Thanks to technology, even the smallest business deals with dozens of applications that require individual login credentials. Logging in and out of applications all the time (and remembering all those details) can be frustrating. Single sign-on technology simplifies that process.
Single sign-on, or SSO, refers to the technology for the user authentication process that allows access to multiple applications with one set of user credentials.
"SSO actually refers to accessing applications from different providers or in different environments that usually require you to have your own set of credentials (login/password) to log in but that, thanks to the SSO technology, can take advantage of already authenticated sessions that tell each application that the user has already been authenticated and identifies it to match with the corresponding user profile on their application," explained Jimmy Rodriguez, COO with 3dcart.com, an online store builder.
How the technology works
SSO is built on trust. When software systems have trust with a common identity provider (IdP), they can delegate the responsibility of authenticating the user (with their username and password) to the IdP, but they also have the power to decide what type of access at the application level to authorize the user for.
Here's how it works, according to Pieter VanIperen, a founding member of Code Defenders: The site or service you wish to log in to (the requester) makes a request to another server or site (the provider) and basically asks if it has a logged-in user. If it does, the provider will then return information on that user to the requester site. Depending on protocol, the requester and provider exchange keys, signatures or other info that verifies identity.
With the rising numbers of applications used in the business setting, as well as the addition of cloud services, managing users is often a difficult task. By implementing SSO, businesses can better control user access and authentication.
The starting point before evaluating SSO providers is to make an inventory of all the existing applications your business uses. This will be fundamental when reaching out to the different SSO solutions to determine if they support the programs you need. For systems that need an extra layer of security, you should deploy two-factor authentication.
Don't forget about consumer-facing sites and services, VanIperen pointed out. "In general, for banking, insurance or ecommerce, your clients may not feel comfortable logging in with their FB or Gmail account. But for something like commenting, dating, job searching, it might be easier for users and better. Given the right permissions, your site can also post their comments to their favorite social network or get data to fill profiles that would otherwise have to be manually entered," he said.
Benefits of SSO
The biggest benefit is that the user will only need one set of credentials, but Dana Epp, CTO of IT management solutions company Kaseya, named a few more benefits to using SSO technology:
- It reduces password fatigue, as the user doesn't have to remember so many username and password combinations.
- SSO saves the time it takes to access systems when you must re-enter credentials every time you access a different application.
- It saves the costs of constant IT help desk calls about forgotten passwords.
- It reduces credential sprawl, or the likelihood that passwords will get reused across separate systems that, if compromised, may in turn compromise other applications.
- It allows users access anywhere, anytime on almost any device without them having to remember where the application is or how to log in to it.
Challenges of SSO
When you use one credential to log in to the SSO and then permit access to several other applications through a single portal, it becomes easy to access many different systems without knowing the username or password for them.
"As the IdP makes it trivial to access other applications through the portal, it allows an adversary who may be impersonating an authorized user (due to a credential that may be shared, stolen or guessed) to leverage this as a way of application discovery, granting access to systems they may not have even known the user has access to originally," Epp explained.
Highly secure SSO credentials are necessary with today's threat environment. Business owners and IT decision-makers must promote the use of strong authentication capabilities such as two-factor authentication, biometrics or smart cards to secure SSO. This helps ensure only the intended party has access.
SSO also creates a single point of failure, which can really hurt the business if the service has any downtime or the SSO provider has a security breach. In the same way, if the user's credentials are compromised, it could result in unauthorized users gaining access to all the accounts associated with the SSO account, said Rodriguez.
Popular SSO solutions
OAuth and SAML are the two most popular protocols. Facebook, Twitter and Google are common general providers you will see on sites.
These are some popular cloud-based SSO providers: