Contents x
    Remote Authentication
    • 6 Minutes To Read
    • Print
    • Dark
      Light
    Contents

    Remote Authentication

    • 6 Minutes To Read
    • Print
    • Dark
      Light
    Article Summary

    A number of client organizations who use the Voting System integrate with it and use one of our supported Remote Authentication methods. Generally, if you know your organization has a members’ database or secure members-only portal, or all electors have a @yourorganization.com email address, then this is a good indication that Remote Authentication is possible.

    Whenever an organization has the means to pursue a Remote Authentication solution, Simply Voting strongly recommends it since such an integration often leads to many benefits both on the administration side of things as well as for the elector’s experience.

    Simply Voting staff can interface with your IT staff to discuss available options. The time required for integration is often short, provided organizations have resources available. Organizations without internal or outsourced IT resources may have difficulty pursuing any form of Remote Authentication.

    Supported Methods

    If your organization is familiar with and employs any of the following technologies, there is a strong chance elector authentication can be integrated between your organization’s systems and the Voting System. Share this list with any IT or technically minded individuals within your organization. Simply Voting can authenticate electors against:

    • a Security Access Markup Language (SAML) identity provider
    • an OpenID Connect provider
    • a Lightweight Directory Access Protocol (LDAP)
    • a Central Authentication Service (CAS)
    • HTTP(S) authentication
    • an external website login
    • Alternatively, your organization can program and implement a special single sign-on (SSO) link inside of your secure website by following our proprietary instructions.

    More information about the specifics of each of these supported Remote Authentication methods can be found under Supported Remote Authentication Methods.

    Elector Credentials

    With any Remote Authentication, each elector must still have a unique Elector ID, which is used to seamlessly match the elector’s identity from the organization’s system to the identity stored in the Voting System’s elector list.

    An elector’s unique Elector ID is passed from the organization’s system to the Voting System. If it is found and matched inside an election’s list of electors, and if the elector's status is "not voted", the elector is then provided access to their voting ballot.

    Moreover, with any integration electors are typically already familiar with their login credentials because they are already used for an organization’s internal login systems (e.g. a secure members-only portal).

    An important difference between Standard Authentication and any Remote Authentication integration is that with an integration, Simply Voting does not store any of the elector’s organizational passwords inside the elector list or anywhere else inside the Voting System.

    Alternative Configuration: Anonymized Elector Data

    Some organizations have rules or restrictions regarding what confidential or personally identifiable information (PII) can be shared with third parties. Simply Voting has a robust and independently audited Privacy Policy, is SOC 2 Type 1 compliant, and never uses elector data for anything other than for your voting events. Furthermore, customers are always in control of how long their data is stored in the Voting System. Nevertheless, your organization may prefer to limit information sharing wherever possible.

    To this end, some organizations prefer to anonymize the elector data imported into the Voting System. For example, instead of importing all elector usernames (e.g. fcastro), and instead of importing personal names and email addresses, organizations can internally in their own databases set up aliases or hashes for each unique elector.

    This alias information is then passed to the Voting System, and is set up as Elector IDs in the electors list (e.g. 383473434 or fj3ksi-vwi76-wc43a), and any other identifying information such as name and email address are not imported into the Voting System. Thus, the elector list contains anonymized information, divorced from any given individual from the Voting System's point of view.

    This anonymized configuration does limit some of the Voting System’s capabilities, like using it to identify quickly on who has voted or who hasn’t yet, or using the Voting System’s Email Blast feature, etc.

    Elector Login Process

    For the majority of Remote Authentication methods, electors first must navigate to their organization’s unique Voting Website hosted by the Voting System.

    Depending on the integration technology employed, electors may be required to enter their known credentials in fields on the Voting Website. Upon successful authentication, the elector is presented with their ballot by the Voting System if there an active election.

    fig_a.png

    Alternatively, electors may be required to first click a Login button and through a re-direct, enter their known credentials through their organization’s familiar login portal.

    fig_b1.png

    fig_b2.png

    Upon successful authentication, the elector is presented with their ballot by the Voting System if there is an active election.

    However, if Simply Voting’s proprietary single sign-on is employed, electors first navigate to their organization’s website, login using their known credentials, and once logged in electors must locate a button or link specially designated by their organization’s IT staff (e.g. “click here to access your ballot”) to be redirected to the Voting System and presented with their ballot if there is an active election.

    fig_c1.png

    fig_c2.png

    Distribution Methods

    Since as mentioned above, electors are already familiar with their voting credentials, email blasts are not necessary to distribute credentials, though some users still use email blasts to send reminders during the voting period.

    Additionally, with any Remote Authentication, the need for physical paper voting information mailings is likely to be very low, unless specifically mandated by internal procedures or by-laws within the organization.

    Lastly, some client organizations may have a small number of electors who exist outside of their single sign-on ecosystem and do not have access to it. To ensure such electors are not disenfranchised, users can still selectively send out email blasts with Direct Voting Links configured by the Voting System, to allow these electors to bypass integrated Remote Authentication methods.

    Remote Authentication for Election Manager Users

    This configuration is only available with Remote Authentication over SAML or CAS.

    In addition to configuring Remote Authentication for electors, the Voting System can also be configured to allow Election Manager users to log into the Election Manager tool with their known organizational login credentials.

    AuthAdminSAML.png

    This implementation does require Simply Voting staff involvement for implementation. Please contact us to make your request.

    Additional Information and Tips

    Ensure Voting Website Instructions Are Appropriate

    After Remote Authentication has been successfully set up, remember to update any Instructions Text for the Voting Website, if electors are going to be navigating to it for logging in, as the Voting System’s default instructions are likely to be no longer applicable.

    image.png

    This can be updated on the Settings page, in the Voting Website section. Click the Save button once you have defined appropriate instructions.

    Ensure Elector IDs Are Properly Configured in Any Elector List

    With Remote Authentication, it is imperative that electors have a properly configured Elector ID. Depending on the technology used, and the unique identifier or attribute for each elector passed from your organization’s system to the Voting System, an Elector ID may have different forms from organization to organization.

    For example, an Elector ID could be configured as each elector’s full email address; or just the first part of the email address before the @ symbol; or perhaps a username; or user ID number; or something else entirely.

    To ensure that your Elector IDs are properly configured, if you have a test elector account in your organization’s system, or know of someone who can act as an elector themselves, you can add them to the elector list of a dummy waiting or active election. When doing so, ensure to specify a name for the individual elector record. When the elector logs in, they should see their Name in the Logout button.

    novafigA.png

    If the test elector does not see their name, and sees no waiting or active dummy election, but instead see something else in the Logout button – this value is what the Voting System expects for Elector ID configuration.

    novafigB.png

    Was this article helpful?
    What's Next

    Powered by Simply Voting. We respect your privacy.