The Advantages of Secure Single Sign-on (SSO) on the BenQ Board
  • 2024-09-10

未命名-1
未命名-1

Many smart board providers claim to offer single sign-on (SSO) options, but they come with either several limitations or hefty price tags. The BenQ Board is the only EDLA interactive display solution that implements hassle-free secure SSO at no additional costs. Organizations with an in-place SSO strategy can readily utilize BenQ Boards and our comprehensive IT management system for seamless integration.

Assessing current SSO solutions

Single sign-on is a one-time authentication mechanism that allows users to log in and access their account, including all their apps, files, and cloud services. When rolled out properly, SSO can guarantee convenient and secure access.

  • Convenience: Users only need to remember a single set of credentials, which significantly reduces the time and effort they need to sign in to all their apps and cloud services.
  • Security: IT administrators can also leverage SSO to ensure that the only people who can access their system are verified members of their organization.

Several EDLA smart board providers advertise that they support SSO, but a closer review of how they implement it reveals a handful of security gaps that could leave their users’ data exposed and their boards vulnerable to misuse and potential threats.

SSO Solutions: Security vs. Cost

未命名-1
未命名-1

Below is a table summarizing the pros and cons of each SSO solution.

SSO Solution

Access Security

Pros

Cons

BenQ secure SSO

Strong, no cost

  • It offers user list syncing with the widest range of directory service providers.
  • Board access can be limited to members of organizations.
  • All user accounts and data are separate.
  • It has convenient SSO login options with cloud storage access.
  • SSO and other IT management services are secure and fully integrated.
  • There are no additional hidden costs.

Subscription-based SSO

Strong, paid subscription

  • It offers user list service syncing with some directory service providers.
  • Board access can be limited to members of organizations.
  • All user accounts and data are separate.
  • It has convenient SSO login options with cloud storage access.
  • SSO and other IT management services are outsourced to third-parties.
  • Additional costs are applied.

Platform-based SSO

Strong, no cost

  • Account creation is easy.
  • Board access is not restricted by organization.
  • Any registered user can access any board

App-level SSO

Strong, no cost

  • SSO is only applied to apps.
  • The boards are accessible to anyone.

App-level SSO

Controlled user access is limited to apps; anyone can still access the boards.

Some providers are only able to offer SSO through their in-house whiteboarding and productivity apps bundled with their boards. Their users can log in after registering their personal Apple IDs, Google, or Microsoft account credentials, etc. and use those to gain access to the apps on their board.

But since SSO is only applied at the app level, the only thing regulated by this login process is app access. This means that only the app is secure, leaving the rest of the board open to unauthorized users.

As a workaround, these providers normally leverage the default “multiple users” setting of their EDLA boards to control access, but this is neither convenient nor adequate.

For starters, it does not support secure SSO. The setting requires administrators to manually set up accounts one by one, on each board, every time. It’s a tedious process. If they have a dozen users and a dozen boards, for example, then they would have to repeat the account setup process over a hundred times.

Another issue is the screen lock, which each user needs to enter every time they use the board. Since the board is huge and is in plain sight of everyone in the room, privately unlocking the screen is almost impossible.

Platform-based SSO

All registered users, including complete strangers, can use the board.

Other smart board providers have created their own online user access platforms designed to work with their boards. Anybody who wants to use their smart boards are required to create an account through these platforms. Organizations can speed up the account creation process by syncing their Google Workspace or Microsoft directory service, allowing their users to enter the same sign-on credentials to log in to their boards.

Because account registration is required, platform-based SSO solutions seem like a secure way to limit board access. But this is only true to an extent. The issue is that some providers fail to restrict access to their platforms. They allow anybody with an email address to easily create an account and use that to sign in to any of their smart boards, regardless of which organizations these devices belong to. Outsiders can exploit this loophole by simply creating an account to gain unauthorized access to any of these brands’ boards.

Subscription-based SSO

Only registered users can access their boards and data, but at a price.

There are also solutions providers that offer basic directory service syncing, allowing their customers to limit board access to only the users that belong to their existing account lists. This ensures that user accounts are separate, and that only vetted users can access their boards and data.

Although this setup promises a high level of access security, these SSO solutions require their customers to subscribe to their premium third-party management services to avail access controls for their boards. Depending on the terms of service, their customers will have to keep paying a recurring fee for every license, user, or registered organizational unit.

What makes BenQ secure SSO the best?

Unlike other solutions providers, BenQ offers the highest level of secure SSO without charging additional fees. Below are the five key strengths that set BenQ secure SSO apart.

1. We ensure real-time account permission syncing.

BenQ lets your organization implement secure SSO on your BenQ Boards by letting you limit access to only the users that belong to your registered domain or your existing directory services. The BenQ Identity and Access Management (IAM) system integrates with the widest range of directory service providers, including Google Workspace, Microsoft Entra ID, ClassLink, and even LDAP or other SAML-based servers.

Access permissions are updated and synced in real time. If a person leaves or joins your organization, their access to all your BenQ Boards is revoked or granted instantaneously.

2. Access is limited to users in your organization.

Unlike providers that offer platform-based SSO, BenQ ensures that only users belonging to your organization can access your boards. And depending on your security strategy, you can opt to allow guests to use your board’s most basic features, such as whiteboarding and screen sharing, or even completely revoke guest access.

3. All user data is separate.

Compared to providers that utilize app-level SSO, BenQ guarantees complete account separation. Even though several users can log in to the same BenQ Board, all their local data and cloud accounts are not accessible to other users. This prevents people from tampering with or accidentally deleting other users’ files.

Beyond this, BenQ Boards also ensure that users will be able to securely access all the data from their previous session once they log in to the same board. Other providers completely wipe all user data after every session, requiring users to log in to all their accounts and load everything from scratch.

4. Logging in is as simple as a tap.

Our latest generation BenQ Boards come with NFC readers, allowing users to log in with a tap. This not only removes the time and effort it takes to manually log in every time, but it also guarantees privacy as users do not need to enter their credentials on the large screen.

What makes this setup even better is that users’ cloud storage and personalized settings, including bookmarked sites, app shortcuts, and wallpapers, are linked to their BenQ accounts. All they need to do is tap once to access everything.

5. Our IT management solutions are fully integrated.

For many smart board providers, their SSO solution is treated as an additional cost on top of their other paid IT management tools. These providers often offload their user account and device management services to different third parties resulting in bloated costs on their customers’ end and additional data privacy concerns.

Aside from offering SSO free of charge, our BenQ IT management ecosystem not only lets you implement secure SSO, it also gives you the power to manage all your BenQ devices from a single console. We also have a secure data-compliant integrated account management platform that gives your users multiple ways to personalize their accounts and workspaces on their BenQ Boards.

 

See how we implement secure SSO on the BenQ Boards. Request a live demo from one of our experts and experience the BenQ difference today.

Talk to an Expert

Please enter your valid work email address

Thanks for reaching out, we'll be in touch shortly.

Please verify that you are not a robot.

BenQ Corporation is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You can unsubscribe from these communications at any time by sending an email at privacy@benq.eu . For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.