Marketing

What is single sign-on? How SSO improves security and the user experience

Credit: Gerd Altmann

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you one on one designated platform, enabling you to then use a plethora of services without having to log in and out each time.

Consumers might think of social sign-in through Google, Facebook or Twitter as strong SSO platforms, with each platform enabling access to a variety of third-party services. In the enterprise, an organization might use SSO to allow users to log into proprietary web applications (hosted on an internal server) or cloud hosted ERP systems, for example. 

Implemented correctly, SSO can be great for productivity, IT monitoring and management, and security control. With one security token (a username and password pair), you can enable and disable user access to multiple systems, platforms, apps and other resources. You also reduce the risk of lost, forgotten or weak passwords.

A well thought out and well executed SSO strategy can eliminate password-related reset costs and downtime, mitigate the risk of insider threats, improve user experience and authentication processes, and put the organization firmly in control of user access

Why use single sign on?

SSO’s rise coincides with other notable and interrelated trends, including the rise of public cloud, password fatigue, new developer methodologies, enterprise mobility, and web and cloud-native applications.

The move to cloud applications in particular is both an opportunity and a hinderance. According to recent research, enterprises in 2017 expected to use an average of 17 cloud applications to support their IT, operations and business strategies. So, it’s no surprise that 61 percent of respondents believe identity and access management (IAM) is more difficult today than it was two years ago.

Barry Scott, CTO at Centrify EMEA, sees two clear reasons to use SSO. “The first [reason] is that it improves the user experience by stopping the sprawl of different usernames and passwords which came about through the incredible rise in SaaS cloud-based applications. The second reason is improved security. The main cause of breaches is compromised credentials and the more usernames and passwords we have, the worse our password hygiene becomes. We start to use the same passwords everywhere and they often become less complex, making it easier for credentials to be compromised.”

Okta’s Director of Security Product Joe Diamond agrees that cloud applications are presenting IT teams with new challenges. “IT organizations are faced with questions such as how do you create/manage user accounts, ensure accurate entitlement (no unnecessary permissions), and ensure proper offboarding when an employee leaves the company.

“Having identity stores/silos across multiple solutions also becomes impossible to manage this proliferation,” Diamond adds. “Just because an organization adopts Office 365, Box and Slack doesn’t mean they also want three sets of logins and passwords for these services. SSO becomes, in a way, a prerequisite for organizations looking to adopt cloud solutions.”

Diamond also cites bring-your-own-device (BYOD) policies and the “always-on,” “work-from-anywhere” culture as SSO drivers. “People are working from devices that IT doesn’t control and on networks which IT has no visibility,” he says. “This leaves authentication as a critical device- and location-agnostic control point to invoke security controls such as continuous authentication, multi-factor authentication, context-aware access controls, user behavior analytics and so forth.” 

What are the benefits of SSO?

The biggest advantage of SSO is arguably the scalability it provides. Automated credentials management means that the sysadmin is no longer required to manually take care of all the employees’ access to the services they want. This in turn reduces the human error factor and frees up IT time to focus on more important tasks.