Single sign-on (SSO) is an identification system that allows users to access multiple applications and websites with one set of login credentials. The implementation of SSO within an enterprise helps ease password management and improve security as workers access applications that are on-premises as well as in the cloud.
Both on-premises and cloud-based SSO solutions are offered in the marketplace.
Traditional on-premises SSO solutions require the provisioning, configuration, and upkeep of physical servers or virtual machines.
Cloud-based SSO solutions are software as a service (SaaS) and fully hosted by the vendor. The customer doesn't have to install, manage, or maintain any type of hardware.
With both types of SSO solutions, users can access multiple cloud applications with a single username and password, or they have the option of using no password at all.
There are multiple benefits from SSO, including:
When implementing SSO and giving your users easy access to work applications, a critical part of helping to ensure the integrity of the sign-on process is the ability to verify their identities with 2FA, also known as multi-factor authentication (MFA).
Security experts recommend implementing SSO with 2FA. Unlike passwords, which can be stolen or guessed, 2FA requires users to provide at least one authentication factor in addition to a password—a code sent to a mobile phone, fingerprint or facial recognition, or a physical ID card. These additional credentials are ones that adversaries cannot easily steal or spoof, so 2FA can dramatically reduce risks related to compromised credentials in SSO. It is critical to set customized policies and controls for each application to be more secure, protect the organization from risky users, and keep your data safe.
Look for a solution that offers strong security; is usable by all employees, including partners and contractors; is available in different regions; supports a variety of apps, including cloud and on-premises, web and client-based apps; and supports common protocols such as Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
An SSO solution should ideally be integrated with an advanced 2FA solution. Think of SSO and 2FA as modules of an IAM platform that work together to authenticate and help enable federated application access to users, based on granular conditional access policies.
Choose a solution that's easy to deploy; easy to manage and administer; and helps your users stay productive by getting up and running quickly without sacrificing security.
Select an SSO solution that offers high availability and uptime with strong SLAs and the ability to scale quickly for enterprise rollout.
Validate that the SSO solution has obtained security certifications such as SOC 2 and ISO 9001. Certifications provide assurance that data is protected.
Because rolling out an SSO solution requires planning and support, try to ensure security investments and human resources devoted to the solution stay relevant for years to come. Always think about the long-term goals of the technology that you're deploying.
In the IAM world, SSO reduces reliance on passwords and helps with transitioning to passwordless authentication for use cases that permit it, with an eventual goal of moving to desktop SSO. The SSO solution should also keep pace as new cyberthreats emerge and adversary tactics evolve. When migrating applications to SSO, you should see continuous improvement in support and capabilities.