Single sign-on (SSO) allows users to sign on with a single set of credentials to access multiple applications and services. SSO provides increased security and a better user experience for partners, employees, and customers by reducing the number of passwords required and providing simpler access to all the services and apps they need.
What is an Identity Provider?
An organization known as an identity provider (IdP) enables SSO by implementing a centralized authentication server that all services and apps then use to confirm users’ identities. This server validates user identities and issues access tokens, which are encrypted bits of data that confirm a user’s identity and rights.
When users sign on for the first time, their usernames and passwords are sent to an identity provider to be verified. The authentication server verifies the credentials against a directory where user data is stored and then initiates an SSO session on the user’s browser.
When users requests access to applications within a trusted group, the service provider does not require multiple passwords, but requests user identity authentication from the identity provider.
When the identity provider supplies a valid access token, the service provider grants the user access without showing the user the sign-on screen.
Single Sign on Types
When all applications were still on-premises, single sign-on solutions requirements were very relatively simple. An employee would sign on to an SSO session where they would be authenticated against a single directory. This provided them with access to multiple apps that were all running within the same organization, without them having to re-enter their username and password every time. This is the most basic form of single sign-on.
Business environments are much more complex today. The explosion of SaaS, cloud, and on-premises applications needs a much more robust single sign-on solution, but at the same time, it means that SSO becomes exponentially more valuable. Today many organizations use federated SSO that enables authentication with one set of credentials across multiple security domains and organizations. This enables them to provide secure single sign-on to a trusted group of “service providers,” or applications even when those applications sit outside their firewalls or are owned by third parties.
Cloud Single Sign-on
Cloud single sign-on is another type of SSO. Cloud applications are nowadays a vital part of enterprises’ operational, infrastructure, and productivity needs. With an ever increasing number of employees working from home and growing customer experience expectations, organizations are finding ways to use cloud SSO to connect everybody to everything easily. Cloud single sign-on allows for centralized access management and enables users to provide authentication to their cloud-based applications and services with a single identity. The process is streamlined by cloud SSO as it offers users secure access to numerous services and apps while eliminating the need for re-authentication.
Single Sign-on Standards
This exchange is made possible by using identity standards like OpenID Connect, OAuth, and SAML. Standards allow for securely sharing identity data among multiple identity providers and service providers. Each connection would need customized development without standards, and this would quickly become unsupportable and cumbersome.
There are several standards due to newer standards being developed over the years that are more suitable for SaaS-based and web-based apps, while older standards tend to work better with older apps. As each type has its own strengths, enterprise SSO systems should support the full range.
Single Sign-on Benefits
From online shopping to social media, specialized business applications to collaboration tools, it’s become virtually impossible to remember that many unique usernames and passwords. Many of us tend to write our passwords down or choose weak passwords that are easier to remember, and more than 80% of people reuse the same password across multiple platforms.
Having to sign on repeatedly is also a hassle, both for employees and customers. Online businesses sometimes require different passwords for separate parts of their website while employers may require employees to sign onto each business application separately. Talk about wasting time!
When it comes to enabling a simple, secure experience across multiple channels, single sign-on goes a long way toward decreasing the chance of a security breach while also reducing frustration.
A study by Forrester Research shows that password resets typically cost enterprises $179 per employee per year on average. Multiply that amount by the number of employees and the IT cost gets high very quickly. Having fewer passwords leads to fewer resets and much less money and time spent on administrating users.
By implementing single sign-on, organizations can reduce the heavily targeted attack vector of user credentials down to one. This single set of credentials can also be secured much more carefully. Single sign-on for example helps in keeping user data more secure by authenticating using tokens, rather than having to forward passwords or store credentials on user devices.
Single sign-on eliminates the frustration of having to sign on to each app individually and having to remember multiple sets of credentials. Employees can increase their productivity, while partners and customers are presented with a frictionless experience that makes doing business much easier. SSO on mobile devices also provides a crucial advantage, especially since 72% of organizations allow or plan to allow “bring-your-own-device” and customers use their phones for just about everything.
Single Sign-on Examples
To show how helpful single sign-ons are, here are a few examples of how they are used in the real world:
• A retailer uses an extensive network of distribution and supply chain partners. All those partners can simply log into the application dock, and will then be able to access all the services and applications the retailer has enabled for them from one place, without having to login further.
• A banking customer signs on to their banking app to check the balance in their savings account. They then move over to the mortgage application seamlessly, and customer service about an imminent trip and check their credit score. Although each of those services is a different application on the backend, the customer doesn’t have to sign on again to reach the other apps.
• In the morning, employees sign on to their company email accounts with their email addresses and passwords. Once logged in, they can access all their applications, including things like timesheets, the intranet site, instant messaging, IT help desk, and their sales data, without having to ever provide another password.
Is Single Sign-on the Best Security Approach For User Credentials?
Even though there are many benefits to single sign-on, some may still not be convinced whether it’s the best approach to security for their customers and employees. Companies that permit users to use only one set of credentials to access everything had better make sure those users (and their systems) are protecting the credentials properly. Once a hacker gets hold of them, they will have access to all the user’s services and apps. Even if you use the best security technology available in the world, a user’s password can unfortunately still be compromised via reuse on a hacked site, phishing scams, or other unsafe behavior.
Securing a set of single strong credentials is however much easier than having to manage many, and organizations are using multi-factor authentication to strengthen security at the sign-in point. This means that users have to provide an extra piece of evidence apart from a password to prove they are who they claim to be. Advanced systems even use intelligence to assess a given user’s actions or their risk level to decide whether to increase security or not.
User Access Made Simple
As IT environments grow increasingly complex and expectations for user experience increase, organizations that leverage SSO solutions to provide secure user access will have an advantage over others. They can improve security with single sign-on by reducing the number of passwords required, providing a seamless experience, and decreasing IT password management costs. They’re thereby also enabling employees to increase productivity, and give customers effortless access to all their applications, often without users even realizing it!