A number of client organizations who use Simply Voting integrate with it and use one of our supported remote authentication methods.
Generally, if you know your organization has a members’ database or secure members-only portal, or all electors have a @yourorganization.com email address, then this is a good indication that remote authentication is possible.
Whenever an organization has the means to pursue a remote authentication solution, Simply Voting strongly recommends it since such an integration often leads to many benefits both on the administration side of things as well as for the elector’s experience.
Simply Voting staff can interface with your IT staff to discuss available options. The time required for integration is often short, provided organizations have resources available. Organizations without internal or outsourced IT resources may have difficulty pursuing any form of remote authentication.
Supported Methods
If your organization is familiar with and employs any of the following technologies, there is a strong chance elector authentication can be integrated between your organization’s systems and the voting system.
Simply Voting can authenticate electors against:
a Security Access Markup Language (SAML) identity provider
an OpenID Connect provider
Alternatively, your organization can program and implement a special single sign-on (SSO) link inside of your secure website by following our proprietary instructions.
More information about the specifics of each of these supported remote authentication methods can be found under Authentication Details.
Elector Credentials
With any remote authentication, each elector must still have a unique Elector ID, which is used to seamlessly match the elector’s identity from the organization’s system to the identity stored in the voting system’s elector list.
An elector’s unique Elector ID is passed from the organization’s system to the voting system. If it is found and matched inside an election’s list of electors, and if the elector has not voted yet, the elector is then provided access to their voting ballot.
Moreover, with any integration, electors are typically already familiar with their login credentials because they are already used for an organization’s internal login systems (e.g. a secure members-only portal).
An important difference between standard authentication and any remote authentication solution is that with the latter, Simply Voting does not store any of the elector’s organizational passwords inside the elector list or anywhere else inside the voting system.
Alternative Configuration: Anonymized Elector Data
Some organizations have rules or restrictions regarding what confidential or personally identifiable information (PII) can be shared with third parties. Simply Voting has a robust and independently audited Privacy Policy, is SOC 2 Type 1 compliant, and never uses elector data for anything other than for your voting events. Furthermore, customers are always in control of how long their data is stored in the Voting System. Nevertheless, your organization may prefer to limit information sharing wherever possible.
To this end, some organizations prefer to anonymize the elector data imported into the Voting System. For example, instead of importing all elector usernames (e.g. fcastro), and instead of importing personal names and email addresses, organizations can internally in their own databases set up aliases or hashes for each unique elector.
This alias information is then passed to the Voting System, and is set up as Elector IDs in the electors list (e.g. 383473434 or fj3ksi-vwi76-wc43a), and any other identifying information such as name and email address are not imported into the Voting System. Thus, the elector list contains anonymized information, divorced from any given individual from the Voting System's point of view.
This anonymized configuration does limit some of the Voting System’s capabilities, like using it to identify quickly on who has voted or who hasn’t yet, or using the Voting System’s Email Blast feature, etc.
Ensure Elector IDs Are Properly Configured in Any Elector List
With remote authentication, it is imperative that electors have a properly configured Elector ID. Depending on the technology used, and the unique identifier or attribute for each elector passed from your organization’s system to the voting system, an Elector ID may have different forms from organization to organization.
For example, an Elector ID could be configured as each elector’s full email address; or just the first part of the email address before the @ symbol; or perhaps a username; or user ID number; or something else entirely.
To ensure that your Elector IDs are properly configured, if you have a test elector account in your organization’s system, or know of someone who can act as an elector themselves, you can add them to the elector list of a dummy waiting or active election. When doing so, ensure to specify a name for the individual elector record. When the elector logs in, they should see their Name in the Logout button.
If the test elector does not see their name, and sees no waiting or active dummy election, but instead see something else in the Logout button – this value is what the voting system expects for Elector ID configuration.
Elector Login Process
For the majority of remote authentication methods, electors first must navigate to their organization’s unique voting website hosted by the voting system.
Electors may be required to first click a Login button and through a re-direct, enter their known credentials through their organization’s familiar login portal.
Upon successful authentication, the elector is presented with their ballot by the voting system if there is an active election.
However, if Simply Voting’s proprietary single sign-on is employed, electors first navigate to their organization’s website and log in using their known credentials. Once logged in, electors must locate a button or link specially designated by their organization’s IT staff (e.g. “click here to access your ballot”) to be redirected to the voting system and presented with their ballot if there is an active election.
Distribution Methods
Since electors are already familiar with their voting credentials, email blasts are not necessary to distribute credentials, though some users still use email blasts to send reminders during the voting period.
Additionally, with any remote authentication, the need for physical paper voting information mailings is likely to be very low, unless specifically mandated by internal procedures or by-laws within the organization.
Lastly, some client organizations may have a small number of electors who exist outside of their single sign-on ecosystem and do not have access to it. To ensure such electors are not disenfranchised, users can still selectively send out email blasts with Direct Voting Links configured by the voting system, to allow these electors to bypass integrated remote authentication methods.
Remote Authentication for Election Manager Users
In addition to configuring remote authentication for electors, the Election Manager can be configured to allow users to log in using your organization’s own Identity Provider.
To enable this, your Identity Provider must support the SAML 2.0 or CAS protocol.
This implementation does require Simply Voting staff involvement for implementation. Please contact support to make your request.