What is Single sign-on?
How many passwords can you remember? As an IT professional the number of passwords I can remember is in the double digits, and I use password managers to help. Managing many sets of credentials gets tough, and that's where Single sign-on (SSO) can make your life easier. SSO enables you to sign into multiple applications using one set of credentials. Instead of remembering many different passwords, sometimes with different usernames, you only need to remember one set of credentials.
A Single Sign On Example
To understand SSO it's helpful to consider an example. Many of our customers use Microsoft Office 365 for their businesses. SSO enables people to log in using their Office 365 credentials, then launch various non-Microsoft applications such as Salesforce, Box, and ServiceNow. In this case, Microsoft Azure Active Directory is what is called the identity provider, and each of the different SaaS applications is known as a service provider.
How Single Sign On Works
When you log in using SSO you verify your identity with the identity provider, then you gain access to multiple different applications (service providers) without having to log in to each using separate credentials. Typically, you are presented with a web page with different applications to click on to launch; when you launch them they log you in automatically. SSO is often used for web applications, but it can be used with any application that supports it.
Microsoft Azure AD (Office 365) is one example of an identity provider, but there are other options out there, such as Okta and Ping Identity. Which identity provider you choose is an important decision with security implications, so you should consider a number of factors when you select a vendor. An experienced IT professional can help you decide based on your existing vendor contracts, your needs, and your resources.
Even if your business is not using SSO at the moment, you may already be using SSO in your personal life. Google, Apple, and Facebook are all identity providers that allow you to use SSO to access different SaaS applications (by clicking on "Sign in with Apple ID" rather than creating an account with Spotify, for example).
Why Do I Need Single Sign-On?
SSO leads to a reduction in IT performing password resets and account unlocks. Generally, these are the most common IT ticket for organizations, so the time and cost savings can be significant. Password related tickets are a headache for your employees and can keep them from working, so implementing SSO improves efficiency and productivity for everyone.
IT security people sometimes don't have great reputations with end users, since security often requires trading convenience. Security can be a hassle. However, SSO improves conditions for both IT and everyone else, so it can be an easier sell to people.
SSO mitigates risk for accessing third party systems, because user passwords are not stored or managed external systems. SSO also reduces password fatigue and reduces time re-entering passwords to again, improve efficiency.
What are the drawbacks and other things to consider when using Single Sign-On?
Using SSO ties one set of credentials to multiple accounts, which means you are "putting all of your eggs in the same basket" in a sense, since a compromised user account will give the attacker access to every system that user can access. This means user credentials must be strongly protected, which is why two-factor authentication is essential when using SSO. You must carefully consider your prospective identify provider's track record and reputation for security and reliability. You are placing a lot of trust in your identity provider so they must be worthy of that trust. Identity providers build trust through transparency and regular and open communications. They will also have a service reliability or trust page to look at their historical performance that should be reviewed when deciding between identity providers.
Although it's possible to switch from one identity provider to another, this can be a major undertaking with downtime involved, so you must choose your identity provider wisely. It's still worth considering how easy it would be to switch identity providers at a later date so you can avoid vendor lock-in. Again, this is where working with a skilled IT professional really makes a difference to your bottom line.
It's also worth considering the privacy implications of SSO. The original implementation of SSO in Kerberos and SAML did not give users any choices about releasing their personal information to each new resource accessed, so newer authentication methods like OpenID Connect are preferred.
The Bottom Line
The costs savings and other advantages of SSO outweigh any drawbacks. Implementing SSO improves things for everyone in an enterprise and allows IT to spend their time on things other than password resets and account unlocks.
Would you like to use Single sign-on to reduce your IT costs, improve efficiency, and stop having to remember tons of passwords? Contact iuvo Technologies today!