1. HR Solutions
  2. Financial Solutions
  3. Marketing Solutions
  4. Security Solutions
  5. Retail Solutions
  6. SMB Solutions

Choosing a Single Sign-on Solution

Bennett Conlin, Writer
May 10, 2019

Almost every business today works with dozens of digital applications, usually on a daily basis. Unfortunately, asking employees to maintain their own passwords to every application they must use presents inefficiencies as well as security risks. Whether it's stale, unchanging credentials or passwords that are used and reused for every application, employee-managed accounts can be an IT nightmare.

Luckily, single sign-on (SSO) solutions solve the problem. These allow network administrators to control credentials on the back end and give employees a single password with which to log in to every application through a central user interface. This guide will help introduce you to the market.

Editor's note: If you're looking for information to help you choose the single sign-on service that's right for you, use the questionnaire below and we'll contact you with information from a variety of vendors for free.

What Is Single Sign-on?

Single sign-on (SSO) services allow users to use one set of login credentials to access different, independent platforms securely. Examples of SSO solutions include OneLogin, Okta and JumpCloud. These companies are commonly referred to as identity providers.

Why Use Single Sign-on?

An SSO service reduces the number of passwords you and your staff need to remember. It also simplifies administration of access to various employees. If someone leaves a company, you can revoke their access to your systems with one switch. If you use a secure and well-respected identity provider, you make it more efficient to use multiple apps. Users can log in once, rather than pausing to remember or retrieve passwords to get into other apps.

State of the Industry

The SSO industry demand has increased as more businesses adopt cloud-based applications. The industry is expected to grow at a steady rate and eclipse $1.5 billion by 2021, according to research from Markets and Markets.

The projected growth of the SSO industry underpins the increasing need for efficiency and security when it comes to accessing digital applications for businesses. According to Datamation, the average organization used 1,427 cloud services in 2017, which represented a 23.7% increase from the year before.

"The average employee actively uses 36 cloud services at work, including nine collaboration services, six file sharing services, and five content sharing services," according to the Skyhigh Cloud Adoption & Risk Report, as quoted in the Datamation post.

The growth of cloud adoption is focused in certain industries more than others. For example, technology companies are very likely to employ cloud applications, as are manufacturing, business services and energy companies. It follows, then, that SSO adoption will remain prevalent in these industries.

With a slew of emerging markets yet to fully adopt digital technologies, it's a relatively safe bet that growth will continue.

Pricing

Most SSO solutions are cloud-based and priced on a monthly subscription model. Most monthly subscriptions range from $1 to $10 per user each month. Enterprise SSO solutions, which are typically more comprehensive and wide-ranging, are sometimes customizable and require a quote from the vendor.

It is uncommon, but some SSO providers post a monthly rate for enterprise solutions. We have seen the occasional vendor offer an enterprise SSO solution at roughly $250 per year. Most solutions like this, however, require a quote due to their specific and custom nature. 

Choosing the Best SSO

To choose the best SSO for your business, we recommend looking at user feedback, previous reviews and Better Business Bureau ratings. From there, we also find it helpful to consider these factors:

Ease of Use

Arguably the most important point of an SSO solution is ease of use. If the solution you purchase isn't effective or requires more work than expected for you to use it correctly, it may defeat the purpose of efficiently using multiple apps.

Implementation

Is the SSO easy to install? Can it integrate with existing applications? Make sure you understand what goes into the implementation process. You don't want to reduce productivity for hours or days because you're struggling to set up your SSO.

Security Policies

Will your data be safe? Be sure to check the company's security history. The last thing you want is for company login credentials that access multiple apps and platforms to be stolen. 

SAML Authentication

Security Assertion Markup Language (SAML) helps push an SSO solution across numerous security domains. It's a good sign if an SSO solution uses SAML authentication.

Password Vaulting

A password vault is a tool that stores username and password information. Some SSOs include some type of password vault for additional security.

