Authentication

Social Logins: Is the Hype Justified?

There are almost 3 billion active users on Facebook today. Over 1.5 billion people use Gmail. Twitter crossed the 200 million mark in Q3 2021. It’s no surprise that social logins, which also eliminate problems like password fatigue and login friction, are becoming popular in SaaS applications and platforms. But are social logins the future? Let’s take a closer look.    

Before we dive deeper into the specifics, it’s important to stress that social logins are not limited to Facebook, Google, and Twitter. Most user management providers today work with platforms like Amazon, LinkedIn, Github, Instagram, Apple, Reddit, and more. This coverage is allowing SaaS developers to create better user experiences and improved customer satisfaction. 

What are Social Logins?

In a nutshell, the social login is a user-friendly Single Sign-On (SSO) variation. 

It involves the trusting of a third-party app to act as an identity provider. When it comes to social logins, these third-parties are social platforms. After the initial login, social logins make subsequent access very easy as the application simply redirects users to the social media platform, which checks for existing cookies and examines its validity. If valid, an access token is issued.  

Related: Implementing Single Sign-On (SSO)

Let’s take a closer look at how the social login flow actually works.

  1. The user enters the SaaS application he wished to access
  2. The login page has a social login button (let’s assume Facebook)
  3. Facebook receives the login request once the user clicks on the button
  4. The user accepts all required access permissions (a one time thing)
  5. The user is granted access to the app once the identity has been confirmed

What powers social logins?

The core component of this entire mechanism is the OAuth2 (OAuth 2.0) protocol. Secondly, you have OpenID Connect (OIDC) that serves as the authentication enabler for the social login process. OIDC is responsible for letting users access SaaS applications by using login credentials from the social platforms that have been enabled by the developers.

Here are some key benefits of embracing social logins:

  • Less In-App Friction – Users don’t like to remember passwords and also tend to implement weak ones. Social logins solve these issues fast.
  • Additional Insights – Developers and companies can use the fetched data from the social media platforms to improve their services.
  • Reduced Stress on Support Teams – With logins going smoothly, your support teams will see reduced overhead and can focus on other tasks.
  • Added Security – Not only is getting started easy (with free APIs), there is no need to store or migrate passwords. This alone enhances security levels.
  • Better for Mobile – Passwords and usernames are not fun to deal with, especially on mobile. Social logins are helping solve this problem.

Poor password practices can still impact social login pipelines. If a user has a weak password on Facebook or LinkedIn, this can snowball into multiple compromised accounts where social logins are being used. Needless to say, with data privacy laws (GDPR, CCPA, etc.) putting extra focus on permission and consent, social logins need to be implemented accordingly. 

Related: Top 7 SSO Providers You Must Consider in 2021 

Top 5 Social Login Types

Now that we have learned about social logins and their place in the SaaS space, let’s take a closer look at some of the most common options on offer today.

· Google Social Login

There are almost 4 billion people with Google accounts today. That’s why devs usually enable Google social logins as a default option. What data is accessed? The user’s public profile for starters, along with age range and contact lists. This login is more popular on the web than on mobile devices because ongoing alterations need to be re-authenticated (after disconnecting). 

· Facebook Social Login

As mentioned earlier, there is no social media platform more popular than Facebook at the moment. Developers also like to use Facebook social logins as the permissions can be customized to fit their specific use case/s. This makes it easier to control what data is actually being shared and also monitor the data flow as the application usage increases and more users enter the picture. 

Related: Read Our HMAC Guide

· LinkedIn Social Login

LinkedIn is not at the top of the social media food chain, but it’s the platform of choice for professionals. This makes LinkedIn social logins very relevant for apps and services in the B2B space. Also, this social media platform has one the strictest approval processes when it comes to information requests. Going beyond personal details and employment info requires prior approval.

· Microsoft Social Login

The Microsoft social login is more B2B-centric. With millions of professionals using their Microsoft accounts at work, it only makes sense to include this option. There is a prerequisite for using this social login – registering the application or website with Azure AD before getting started. Check out Microsoft’s Social Login Guide before getting started with implementation.

· Apple Social Login

Apple is also offering a dynamic option for social logins today. Apple social logins stand out as they can be used to sign into multiple accounts like other options, but the security and privacy options are significantly better. For example, users can protect their information by creating random email IDs, while hiding their real account information. Two-factor authentication is also an option.

Social logins are Single Sign-On (SSO) variations that can be found on thousands of SaaS apps and platforms today. Let's take a closer look.

All aforementioned social logins are in extensive use, but they mainly address B2C use cases. GitHub social logins are now gaining traction in the B2B space. Learn more about this login method via the GitHub platform.

Related: Read our Magic Links Guide

Social Logins: Fast and Effective, But Avoid Overuse

Social media usage is not expected to slow down anytime soon, nor is the use of SaaS apps and services. It’s safe to assume that more and more vendors will be opting for social logins. But convenient as it may be, there are security implications. Hence, it may be a wise idea to supplement it with multi-factor authentication (MFA) to stay on the safe side and keep user data safe.

You must also look at the business side of things.

Offering too many options can prove to be counterproductive. This argument has been supported by Aarron Walter, director of UX design at MailChimp. Walter disclosed that only 3.4% of users actually opted for social logins on their platform. But unlike MailChimp, Easytobook reported a 68% rise in user engagement metrics thanks to social login implementation.

So is the hype justified? Social logins have a place in user management, but only when used in the right use cases. You need to keep it optional and strive to limit the number of buttons you are offering. Pick wisely.