Single Sign-On is all the rage these days.  Organizations are looking to ease the hassles and expenses related to user passwords.  Single sign-on (SSO) is a user authentication process that permits a user to enter one name and password in order to access multiple applications.  This can help reduce the number of calls to a help desk for access issues, thereby reduce the operating cost for the organization.  The latest market trend is to take this a step further and leverage external companies for SSO.  By using products that offer SSO as software as a service (SaaS), an organization can greatly reduce the expense related to the management of these integrations. However, when an organization moves their SSO infrastructure into “the cloud” there are new risks to be considered. sinking feeling definiton

Risky Synchronization Requirements

There are many companies, including Optimal IdM, who offer hosted, single sign-on solutions.  Most of the solutions offered (e.g. Microsoft, Okta, Ping Identity) are massed produced, cookie cutter solutions.  Optimal IdM’s, The OptimalCloud, on the other hand, is a fully customizable solution that is hosted on globally located, dedicated private servers. Most of these SSO vendors require organizations to synch their on premise identity information into the cloud hosted environment, where as, The OptimalCloud does not.  For example, Microsoft has a component called Azure AD Connect, which their clients use to push Active Directory (AD) identities to Microsoft’s Azure cloud.  Azure AD Connect can even push your local passwords up into the cloud.  Okta in turn, has its own Cloud Data Integration tool.  Once again your local identity information is being sent to some shared cloud environment somewhere.  Similarly, PingOne has a directory synchronization service that replicates user identities from on-premise identity stores.

Data here. Data there. Data, data everywhere.

Your corporate, sensitive, identity data is residing on shared servers, which are completely out of your control.  How are the servers secured?  What firewalls are in place? Who has access to the servers and the data? What prevents one client from accessing the information of another client?  There are so many questions that need to be answered.  What about data leakage or security breaches?  These are more and more common these days (T-Mobile, Ashley Madison, the IRS).  By allowing someone else to store and secure the identity data, organizations are increasing the risk of unauthorized data exposure.

Your Cloud, Your Way

One of Optimal IdM’s main differentiators from the competition is that The OptimalCloud does not require data synchronization to provide SSO.  Your data lives securely on-premise.  Your data behind your firewalls and your security policies.  The OptimalCloud is a federated cloud service that provides multi-factor and mobile authentication/authorization. If on-premise data is required, standard secure protocols (e.g. WS-Federation, WS-Trust, SAML, oAuth, OpenID Connect) are used.  The data does not need to be stored in the cloud.  It is retrieved as needed. Synching requirements are just one component of The OptimalCloud which can be completely customized to meet the unique needs of your organization. Your Cloud, Your Way.


As organizations rush to cloud (SaaS, IDaaS) to reduce costs, they must understand the dangers. Having data synchronization and replication as a requirement, the solutions offered by Microsoft, Okta, or Ping Identity may put an organization at risk.  If keeping your data secure and under your control is important, The OptimalCloud solution should be considered.


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.