Federated Single Sign-On Shifts GM into High Gear

Liberty Alliance specifications streamline access to GM's employee portal.

When General Motors Corp.s employee portal forced workers to endure a traffic jam of user names and passwords, the company turned to federated single sign-on to put employees in the drivers seat.

By employing specifications from the Liberty Alliance Project to let workers submit one user name and password to access benefits, GM made access to the portal much easier. The process gave reluctant users a new incentive to use the portal.

The program has succeeded, said John Jackson, GMs director of software technology. "There has been universal sentiment that federated single sign-on at GM will be well-received by our ultimate customers," Jackson said. "Our human resources group believes that federation provides a high value in employee-facing applications and services—so much that we did not calculate return on investment for this project."

The Liberty Alliance Project, established in 2001, has more than 150 members. (GM is a founding member.) It focuses on the development and deployment of open, federated network identification specifications.

/zimages/2/28571.gifClick here to read an interview with the Liberty Alliances Michael Barrett.

"General Motors joined Liberty Alliance because we believed it was important for the industry to have some choice in the technology that was used," Jackson said. "We never believed that a single provider—regardless of whether [it was] the federal government, Microsoft [Corp.] or a large bank—would be able to serve the entire Internet. It was important to us that multiple identity providers exist in the Internet."

In a 2003 poll conducted by the Liberty Alliance, nearly 60 percent of founders and sponsor-level members said they planned to implement the groups Version 1.1 specification that year. GMs use of alliance specifications to federate its employee portals was among those implementations.

/zimages/2/28571.gifRead about the groups Version 2.0 spec here.

GM is the worlds largest vehicle manufacturer, employing more than 326,000 people worldwide. The Detroit-based company has one of the worlds largest employee portals—MySocrates—serving more than 190,000 hourly and salaried workers in the United States. MySocrates supports more than 32,000 concurrent users and gets more than 3 million hits per hour, Jackson said.

MySocrates offers a single point of access to hundreds of internal GM Web sites. The portal lets employees customize their experience by providing access to personal information such as health care and retirement benefits. GM outsources many of the HR services that employees use—such as its 401(k) program and expense reporting—to third-party providers.

Before GM implemented federated identity, it wasnt easy for employees to get information they needed. When users accessed any of GMs third-party providers via MySocrates, they had to pass through a firewall and authenticate to each third-party service they wanted to access.

IT managers at GM wanted to make access more seamless and efficient for employees, but they understood that many users would be reluctant to use the same profile and password for both their health care provider and their 401(k) provider. By using federation, Jackson concluded, employees could control their own profiles and access levels.

Next page: Pilot program.