Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you one on one designated platform, enabling you to then use a plethora of services without having to log in and out each time.
Consumers might think of social sign-in through Google, Facebook or Twitter as strong SSO platforms, with each platform enabling access to a variety of third-party services. In the enterprise, an organization might use SSO to allow users to log into proprietary web applications (hosted on an internal server) or cloud hosted ERP systems, for example.
Implemented correctly, SSO can be great for productivity, IT monitoring and management, and security control. With one security token (a username and password pair), you can enable and disable user access to multiple systems, platforms, apps and other resources. You also reduce the risk of lost, forgotten or weak passwords.
A well thought out and well executed SSO strategy can eliminate password-related reset costs and downtime, mitigate the risk of insider threats, improve user experience and authentication processes, and put the organization firmly in control of user access
Why use single sign on?SSO’s rise coincides with other notable and interrelated trends, including the rise of public cloud, password fatigue, new developer methodologies, enterprise mobility, and web and cloud-native applications.
The move to cloud applications in particular is both an opportunity and a hinderance. According to recent research , enterprises in 2017 expected to use an average of 17 cloud applications to support their IT, operations and business strategies. So, it’s no surprise that 61 percent of respondents believe identity and access management (IAM) is more difficult today than it was two years ago.
Barry Scott, CTO at Centrify EMEA, sees two clear reasons to use SSO. “The first [reason] is that it improves the user experience by stopping the sprawl of different usernames and passwords which came about through the incredible rise in SaaS cloud-based applications. The second reason is improved security. The main cause of breaches is compromised credentials and the more usernames and passwords we have, the worse our password hygiene becomes. We start to use the same passwords everywhere and they often become less complex, making it easier for credentials to be compromised.”Okta’s Director of Security Product Joe Diamond agrees that cloud applications are presenting IT teams with new challenges. “IT organizations are faced with questions such as how do you create/manage user accounts, ensure accurate entitlement (no unnecessary permissions), and ensure proper offboarding when an employee leaves the company.
“Having identity stores/silos across multiple solutions also becomes impossible to manage this proliferation,” Diamond adds. “Just because an organization adopts Office 365, Box and Slack doesn’t mean they also want three sets of logins and passwords for these services. SSO becomes, in a way, a prerequisite for organizations looking to adopt cloud solutions.”
Diamond also cites bring-your-own-device (BYOD) policies and the “always-on,” “work-from-anywhere” culture as SSO drivers. “People are working from devices that IT doesn’t control and on networks which IT has no visibility,” he says. “This leaves authentication as a critical device- and location-agnostic control point to invoke security controls such as continuous authentication , multi-factor authentication, context-aware access controls, user behavior analytics and so forth.”
What are the benefits of SSO?The biggest advantage of SSO is arguably the scalability it provides. Automated credentials management means that the sysadmin is no longer required to manually take care of all the employees’ access to the services they want. This in turn reduces the human error factor and frees up IT time to focus on more important tasks.
Other benefits include rapid provisioning for cloud-first applications; if SSO supports the rise of open standards like Security Assertion Markup Language (SAML) 2.0, the application can be quickly provisioned by an SSO admin and rolled out to employees. SSO can also offer increased security (especially when combined with two-factor authentication [2FA] ), productivity gains, and fewer IT help desk password resets.Scott sees benefits for the IT team and the employee: “The primary benefit of SSO is the ease of use for users, which also results in a reduction in helpdesk calls for password resets. It improves security as there are less user credentials at risk, but there is a definite need for multi-factor authentication (MFA) as a backup for passwords in case they are stolen or guessed.”
Scott adds that Centrify’s customers find that SSO makes on-boarding people to new software-as-a-service (SaaS) applications faster and easier. “As IT can provide access more easily, there is less likelihood of ‘shadow IT’ developing. Good SSO (or identity as a solution [IDaaS]) solutions enable users to request access to new applications and for the approval workflow to be very straightforward.”Francois Lasnier, SVP identity and access management at Gemalto, adds that in the past, remote access was offered through VPN onto the network, meaning SSO for on-premises apps was handled within the windows ecosystem. That has changed through cloud adoption. SSO, he says, can “alleviate the pressure by providing control to the IT teams and convenience to employees. A successful SSO implementation enables IT to decide who can access which applications, when and where. It enables flexibility, allowing an organization to grant employees access to all applications when in the office, but only a select few when working remotely. It keeps the business safe, while enabling employees to work in a convenient manner. Overall, SSO, when combined with risk management mechanisms, improves access security and mitigates the risk of a breach.”
Okta’s Diamond offers this customer example: 20th Century Fox needed to find a way to improve its creative process and distribution across thousands of employees, contractors and partners, all while protecting intellectual property (IP) worth millions. By using Okta’s identity platform, Diamond says Fox was able to roll out a solution to all 22,000 employees, as well as hundreds of business partners, providing easy access to teams working on location on different types of devices. IT got visibility into who is logging in where, and user provisioning became simpler across both internal and external teams.
Single sign on implementation How do organizations implement SSO in an ever-moving IAM landscape, where technology stacks typically compromise public cloud and on-premises infrast