A single sign-on (SSO) service allows a user to access multiple applications using the same login credentials -- for example, a username and password. Enterprises, smaller organisations and individuals can utilise SSO to manage multiple usernames and passwords more easily.
A basic web-based SSO service requires an application server agent module to retrieve specific authentication credentials from a dedicated SSO policy server and authenticate users against a user repository, such as an LDAP (Lightweight Directory Access Protocol) directory. In the same session, the service authenticates the user for all applications the user has been granted access to and eliminates password prompts for individual applications.
How single sign-on works
Known as OAuth, Open Authorization is the framework for enabling third-party services, such as Facebook, to access a user's account information without exposing their password.
By providing the service with an access token, OAuth acts as an intermediary between the end user and the service. Whenever a user attempts to access an application from the service provider, the service provider will contact the identity provider for authentication. Once the authentication has been verified, the service provider will log the user in.
Types of SSO configurations
Protocols used by some SSO services include Kerberos and Security Assertion Markup Language (SAML).
SAML is an extensible markup language (XML) standard for exchanging authentication and authorization data between secure domains. In SAML-based SSO services, a user, an identity provider, and a service provider communicate.
When Kerberos is used, a ticket-granting ticket (TGT) is issued after the user credentials have been provided. TGT retrieves service tickets for other applications the user wishes to access without requiring the user to re-enter their credentials.
An end user who uses smart card-based SSO must use the card holding their sign-in credentials to log in for the first time. Once the card has been used, usernames and passwords will not have to be entered again. Depending on the SSO solution, either certificates or passwords will be stored on smart cards.
Security risks and SSO
Single sign-on may be convenient for users, but it can compromise enterprise security. By gaining control of a user's SSO credentials, an attacker can access every application the user has access to, which increases the potential damage. SSO implementation must be coupled with identity governance in order to prevent malicious access. SSO can also be enhanced with two-factor authentication (2FA) or multifactor authentication (MFA).
Social SSO
Users can use SSO services offered by Google, LinkedIn, Twitter, and Facebook to login to a third-party application with the credentials they use for social media authentication. While social single sign-on can be convenient for users, it can pose security risks since it creates a single point of failure that attackers can exploit.
A lot of security professionals recommend that users refrain from using social SSO services altogether because once an attacker gains control of a user's SSO credentials, they can access all other applications that use those credentials as well.
Apple recently unveiled its own single sign-on service, positioning it as a more private alternative to Google, Facebook, LinkedIn, and Twitter's services. The new service, called Sign in with Apple, should limit what data third-party services can access. Additionally, Apple's SSO will require users to use 2FA on all Apple ID accounts to integrate Face ID and Touch ID on iOS devices.
Enterprise SSO
With enterprise single sign-on (eSSO), users can log on to target applications by replaying their credentials using client and server components. Typically, eSSO credentials are usernames and passwords; target applications do not need to be modified.
6 Key Advantages of Single Sign-On
1. SSO elevates user experience
Have you ever been frustrated because you couldn't remember your username and password for a certain application?
SSO provides a much-needed respite on this front.
There is no need for employees (or other users) to repeatedly enter login information. Access to essential company tools is also not subject to password requests. As a result, they are happy, satisfied, and productive, and have no reason to rest on their laurels.
2. SSO saves time
It is important to remember that humans are not machines. Despite our efforts to remember dozens of login credentials, we are hardwired to forget a few, or in some cases, all of them. Urgh!
Create a password. Password forgotten. Reset password.
A frustrating cycle on a personal level, but even worse on an enterprise level, where IT team members have vast amounts of data to secure, network resources to provision, and countless other crucial tasks to complete.
IT teams waste their time (and resources) when password misappropriation requests are dealt with by them.
With SSO, your users can access the entire suite of company resources with one "portal" and just one set of credentials, rather than dozens. By providing one-click access to requisite modules or services, time-saving benefits are evident and lasting.
3. Single sign-on improves speed where it matters the most
SSO is especially useful in high-stakes industries like finance and healthcare, as well as in large enterprises with numerous departments and employees requiring access to the same applications/services.
Delays in access, password misappropriation, or compromised access to shared tools or resources can literally mean the difference between life and death in environments like these.
4. SSO helps with regulatory compliance
There is no doubt that organisations must comply with various regulations.
An inability to adhere to such a requirement can result in hefty fines and other not-so-good consequences, such as losing the trust of partners, clients, or even employees. That wouldn't be good, would it?
You can ensure effective access reporting and secure file sharing with SSO by complying with laid-out regulations.
5. Cuts down IT Helpdesk costs
As single sign-on reduces the number of login credentials an individual must juggle, users are less likely to contact IT for password resets.
Although we hate to admit it, such ticket requests are pretty common.
20%-50% of IT helpdesk requests involve credentials. It goes without saying that these tickets are expensive as well. SSO makes it easy to dodge this bullet at all costs.
6. SSO revamps security
Ah, security. Single sign-on and security go hand in hand—they are almost inseparable. The whole point of a "once-only" login is to protect sensitive, high-level company resources.
Here's a refresher. Do you remember what we said about authentication tokens? This token resides in the central SSO server or database, not in the actual resource that users access every day. Therefore, sensitive login data cannot be cached by the given resource.
To some extent, the SSO acts as a central authentication point. As a result, phishing and malware attacks are less likely to occur.
Ensuring you get the most from the tools at your disposal
Our team of experts will take the time to get to know you, your team, the way you do business, and your goals and visions for the future. We will work together with you to learn what compliments the way you do business and will ensure that you are constantly up-to-date with the latest tech that is beneficial to you, whilst simultaneously ensuring you stay compliant to regulations at all times. We will help you with your Digital Transformation and educate your team on how to use the new tools at their disposal to their full potential. With our help you can introduce up-to-date tools, remain compliant, and be confident that your team are doing everything they can to aid in both. Don’t hesitate get in contact with us and see how we can help you.
