What Is Single Sign-On (SSO)?

Single sign-on (SSO) is an identification system that allows users to access multiple applications and websites with one set of login credentials. The implementation of SSO within an enterprise helps ease password management and improve security as workers access applications that are on-premises as well as in the cloud.

Methods of SSO

Both on-premises and cloud-based SSO solutions are offered in the marketplace.

On-premises SSO

Traditional on-premises SSO solutions require the provisioning, configuration, and upkeep of physical servers or virtual machines.

Cloud-based SSO

Cloud-based SSO solutions are software as a service (SaaS) and fully hosted by the vendor. The customer doesn't have to install, manage, or maintain any type of hardware.

With both types of SSO solutions, users can access multiple cloud applications with a single username and password, or they have the option of using no password at all.

What are the benefits of SSO?

There are multiple benefits from SSO, including:

  • In today's hybrid workforce environment, SSO can help to improve workers' productivity—especially when they need to access applications that are either on-premises or in the cloud. Password fatigue and errors are reduced as workers traverse multiple applications.
  • Companies that have implemented SSO experience fewer help desk requests for password resets and other account issues. SSO can eliminate unproductive tasks while delivering cost savings.
  • Implementation of SSO along with 2FA can help organizations improve security and compliance. According to Verizon, more than 80% of attacks on web applications come from stolen credentials. SSO can help prevent such attacks by allowing users to access multiple applications with a single login credential or even go passwordless.
  • Enforcing 2FA for users accessing applications using SSO can help companies adhere to regulatory compliance requirements such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

What role does two-factor authentication (2FA) play in SSO security?

When implementing SSO and giving your users easy access to work applications, a critical part of helping to ensure the integrity of the sign-on process is the ability to verify their identities with 2FA, also known as multi-factor authentication (MFA).

Security experts recommend implementing SSO with 2FA. Unlike passwords, which can be stolen or guessed, 2FA requires users to provide at least one authentication factor in addition to a password—a code sent to a mobile phone, fingerprint or facial recognition, or a physical ID card. These additional credentials are ones that adversaries cannot easily steal or spoof, so 2FA can dramatically reduce risks related to compromised credentials in SSO. It is critical to set customized policies and controls for each application to be more secure, protect the organization from risky users, and keep your data safe.

Choosing the right SSO solution

Mature and enterprise ready

Look for a solution that offers strong security; is usable by all employees, including partners and contractors; is available in different regions; supports a variety of apps, including cloud and on-premises, web and client-based apps; and supports common protocols such as Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

Identity and access management (IAM) platform

An SSO solution should ideally be integrated with an advanced 2FA solution. Think of SSO and 2FA as modules of an IAM platform that work together to authenticate and help enable federated application access to users, based on granular conditional access policies.

Simple, not simplistic

Choose a solution that's easy to deploy; easy to manage and administer; and helps your users stay productive by getting up and running quickly without sacrificing security.

Resilient and scalable

Select an SSO solution that offers high availability and uptime with strong SLAs and the ability to scale quickly for enterprise rollout.

Honor data sovereignty and compliance regulations

Validate that the SSO solution has obtained security certifications such as SOC 2 and ISO 9001. Certifications provide assurance that data is protected.

Long-term vision for your SSO solution

Because rolling out an SSO solution requires planning and support, try to ensure security investments and human resources devoted to the solution stay relevant for years to come. Always think about the long-term goals of the technology that you're deploying.

In the IAM world, SSO reduces reliance on passwords and helps with transitioning to passwordless authentication for use cases that permit it, with an eventual goal of moving to desktop SSO. The SSO solution should also keep pace as new cyberthreats emerge and adversary tactics evolve. When migrating applications to SSO, you should see continuous improvement in support and capabilities.