As the number of systems in our everyday lives continues to grow, memorising complex passwords for each of them becomes a challenge. Single Sign On (SSO) may be the solution to our problem. It authorises access to different applications and services with a single identity, making the task of adding and deleting users in our systems much easier.
In this article, we will explore in detail what Single Sign On (SSO) is and how it can benefit us. We will look at its main features, such as simple management, security, ease of use and transparency. In addition, we will examine the different types of SSO, such as enterprise SSO, web SSO, federated identity, OpenID, OAuth, among others. We will also consider the advantages and disadvantages of SSO, so that we can fully understand its impact and make informed decisions about its implementation.
What is Single Sign On (SSO), and what does it do?
Single Sign On, also known as SSO, allows users to have access to multiple applications by signing in with only one existing account. When there are multiple systems that can be accessed using the same password, Single Sign On becomes a useful tool that can help us prevent repeated authentication each time the user is disconnected from a given service. This is highly convenient for users; by identifying themselves just once, it is possible to maintain a valid session for all the other applications that use SSO.
SSO aims to simplify the user experience on the Internet by facilitating session sign-in tasks.
Using the Single Sign On identification system, it is possible to have multiple accesses with a single account; for example, by signing in to Gmail, we will have account-level access to its various web applications, such as Google Docs, Google Maps, Google Books, etc.
Features of Single Sign On (SSO)
This authentication procedure facilitates access to different platforms. It also has other important features in regard to simple management, security, ease of use, and seamlessness.
Easy management
Using SSO synchronises passwords and user information, making access to different platforms and resources easier.
Security
This authentication system improves network and application security. Single Sign On can uniquely identify a user, ensuring compliance with the most demanding security standards.
Information provided by Single Sign On is encrypted and transmitted across the network.
Ease of use
SSO solutions improve user experience by avoiding the interruptions caused by password requests to access essential IT tools.
The user is authenticated once and the system allows them to access all the resources they are permitted to use.
Seamlessness
Access to all applications takes place seamlessly due to sign-in automation.
Types of Single Sign On (SSO) Authentication
Enterprise Single Sign On (E-SSO)
Enterprise SSOs are implemented in enterprise application integration (EAI) environments. Therefore, with a single set of sign-in credentials, users are allowed to access all integrated applications within an enterprise, whether they exist on premise or on the cloud.
Web single sign-on (Web-SSO)
This solution is ideal for applications that can be accessed through the web, such as websites or web services. Its goal is to verify a user’s identity on multiple applications at once without the person having to identify themselves repeatedly. It relies on an external or third-party authentication system.
A proxy SSO server running the authentication system handles access data and performs the confirmation of user identity. Then, it transfers the result to the computer running the web service or website that requested it. The Single Sign On server and web service communicate via tokens in a way that is mostly invisible to the user. When the user is attempting to sign on to the website or web service, the authentication system generates a global token and sends the value to the user. Consequently, the user can enter the global token into the website, which in turn corroborates the value with the authentication system to ensure the user’s identity before granting them access. If the user is already signed in to the authentication system, the Single Sign On server transmits their credentials along with a local token to the website, signifying a successful login.
Federated identity
Federated Identity Management (FIM) or federated SSO broadens the scope of standard SSO technologies by uniting multiple organisations under one authentication system. While traditional SSO allows access to several systems within one enterprise, FIM allows access to several systems within many different enterprises. However, both methods authenticate the user through one identity.
Open ID
A decentralised approach to SSO technologies, Open ID functions on the concept of a relying party (RP) and an identity provider (IDP). The RP is the website or service that wishes to authenticate the user, whilst the IDP performs the authorisation by recording the user’s chosen identity (which is portrayed through a URL identifier called an OpenID). The multipoint interactions between the user, RP, and IDP occur through a user-agent like a browser.
OAuth
OAuth is not one particular technology, but rather a standard that is available for all to implement. It functions on the principle of Access Tokens and can help realise SSO. A client or user interacts with an Authorisation Server to receive an access token that would help them validate their identity with a Resource Server. Resource servers are in charge of delegating a resource to an authorised client.
Kerberos-based SSO
This protocol allows users (the client) to utilise a ticket-granting ticket or Ticket to Get Tickets (TGT) after the verification of their credentials. A TGT is swapped for a service ticket from the ticket-granting service (TGS). Service tickets permit the user access to protected services over the network (for example, a mail server).
Smart-card Authentication
Instead of implementing software to authenticate the same set of credentials such as in conventional SSO processes, hardware devices like the smart-card can be used to achieve similar results.
Security Assertion Markup Language
SAML is an open standard based on XML that can empower SSO implementations. It consists of two parts, namely the SAML identity provider (IdP) and the SAML service provider (SP). Initially, the principal or the user requests to connect to the SP. In turn, the SP asks the IdP for an authentication assertion. Once this is issued, the SP delivers the service needed by the user or decides to opt out of it.
Single Sign On (SSO) Advantages and Disadvantages
The advantages and disadvantages of Single Sign On (SSO) are as follows:
Advantages of Single Sign On (SSO):
- Quick access to applications: With SSO, users can quickly access multiple applications and services with a single authentication. This saves time and effort by avoiding the need to remember and type different passwords for each application.
- Simplifying the user experience: SSO improves the user experience by eliminating the need to repeatedly log into different systems. Users only need to authenticate once and can then access all SSO-enabled applications and services without having to re-enter their credentials.
- Increased security: By using SSO, stronger and more secure authentication can be implemented. Instead of relying on weak or reused passwords, stronger authentication methods, such as two-factor authentication (2FA) or biometric authentication, can be used to secure the user’s identity.
- Simplified administration: SSO simplifies the administration of users and passwords in an enterprise environment. Administrators can centrally manage user accounts and access permissions, making it easier to add and remove users from systems.
Disadvantages of Single Sign On (SSO):
- Single vulnerability: If SSO is compromised, all applications and services linked to it may also be at risk. A successful attack on the SSO system could allow attackers to access multiple applications and services without additional authentication.
- Dependency on SSO system availability: If the SSO system experiences an outage or becomes inaccessible, users could lose access to all linked applications and services. This can cause inconvenience and productivity problems.
- Implementation complexity: Implementing an SSO system can be complex, especially in enterprise environments with multiple applications and systems. It requires careful planning, integration with existing systems and ensuring compatibility with various platforms and authentication protocols.
- Privacy and trust: When using SSO, users must trust that their SSO provider will adequately protect their personal and login data. There is a risk that authentication information could be compromised or misused if the SSO provider does not implement adequate security measures.
| SSO Advantages | Single Sign On Disadvantages |
| Streamlines user access to their applications. | Using a single password increases the chances of password vulnerability. |
| Reduces the load of memorising several passwords. | When SSO fails, access to all related systems is lost. |
| Easy to implement and connect to new data sources. | Increased risk of identity spoofing and phishing in user-external accesses. |
Conclusions
For businesses, having an authentication system such as Single Sign On means relieving the user of the burden of remembering numerous passwords, as well as providing very important assets directly related to efficiency, thus reducing the number of calls to the helpdesk or IT department to solve problems caused by password security.
Do you want to know more? Contact our experts and solve your doubts.
Improve your IAM strategy, implementation and managed services, talk to our experts!
contact us about IAM
