In the digital landscape that we live in, and with the ever-present threat of cyber attacks, companies need to be ever vigilant. Maintaining the security of customer data is paramount to establishing trust. It enhances your reputation and establishes your company as a safe place to do business.

Robust security is a must, but sometimes it takes away from the user experience. Security measures can make it harder for users to log in or to switch between sites. Usually, this requires companies to make a choice between ease of use and a secure environment. Not a great choice.

Luckily, companies no longer have to make that choice. With OpenID Connect (OIDC), companies can provide a great user experience while maintaining a secure site.

What is OpenID Connect (OIDC)?

OIDC is an identity authentication protocol that works with open authorization (OAuth 2.0) to authenticate and authorize users when they access digital services. OIDC verifies that users are who they say they are, while OAuth 2.0 authorizes which systems those users can access.

OAuth 2.0 is typically used to enable two applications to share information between them without compromising user data. And OIDC is used to allow those applications to also share the authentication of a user. For example, a user can use their Google account to log into third-party sites, like Facebook or Airbnb, rather than creating a new username and password for each site. OIDC also allows organizations to offer their users single sign-on.

This is how it works: A user securely logs into their Google account with their credentials (i.e., username and password), which Google verifies with an identity and access management system as the primary authenticator. Then, Google can use OIDC and OAuth 2.0 to pass that authentication to other applications, like Facebook or Airbnb. A user can quickly jump from Google to Facebook to Airbnb using the same credentials. This requires users to only need to sign in once to be able to access multiple applications. I know that I’ve used this before and it makes things so much easier.   

6 Key Elements of OIDC

1. Users: The people that want to access more than one application without creating a new account with separate credentials.
2. Authentication: The process used to verify the identity of the user.
3. Identity Tokens: A type of security token used primarily in identity confirmation. They contain an identifier for the user, information about the user (e.g., email address, name, etc.), the outcome of the authentication process, and information about how and when the user was authenticated. These tokens are non-static, which is the new standard for token security.
4. Client Software: A website or application that requests and uses tokens to authenticate the user.
5. OIDC Providers: The applications where a user already has an account. They authenticate the user and pass information about the authentication to relying parties using OIDC and OAuth 2.0.
6. Relying Parties: The applications that use the information from the OIDC providers to authenticate users.

Imagine that you want to begin using Airbnb. You go to Airbnb’s site to create a new account. When you click on the link to create a new account, three options are presented in a pop-up window:

1. Log into Airbnb using your Google account.
2. Log into Airbnb using your Facebook account.
3. Log into Airbnb by entering a username and password.

You decide to go with option 1. This brings up a login pop-up for Google. You enter the username and password for your Google account. This logs you into your Google account, but it also creates a new user account for Airbnb using your Google credentials.

In this example, you are the user. Airbnb is the client software that requests and uses tokens to authenticate your user account. Google is the OIDC provider that completes the authentication and provides the identity tokens. And Airbnb is the relying party that uses the information from the OIDC provider, Google, to authenticate your user account.

Benefits of OIDC Authentication

The best part about OIDC authentication is that it provides benefits to both businesses and customers, which is rare in the land of digital security.

Secure OIDC Authentication

OIDC simplifies the sign-in experience for users while enhancing security. It’s an innovative solution for businesses that want to entice customers to sign up for their services by providing a simplified sign-in process that minimizes the number of passwords they need to remember. It’s also user friendly. (And when was the last time you said that about authentication?)

OIDC also fosters a sense of trust between companies and their customers. It sends a clear message that a company values their customers and maintains a firm commitment to safeguard user data. Plus, it shows that a company cares about the experience their customers have. The use of OIDC is a testament of a company’s dedication to security, innovation, and customer service.

In addition, OIDC aligns with the global standards of authentication. This turns a company who uses OIDC into a more attractive partner for third parties. And creating a more secure and trustworthy digital environment doesn’t hurt.

As digital security becomes a major focus of regulatory frameworks, having OIDC certification puts companies ahead of the game when it comes to compliance. It also lays a robust foundation for companies to innovate, expand, and stay on top of the latest technological advancements. Using OIDC enhances the reputation of a company and sends a clear message of that company’s direction to their customers, third-party partners, and their competitors.  

OIDC and GOLDPoint Systems

GOLDPoint Systems (GPS) now supports OpenID Connect (OIDC), the identity authentication protocol that standardizes the process for authenticating and authorizing users. Our OIDC token method provides a more secure process that includes non-static tokens. Auditing departments often look for these non-static tokens in API communication as it is the new standard for token security.

OIDC also provides other benefits to our financial institutions. With our OIDC token method, token expiration is determined within the identity provider, giving individual institutions more control over the life of tokens. This OIDC method also provides institutions with the ability to revoke tokens.

To begin using OIDC with GPS products, companies first need to set up their own OIDC provider. This allows companies to manage tokens and their life cycle. Once an OIDC provider is set up, a company should give GPS the Authority endpoint and the claim identifier (we recommend using "sub"). After that, GPS can get a company set up to begin using OIDC.

OIDC. It’s simple. It’s secure. It’s cutting edge. It’s a no-brainer. Contact GOLDPoint Systems today if your company is ready for OIDC.

“If you do build a great experience, customers tell each other about that. Word of mouth is very powerful.”

–Jeff Bezos