This content is part of the Essential Guide: The history of cloud computing and what's coming next: A CIO guide
News Stay informed about the latest enterprise technology news and product updates.

A CIO's approach to managing single sign-on in the cloud

Medical informatics provider Schumacher Group integrates on-premises and Software-as-a-Service-based client identities with a single sign-on service.

Hurricane Katrina brought clouds of a different sort to Schumacher Group, a Lafayette, La., provider of medical informatics to 2,500 emergency room physicians and administrators nationwide. "I recognized the susceptibility of our data center," CIO Douglas Menefee said.

Following the storm, Menefee moved 10% to 15% of Schumacher's sales-force and recruiting processes into the cloud with implementations from Inc. and the related development environment for the platform. Next to be moved were customer relationship management (CRM), financials, e-signatures, email for providers, email marketing, tax filing, contract management, and time and attendance processes. Those were placed with a variety of Software as a Service (SaaS) providers. To date, 85% of the company's business processes reside in the cloud (see below for a list of the SaaS products adopted so far), an effort that made the business resilient but led to a "spaghetti bowl" of multiple passwords. "As we brought on cloud services, the challenge was identity management (IdM), Menefee said. "We needed single sign-on [SSO]."

The challenges Schumacher faced in integrating cloud services with its back-end systems are similar to those confronting enterprises everywhere. "Having a cloud identity capability is an important enabler of cloud services," said Bob Blakley, vice president and research director for identity and privacy strategies at Burton Group Inc. in Midvale, Utah. Integration of cloud services with on-premises systems is "a critical piece of the puzzle," he said. When moving into the cloud, "big enterprises don't just close their data centers and sell their servers."

Six months ago, Schumacher implemented Boulder, Colo.-based Symplified Inc.'s SinglePoint Cloud Access Manager to give its physician clients a single password to a custom communications portal. The portal was created using Adobe Systems Inc.'s ColdFusion development environment for Internet applications; Microsoft's Active Server Pages (ASP), a server-side script engine for dynamically generated Web pages; and Microsoft SQL Server and Open BlueDragon open source software with a ColdFusion Markup Language (CFML) Java engine.

Emergency room physicians and administrators use the portal to submit copies of their documented patient visits; Schumacher then provides an analysis and best practices for improving documentation, and compares their work with that of other physicians in the Schumacher network. With the portal, instead of taking a day to give physicians feedback, the company can do it "as soon as possible, based on our business intelligence and chart routing systems," Menefee said. "Our goal is to be the most user-friendly environment in the country; we don't want our physicians to go through a rigamarole."

"A lot of our physicians are working in rural environments, with not a lot of interaction with their peers," Menefee explained. "Because of malpractice laws, risk mitigation is imperative for both the physician and the patient."

Single sign-on simplifies security management

Multiple passwords create a management nightmare: People write them down, stick them onto Post-it notes where other people can see them, give them to a co-worker or a friend when they're out of the office, or lose them, requiring IT to reset them constantly. Symplified's SSO service, on the other hand, encourages good behavior, Menefee said. "It's a violation of HIPAA to give your username and password to someone else. With single sign-on, our users understand that they have access and responsibility."

Internally, all of Schumacher's employees use Ping Identity Corp.'s IdM software to access the Salesforce applications, which were in place before the custom physician portal was built. Menefee evaluated using Ping Identity for the physician portal, but that software was more expensive and difficult to integrate than SinglePoint Cloud Access Manager, he said.

SinglePoint Cloud Access Manager takes SSO IdM three steps further by providing authentication, user provisioning and administration, and auditing for cloud and on-premises applications. Moreover, Schumacher can manage security controls from inside its firewall, ensuring that users are presented only the data and content they are authorized to see.

A component of the SinglePoint SSO software, called IDR (identity router), resides in Schumacher's data center. Physicians' identities are housed in, and the identities of Schumacher employees who use Google Apps (about 200 of a total of 750 employees) are stored in a Windows Active Directory. Both and Active Directory employ the lightweight directory access protocol for IdM.

Novell Inc. and TriCipher Inc. also have announced SSO products priced in the same range ($2 to $4 per user, per month) as Symplified's, according to Andras Cser, principal analyst at Forrester Research Inc. in Cambridge, Mass. "What distinguishes Symplified is their broad range of connected SaaS endpoints and ease of integration with the client's user directory infrastructure," he said. "Symplified's SSO offering centralizes user ID and password management and use to a managed portal."

Such integration is becoming a requirement, Cser said. "Today, we see most enterprises asking for identity and access management for cloud SaaS applications. In the future, we expect that enterprises will also ask for identity and access management as a cloud SaaS application."

Single sign-on solutions leading change

The winds of change that blew in with Katrina put Schumacher's Menefee at the forefront of cloud computing adopters. That has given him a unique opportunity to influence third-party products. "With all these companies being so new, and by embracing this new way of thinking and focusing on innovation, I feel like I have a voice with the product," he said. "Not all the solutions are fully baked, but the benefits that we get totally outweigh the work that still needs to be done."

Schumacher purchased Google Apps licenses for physicians to access email, chat and calendar functions; and Google Apps licenses for 200 Schumacher employees to access Google Docs for collaboration. These licenses are integrated with the CRM application, and Menefee is rolling out video and email integration.

To get an idea of how important having SSO between and among cloud and on-premises services was to Menefee's strategy, here's a rundown of the SaaS offerings Schumacher has adopted to date:

  • Scheduling with Tangier EPS from Peake Software Labs, an application designed specifically for emergency departments' scheduling.
  • Financials with Oracle Corp's PeopleSoft in a hosted environment.
  • Human resources applications (human capital management, employee payroll, benefits, manager self-service, employee self-service) with Workday Inc.'s software of the same name.
  • E-signatures with EchoSign's namesake software and Docusign's eSignature Service, both delivered in conjunction with and Google.
  • Email for providers with Gmail from Google Enterprise.
  • Email marketing with Eloqua's namesake software, integrated with
  • Tax filing with Ceridian Corp.'s Enterprise Solutions, integrated with Workday.
  • Time and attendance with NETtime Solutions' software for that function, integrated with Workday.
  • Contract management with Apttus, an application native to the platform, integrated with CRM data.
  • Credentialing and recruiting with

"More CIOs and companies need to adopt [the cloud] to have better scalability and not focus on infrastructure. Infrastructure should be a utility. I've got return on investment now. The cloud has allowed us to accomplish so many things in such a short amount of time," Menefee said, sounding not unlike an evangelist.

Let us know what you think about the story; email

Dig Deeper on Enterprise application development, DevOps and software agility

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.