Single Sign-On
Along with the accelerated development of web technologies, the need of users for various web applications is also growing. A large number of such applications require the creation of an account in order to personalize the user experience and/or access the appropriate security user level, i.e. different resources of the company. Each time a new account is created, the user must enter a username and password that he will use in the future to prove his identity. The greater the number of applications that the user accesses, the greater the number of passwords that need to be used, while in the event that the same password is set on different applications or passwords that are easy to remember are used, it opens up space for malicious software to get hold of it. Data protection through user identification is especially important when it comes to applications that are used for business purposes.
In order to provide the user with a simple and safe way to access applications, an authentication system called SSO (Single Sign-On) was introduced. This system allows users to access different applications using only one set of login credentials: a user only needs to authenticate once to use all applications that use this authentication system. Implementing SSO across the enterprise helps simplify password management and improve security as workers access applications that reside on-premises or in the cloud.
Proponents of SSO cite the following reasons:
Stronger passwords:
since users only have to use one password, SSO makes it easier for them to create, remember and use stronger, i.e. more complex passwords that are harder to hack.* In practice, this is the most common case: most users use stronger passwords with SSO.
Internal credential management instead of external storage:
User passwords are typically stored in a remote location, where they are managed externally and unattended by applications and services that may or may not follow security best practices. With SSO, however, passwords are stored internally in an environment over which the IT team has more control.
Saving time:
Reduced time spent re-entering passwords for the same identity, as well as recovering or resetting passwords.
Reduction of costs:
Reduced costs due to fewer calls to IT for help with passwords.
Better administrative control:
all network management information is stored in one repository. This means that there is a unique list of rights and privileges for each user. This gives the administrator the ability to change user privileges, knowing that the results will propagate throughout the network.
Improved user productivity:
Users are not burdened with multiple logins, nor are they required to remember multiple passwords to access network resources. This is also an advantage for Help Desk staff, who need to submit fewer requests for forgotten passwords.
Better network security:
Eliminating multiple passwords also reduces a common source of security breaches — logging user passwords. Due to the consolidation of network management information, an administrator can know with certainty that a user’s account is completely disabled, once it is determined that the account has been compromised.
Consolidation of heterogeneous networks:
By bringing together different networks, administrative tasks can be consolidated, ensuring consistent enforcement of administrative best practices and corporate security policies.
Ability to integrate with existing domain controllers.
Integration with domain controllers
Ability to integrate with existing domain controllers.
When choosing an SSO solution, you should take into account the following items:
The solution must offer strong security that can be used by all employees, including partners and contractors; should be available in different regions and support different applications, including on-premises and cloud applications, i.e. web and client applications; it must also support common protocols such as Security Assertion Markup Language (SAML) and OpenID Connect (OIDC);
The ideal case implies that the SSO solution is integrated with 2FA (two-factor) authentication;
SSO should be easy to manage and administer, but also resilient and scalable;
- It is desirable that it has data protection security certifications (SOC 2 or ISO 9001) and provides support for the most modern security protocols for all types of applications.