Implementing corporate single sign-on with Umbraco

Last year we worked on an Umbraco project for a FTSE100 pharmaceutical company. The project was to build and implement a personalised training portal, accessible from laptops on their corporate network as well as tablets on the open internet.Unsurprisingly information security was a big issue to them, and part of our brief was to ensure that all user logins were authenticated using their corporate identity provider.

After working with their Information Security team and Corporate Head of Technical Standards we designed a system to integrate the Umbraco Membership system with the client's Identity Provider, Ping Federate, using SAML (Security Assertion Markup Language).

Our custom developed Umbraco add-on worked with Umbraco’s existing tools so that when a new user accessed a protected page we checked their login credentials and if not logged into the Single sign-on infrastructure we would redirect the user back to the Corporate Sign-On Page.

The system took a considerable amount of testing prior to deployment as the SAML technology had not been extensively used by our client. But by working through a detailed test plan, we were able to configure both Umbraco and the Identity Provider and later pass a Third Party Penetration Test before going live with around 3000 staff world wide.

This is just one example of our experience of implementing Enterprise grade Umbraco solutions. If you’d like help implementing Umbraco in your corporate environment then talk to us.