You and Your Agency Must Address Credential Management Now

By Mike Foy, NetVU Chairman 2018-19

signon once

Maintaining passwords and IDs is the No. 1 pain point among carriers and agencies. And, as cybersecurity laws emerge and the use of multi-factor authentication (MFA) grows, credential management is a train wreck that’s about to get even worse.

We already own the technology solution to this industry-wide problem. SignOn Once was developed by a coalition of insurance and technology experts at ID Federation for the common good. It’s free of cost to agencies, and it can save your agency money. It will save my agency hundreds of thousands of dollars per year. And SignOn Once provides a solid solution to cybersecurity issues for carriers, but requires only a minimal investment from them.

So why aren’t we all on board?

Stop Tolerating the Status Quo

Is it complacency? Have we become so desensitized to the daily inconvenience and costs associated with password and identity management that we are failing, as an industry, to seize a lifeline?

It’s time to sign up for SignOn Once.

Here is the assessment by the Network of Vertafore Users (NetVU):

The entire industry should provide the necessary resources to fully support the ID Federation and movement to federated digital identities to replace agency stored passwords. Management system vendors must move to become identity providers and the carriers must support the initiative.”

— NetVU Strategic Industry Position Playbook

The Numbers

If an agency has 100 employees who access 65 carriers or MGAs in the course of business, that agency is responsible for protecting no fewer than 6,500 IDs. As an agency owner, I must warranty the protection of our customers’ personal information, and, ultimately, I do not want any of my employees to know the user names and passwords or the MFAs to access our carriers and MGAs. [For more information on MFA, visit the Information Technology Laboratory, and stay tuned for more from Mike on MFA in an upcoming ID Federation blog.]

But I cannot control the access process without SignOn Once. This year alone, if all the carriers, MGAs and solution providers with whom our agency does business were participating in this one, industry-wide solution, SignOn Once would save my agency $325,000, or $50/ID/year.

And costs soon will escalate. NetVU reports that “the cost of compliance will start to run between $1,000 to $3,000 per employee per year” unless we all get on board with SignOn Once by ID Federation before the looming credential management Maelstrom arrives.

Get Federated

If we all join SignOn Once, we can achieve an ideal state: Every agency and carrier will enjoy automatic provisioning and de-provisioning of users in one place via a trusted framework. Every employee will have just one ID and password that the agency can easily disable should that employee leave. The raging stream of help desk calls for password retrieval will stop. Just imagine the time, inconvenience and money we’ll all save while gaining ultimate security for our agencies and our customers’ personal information.

Questions? Don’t be complacent.

Understand your options and exposure.
Take the ID Federation survey, which closes on September 15.
Read the NetVU Strategic Industry Position Playbook.
Ask ID Federation for help. Talk to any member of the ID Federation board to learn how SignOn Once is already helping agencies. Have a conversation with Irv Kantar, ID Federation’s business manager, at SignOn1.
Ask your carrier to get on board with SignOn Once.
Ask your solution provider for help. NetVU and Vertafore can help you get Federated. If you’re a NetVU member, you can take a course about Vertafore Single Sign On (VSSO) and ID Federation or you can find more information in a discussion forum.
An Easy Way to Ask Your Carriers for SignOn Once
A number of carriers, MGAs and solution providers are already participating in SignOn Once. But most aren’t, or worse, are developing proprietary solutions that will complicate the overall credential management picture. Why? Agencies aren’t telling their carriers how important SignOn Once is to them.

Do it today. Send ID Federation’s easy, automated email to your carriers and MGAs to let them know you want SignOn Once.

Don’t let credential management become the Achilles’ heel of our industry. Implement SignOn Once by ID Federation as part of your cybersecurity solutions.