization!
