By Ayman Totounji, Founder , Cynexlink
Wikipedia defines Single sign-on or SSO as “an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.”
Simply put, Single sign-on is a session or a user authentication service that allows a user to use a single set of login credentials—username and password—for multiple applications.
Or you can say that you can gain access to several applications with just one set of passwords and usernames.
This way, it simplifies password management for both businesses and individuals.
An example of an SSO login is Google’s products. For example, if you log into Gmail, you automatically get access to Google Drive, Google Photos, YouTube, and other Google services.
How it Works
Whenever you sign in to use an SSO service, the service creates an authentication token that remembers that you are verified. This authentication token is a sort of digital information being saved either in the user’s browsers or within the SSO service’s servers, like a temporary ID card provided to you.
Any app that you access will be authenticated by the SSO service. The SSO approves the user’s authentication token to the app and the user is granted access. But a user will be required to sign in through the SSO service if they haven’t done it yet.
However, an SSO service might not necessarily keep a user in its record, since it doesn’t save user identities. Most SSO services work by checking user credentials with a different identity management service.
SSO just confirms whether your login credentials match with their identity in the database, without looking after the database themselves—just like a record-keeper who can access the records easily without having the entire catalog memorized.
I think these steps will help you understand better how Single Sign-On functions
- The website first checks to see if you have already been approved by the SSO solution so that it can give you access to the site.
- If you haven’t, it redirects you to the SSO tool to log in.
- You are asked to fill credentials.
- The SSO solution asks your identity provider or authentication system to confirm your identity.
- The data is then transferred to the website by the SSO tool. It also takes you back to that site.
- After the sign-in process, the site verifies authentication verification data with you as you pass through the site to confirm that you are authenticated each time you move to a new page.
What are the Benefits of Single Sign-On?
SSO lets users access all of their apps with a single set of passwords and usernames. Here I have discussed some benefits of Single Sign-On service.
SSO boosts productivity. When all of the apps are placed in one convenient portal, it accelerates access to required systems and resources.
With SSO in place, a user needs to log in once and get one-click access to all the apps they require.
Although the amount of time saved might seem small, all of the time generally spend logging into individual resources adds up.
SSO also reduces the time users spend going through password-related hassles, since one only requires using a single set of a password. And this can make a difference when you have to manage some 40 passwords. Isn’t it?
Therefore, users can focus on the important tasks rather than fiddling with multiple passwords.
Minimizing Risk Associated with Bad Passwords Habits:
Passwords can cut both ways. While they fortify your data, they can be used to steal all information if they get into the hands of a threat actor. That’s why they are also defined as a double-edged sword.
Top of that, most passwords are not easy to remember and it is time-consuming to type into each resource you need to get into. While changing your passwords is important, it just adds to the frustration for some users.
If you use SSO, you are less likely to type password down, repeat passwords, make simple or commonly used passwords, or resort to other bad password practices.
Minimizing Helpdesk Costs:
Given that SSO minimizes the requirement to use the number of passwords, users are less likely to request the IT department for password resets. This can save time and hassles as resetting a simple password can eat up the helpdesk’s valuable time.
According to one study, 20-50% of all help desk requests are for password resets. Providing a single set of credentials to employees will simply reduce this need.
Improving Security Efficiencies:
From the security viewpoint, it is quite obvious to be bothered by the use of the same password for all the apps. What if your master password is stolen?
Yeah, keeping one password can make your systems vulnerable.
And it is equally true that SSO can minimize password theft if used carefully.
This is because users only need to remember a single password for many apps, meaning that they can focus on to make that single password secure and stronger.
Plus, they are less likely to write it down, unlike in the case of multiple passwords that have to be noted down. This way, it minimizes the risk of password theft.
Understanding the Types of Single Sign-On
- ENTERPRISE SINGLE SIGN-ON is considered a primary authentication, intercepting login requests when needed by secondary applications to complete the user and password fields. This system lets one system interacts with other systems that might disable the login screen.
- WEB SINGLE SING ON or WEB SSO works with an application which can be accessed online, and its works to verify a user on multiple applications by eliminating the need of getting identified again.
The proxy server then intercepts the access data as well as facilitates the communication following the transferring the results to the computer that requested it. Unidentified users are sent to an authentication service, returning a successful login.
- FEDERATED IDENTITY relies on an identity management solution that utilizes standards to let application to identify clients without having them to go through the authentication process again and again.
- OPEN ID is a decentralized SSO procedure that involves the storing of user IDS at a URL that any server can approve.
What are the Challenges Associated with Single Sign-On
- More robust passwords should be created. This is because if an SSO account is hacked, others under the same authentication can easily get exposed to the attack.
- A breakdown with SSO at one site can affect all the linked sites. Therefore, it is important to choose the right SSO system. It should be reliable and equipped with the plans to deal with interruptions.
- Your SSO is affected by the problem in your identity provider. The provider’s weakness in any kind of interruption becomes your problem as well, and it might go beyond your control. Again, you need to work with an efficient vendor.
- If a threat actor gets into your identity provider user account, all your linked systems are easily getting vulnerable. This can be termed as a classic single point of failure and should be addressed in the planning process. An efficient SSO provider ensures top-notch security.
- It is not easy to set up SSO due to the different environments.
- SSO is not recommended for the multi-user computers. After all, it causes sheer inconvenience and security issues if other users use a machine that has logged in accounts of someone.
- Some SSO vendors can provide their data to third parties.
How to Choose a Single Sign-On Solution
There are some key factors to consider while choosing a Single Sign-On Solution.
Personalized User Experience:
Check if the vendor lets you customize the login page to your corporate branding. After all, an efficient single sign-on process doesn’t confine the users in a box where everything looks like.
Access to all the Apps You Require:
Make sure your sign-on vendor lets you use all the apps you require.
Security is a crucial point to look for in the vendor. Make sure they protect your password and let you integrate with AD/LDAP for quick access to your data. Reliability is also a key as the breakdown is often associated with these services. Therefore, make sure to work with the one who ensures nearly 100% uptime so that you can team can access their apps when they require them.
SSO solutions should grow with your organization. There is no use of changing the vendors now and then just because they are too big or too small for your needs.
So, you must have understood important things about SSO. It is a great solution to one big problem: how to manage the increasing number of users across a big ecosystem of apps and services.
After all, it is not easy to memorize the complex passwords as we are using more systems in our routine lives.
It lets us log in to different applications and services with just one single identity. It eliminates the need to repeat access to each account each time you get to disconnect from the service.
However, an SSO service is not immune to some issues such as breakdown and comprised passwords. Luckily, these things can be avoided by using strong passwords as well as working with an efficient SSO vendor.
About the Author
Ayman is the founder of cynexlink. When Ayman founded Cynexlink, he had one core mission in mind: helping small- and mid-sized companies spend more time focusing on their core businesses. Could we impress you with his technical background? With his engineering degree from Damascus University, as a CCNP, CCVP, CCNA, CCDA, Cisco IPTX, and VoIP specialist, being MCSE and A+ certified and having nearly 20 years of experience in enterprise network design and architecture, network routing, switching, wireless, security, Cisco Unified messaging, CCME, UC500 Series, voice gateway and Cisco Unity – yes, we think we could.