Multifactor Authentication

Multifactor authentication (MFA) ensures that you need more than just a password to gain access to something. Some SSOs are hybrid solutions that combine MFA methods and SSO features. For example, you could be required to go through MFA at the beginning of the workday, but every login attempt the rest of the day would only require a single sign-on.

You may also decide your business would rather have MFA for all apps, and that you don't believe an SSO solution is best for you. Regardless of your final decision, you'll want to understand MFA's role in the decision-making process.

Mobile

Does the SSO company have an app? Is the mobile app or mobile online version user-friendly? If users are going to use the solution on their phones, this is an important area to review.

Customization

Can you customize the SSO solution to fit your company's needs? Can it integrate with Active Directory? Be sure to learn the various details of customization when selecting an SSO solution. You want the one that best fits your business's single sign-on needs.

Customer/Tech Support

Read customer reviews on the company's customer and tech support services. It isn't the most important purchasing factor, but you'd prefer to work with an SSO provider with a good customer support team.

Negotiation Tips

When negotiating the purchase of an SSO solution, it's important to understand both the needs of your organization and the capabilities of the software you're purchasing. Consider your security needs, and identify applications that need to be integrated. From there, you're ready to begin contacting vendors. Here are a few things you should do during the process:

  • Contact multiple vendors and have them walk you through feature by feature.
  • Ask for recommendations from other SSO users and scour online reviews. 
  • Request free demos whenever possible.
  • Ask about any discounts or deals for which your business might qualify.
  • Request a detailed breakdown of pricing and fee structure.

Cloud-based SSOs are often month-to-month pricing models or based on annual contracts. If you are going to sign a long-term contract with a service provider, be sure you understand the ins and outs of what you'll be getting for the price, and what level of support you're entitled to. As always, it's important to have an attorney look over any contract before you sign.

Full List of Single Sign-on Services

Here is a list of single sign-on solutions you may want to consider.

AuthAnvil  AuthAnvil features multifactor authentication and places strong emphasis on security. The company offers a standard plan, which includes essential services like directory synchronization and MFA, as well as a premium version that includes more advanced administrator controls and branding features. https://authanvil.com

Avatier  Designed for quick and simple implementation, Avatier is an affordable cloud-based SSO that also includes licensing management for any SaaS products your company uses. Avatier has a customizable user portal that helps your employees tailor the experience to their needs. www.avatier.com

Bitium  Bitium is a well-known SSO that boasts high adaptability, meaning that however your organization's infrastructure is set up, Bitium is likely able to integrate with it. This makes the implementation process much smoother. Bitium primarily focuses on midsize and large businesses. www.bitium.com

Clearlogin  Clearlogin by Evolve IP unifies the access management process into one dashboard, simplifying the process for end users. For administrators, it lends a wide range of controls over who gains access to what, how and when. Access is easy to approve or revoke, making the identity access management process adaptable and fluid. www.evolveip.net

Dashlane  Dashlane is a personal password manager that can double as an SSO for small organizations and startups. With a free version and a premium business edition, Dashlane can adapt to suit the needs of individuals on a working team or of a small and growing business. www.dashlane.com

DigitalPersona  DigitalPersona by Crossmatch employs biometrics and multifactor authentication to deliver a secure SSO. While the price reflects its sophistication, DigitalPersona is a reliable method of ensuring that the users accessing your system are the right users. This solution is recommended for larger businesses that require security peace of mind. www.crossmatch.com/digitalpersona/

EmpowerID  EmpowerID excels at automation of the identity access management process. Administrator roles are primarily for monitoring rather than managing, freeing them up to handle more pressing tasks. Emphasizing self-service, EmpowerID's user portal is intuitive and easy for employees to learn. www.empowerid.com

Evidian  Evidian's SSO is a flexible solution that supports authentication via password, biometrics, and even other methods like smartcard or radio badge. The platform also has robust security controls for administrators so your policies can be tailored to precisely meet your organization's needs. www.evidian.com/products/enterprise-sso/

