OpenID Connect is an authentication protocol, built on top of Oath 2.0, that can be used to securely sign users in to web applications. e-Share has implemented OpenID Connect and developed integrations with Microsoft, Google and Yahoo to allow recipients of Trusted Shares to be authenticated by these email service providers via their associated identity platforms. This eliminates the need for the recipient to create and maintain a password with e-Share in order to access Trusted Shares where authentication is required.
OpenID-based authentication of recipients provides benefits for all stakeholders:
- Recipients do not need to create and maintain yet-another password to protect & remember. This greatly reduces the friction to collaboration, especially with regard to Secure Email, where adoption is poor in large part due to the requirement for a new and separately maintained password which is quickly forgotten by the occasional user.
- The creator of a Secure Email or Trusted Share is more confident that their recipient will not experience issues in accessing the shared files/email.
- Recipients who are otherwise discouraged or prevented from using their corporate email to access 3rd party services can comply with these policies while accessing shared content.
- Recipients who leave the employ of their employer will not have access to shared files, as their employer-controlled credentials will be invalidated. This is what the creator of a Secure Email or Trusted Share wants and this is what the recipient’s employer wants.
Supported Email Domains
e-Share’s support for OpenID Connect includes support for the following email domains.
- all country variants of the above (e.g. hotmail.fr)
- commercial domains that use Microsoft as their email service provider where the domain’s MX records reveals this
- commercial domains that use Google as their email service provider where the domain’s MX records reveals this
- all country variants of the above (e.g. yahoo.fr)
- commercial domains that use Verizon/Yahoo as their email service provider where the domain’s MX records reveals this
Most commercial domains are using Microsoft, Google or Verizon/Yahoo as their email service provider and many of these are also using these vendors as their ID provider. In these cases e-Share’s support for OpenID Connect extends to these commercial domains, but only when the domain’s MX record contains an entry for the provider that leaves no ambiguity as whether e-Share can authenticate the user via OpenID. For example, e-share.us, the domain used by e-Share, is associated with an O365 account where Microsoft is both the email and ID provider. The MX record for e-Share substantiates this (e.g. https://mxtoolbox.com/SuperTool.aspx?action=mx%3ae-share.us&run=toolpage).
e-Share’s support for OpenID Connect and integrations with Microsoft, Google and Verizon/Yahoo greatly reduces the friction to collaboration and improves the user experience for all involved. It allows organizations to require authentication of recipients in all cases to access shared files, without impacting the productivity of users.