Having all the right tools in your training toolkit will help keep you ahead of any client needs. For some clients, one of those needs is data security. Single-sign-on (SSO) is a data security win because it enables end-users (most often, company employees) to access multiple applications using one username and password. When SSO is deployed and you go to a connected application, it will ask you to sign in with a username or password once. The opposite of this is needing to sign into every application used throughout the workday and having a single password for each application.
But as a training provider, how can you use SSO? Organizations that prioritize protecting customer privacy will enable customers to build emotional connections to the brand, which will improve brand value.
Getting Started with SSO
Using a learning management system (LMS) with SSO will allow your clients’ users to access the LMS with the same set of credentials that they use for everything else. This makes access to the training content seamless, saving them time and reducing the chances of support issues, which can help drive learner engagement with your content.
An SSO-enabled LMS can also improve your client retention rates by optimizing the client experience. The client gets to define authentication requirements and have them consistently applied for all their users. For example, if a client decides that they want to use multi-factor authentication (MFA), they can configure this with the identity provider, and MFA will be used for all applications configured to use the SSO, including the LMS. When it comes to password requirements, the client will be able to decide the complexity and password change requirements. These are maintained by the clients’ security vendor, not you.
Another great benefit of using SSO is knowing who controls access to the LMS. When SSO is enabled, just-in-time provisioning can be used to automatically add users to the LMS when they first access it. Likewise, when accounts are disabled/removed on the identity provider, their access to the LMS is immediately removed. As a training provider, you are not responsible for cleaning up accounts—that responsibility falls on the client and their security team.
Disadvantage of SSO
SSO is not perfect, as hackers only need one access point to the system, but most SSO vendors have plans for these situations.
We strongly recommend working with your clients to get an understanding of how their company’s security is managed. As a small business owner, you will want to clearly define who is responsible for a data breach.
Data Privacy and Security
Ask your LMS vendor if their product’s security complies with industry security standards. For international clients, the LMS will need to comply with GDPR.
If your company does not have an LMS and is currently looking for one, here are a few questions to ask vendors.
- Can I limit permission to reports, test scores, and other learner records?
- How secure is your LMS? What are you doing to actively prevent data breaches?
- What are your security practices when it comes to how often the LMS is patched and updated?
- Have you had any security breaches in the past? (Although this question can be answered using Google, the vendor should have a response.)
- Do you have a disaster recovery/business continuity plan?
This is not an exhaustive collection of questions, but this list covers topics ranging from data protection to security.
When It Comes to Protecting Customer Data, SSO Is Just One Layer of a Security Program
Work with all your clients to understand their security needs, technical requirements, and how they manage their training program. Be an advocate for data privacy and security. Don’t just tell your clients about your security practices; show them how important data security is to you.
Having an LMS that can be set up for SSO is a plus, and so is being able to explain to clients how data can be protected and restricted within the LMS. For example, the Firmwater LMS has a feature known as “Location Administrator.” It prevents administrators outside of specific groups or regions from seeing customer data.
If you’re not sure about the security of your current LMS vendor, reach out to them and ask the suggested questions and any others that come to mind.
For additional resources on the topic of data privacy and security, we recommend:
- 30 Questions to Ask Vendors to Prevent Cyber Risk
- 7 Key Questions to Ask Your LMS Vendor
- Firmwater Hosting & Security
Here at Firmwater, we don’t just sell an LMS for training providers. We partner with our clients, giving them the tools and insights they need to implement the best practices in e-learning course development, growth, and delivery. We care too much about our customers’ businesses to have them wade through forums and chatbots for help.
Ready to use an LMS that’s designed for the way YOU work, with a team dedicated to YOUR needs? Book a no-obligation consultation directly with our team today!