Idaptive – Formerly known as Centrify Identity Service, Idaptive offers a holistic approach to identity access management, encompassing the cloud and mobile applications. The system supports both your employees and anyone outside of your organization who might need to access particular applications in partnership with your company. Implementation is adaptable to a number of different directory types. www.idaptive.com

Imprivata  Imprivata focuses on reducing the time and complexity of the SSO process. It simplifies its implementation with a drag-and-drop profile generator, which saves IT departments some heavy lifting. Following implementation, users can access all of their applications through a single authentication. www.imprivata.com/single-sign-on-sso

JumpCloud  Aimed primarily at enterprise clients, this cloud-based SSO offers wide support for a variety of directory types. The platform is compatible with scores of popular applications and has a user-friendly interface. The first 10 users for your company are free. https://jumpcloud.com/sso-single-sign-on

Keeper SSO Connect  This platform unifies SSO with other security features, like safe storage for proprietary data, customer data, sensitive documents and access credentials to restricted systems. Ultimately, Keeper SSO Connect serves as a centralized access system that governs more than just applications. https://keepersecurity.com/keeper-sso-connect.html

LastPass  LastPass is a simple platform suited for small teams and startups. Its robust features, including multifactor authentication, are impressive for a free service without undermining its simplicity and user-friendly interface. In case your small business outgrows the free edition, LastPass offers a premium version. https://lastpass.com

LoginRadius  LoginRadius supports multifactor authentication and multiple methods of authentication, including standard login and phone registration. With both a business and enterprise plan, LoginRadius works for businesses of all sizes. All plans include training and live support. https://www.loginradius.com/single-sign-on/

Microsoft Azure  Microsoft Azure boasts some of the largest application support out of the solutions we reviewed. The platform supports multifactor authentication for added security and employs Microsoft's infrastructure, virtually guaranteeing that your synced directory will be safe in the company's care. https://azure.microsoft.com

MiniOrange  MiniOrange supports several directory types. It can also communicate with most SaaS applications, as it supports all types of external identity sources, from SAML to OAuth 2.0. MiniOrange gives administrators control over security policies and groups, while offering reports and data-driven insights to keep them informed. http://miniorange.com/single-sign-on-sso

Okta Identity Management  Okta is a robust and powerful platform that makes the identity access management process simple and secure. With relatively easy implementation and a simple user interface, Okta reduces the pain of integrating SSO with your current operations while boosting security and productivity. www.okta.com/products/single-sign-on/

OneLogin  OneLogin is an adaptable and customizable platform that lends great control to administrators to determine security groups and policies. OneLogin impresses particularly in tailoring the directory to the needs of the organization. While this means more active engagement on the back end, it also means versatility and scalability, and the end-user experience remains easy to learn. www.onelogin.com

PingFederate  PingFederate, an SSO from Ping Identity, unifies SaaS, mobile and web applications under a single authentication system. It covers the most commonly used business applications and centralizes control over identities, permissions, and credentials on the back end, giving your administrators greater control and oversight. www.pingidentity.com/single-sign-on/software-sso.html

PortalGuard – PortalGuard is ideal for small businesses requiring integration with a wide variety of web and SaaS applications. Administrators have wide latitude for setting security policies and groups, including multifactor authentication and which methods it requires a user to employ. www.portalguard.com

Additional reporting by Adam C. Uzialko.

Editor's note: If you're looking for information to help you choose the single sign-on service that's right for you, use the questionnaire below and we'll contact you with information from a variety of vendors for free.

Bennett Conlin
Bennett Conlin, Writer

Bennett is a B2B editorial assistant based in New York City. He graduated from James Madison University in 2018 with a degree in business management. During his time in Harrisonburg he worked extensively with The Breeze, JMU’s student-run newspaper. Bennett also worked at the Shenandoah Valley SBDC, where he helped small businesses with a variety of needs ranging from social media marketing to business plan writing.