As the number of systems in our everyday lives continues to grow, memorising complex passwords for each of them becomes a challenge. Single Sign On (SSO) may be the solution to our problem. It authorises access to different applications and services with a single identity, making the task of adding and deleting users in our systems much easier.
What is Single Sign On (SSO), and what does it do?
Single Sign On, also known as SSO, allows users to have access to multiple applications by signing in with only one existing account. When there are multiple systems that can be accessed using the same password, SSO becomes a useful tool that can help us prevent repeated authentication each time the user is disconnected from a given service. This is highly convenient for users; by identifying themselves just once, it is possible to maintain a valid session for all the other applications that use SSO.
SSO aims to simplify the user experience on the Internet by facilitating session sign-in tasks.
Using the Single Sign On identification system, it is possible to have multiple accesses with a single account; for example, by signing in to Gmail, we will have account-level access to its various web applications, such as Google Docs, Google Maps, Google Books, etc.
Features of Single Sign On (SSO)
This authentication procedure facilitates access to different platforms. It also has other important features in regard to simple management, security, ease of use, and seamlessness.
Using SSO synchronises passwords and user information, making access to different platforms and resources easier.
This authentication system improves network and application security. Single Sign On can uniquely identify a user, ensuring compliance with the most demanding security standards.
Information provided by SSO is encrypted and transmitted across the network.
Ease of use
SSO solutions improve user experience by avoiding the interruptions caused by password requests to access essential IT tools.
The user is authenticated once and the system allows them to access all the resources they are permitted to use.
Access to all applications takes place seamlessly due to sign-in automation.
Types of Single Sign On (SSO) Authentication
Enterprise Single Sign On (E-SSO)
Enterprise SSOs are implemented in enterprise application integration (EAI) environments. Therefore, with a single set of sign-in credentials, users are allowed to access all integrated applications within an enterprise, whether they exist on premise or on the cloud.
Web single sign-on (Web-SSO)
This solution is ideal for applications that can be accessed through the web, such as websites or web services. Its goal is to verify a user’s identity on multiple applications at once without the person having to identify themselves repeatedly. It relies on an external or third-party authentication system.
A proxy SSO server running the authentication system handles access data and performs the confirmation of user identity. Then, it transfers the result to the computer running the web service or website that requested it. The SSO server and web service communicate via tokens in a way that is mostly invisible to the user. When the user is attempting to sign on to the website or web service, the authentication system generates a global token and sends the value to the user. Consequently, the user can enter the global token into the website, which in turn corroborates the value with the authentication system to ensure the user’s identity before granting them access. If the user is already signed in to the authentication system, the SSO server transmits their credentials along with a local token to the website, signifying a successful login.
Federated Identity Management (FIM) or federated SSO broadens the scope of standard SSO technologies by uniting multiple organisations under one authentication system. While traditional SSO allows access to several systems within one enterprise, FIM allows access to several systems within many different enterprises. However, both methods authenticate the user through one identity.
A decentralised approach to SSO technologies, Open ID functions on the concept of a relying party (RP) and an identity provider (IDP). The RP is the website or service that wishes to authenticate the user, whilst the IDP performs the authorisation by recording the user’s chosen identity (which is portrayed through a URL identifier called an OpenID). The multipoint interactions between the user, RP, and IDP occur through a user-agent like a browser.
OAuth is not one particular technology, but rather a standard that is available for all to implement. It functions on the principle of Access Tokens and can help realise SSO. A client or user interacts with an Authorisation Server to receive an access token that would help them validate their identity with a Resource Server. Resource servers are in charge of delegating a resource to an authorised client.
This protocol allows users (the client) to utilise a ticket-granting ticket or Ticket to Get Tickets (TGT) after the verification of their credentials. A TGT is swapped for a service ticket from the ticket-granting service (TGS). Service tickets permit the user access to protected services over the network (for example, a mail server).
Instead of implementing software to authenticate the same set of credentials such as in conventional SSO processes, hardware devices like the smart-card can be used to achieve similar results.
Security Assertion Markup Language
SAML is an open standard based on XML that can empower SSO implementations. It consists of two parts, namely the SAML identity provider (IdP) and the SAML service provider (SP). Initially, the principal or the user requests to connect to the SP. In turn, the SP asks the IdP for an authentication assertion. Once this is issued, the SP delivers the service needed by the user or decides to opt out of it.
Single Sign On (SSO) Advantages and Disadvantages
|Streamlines user access to their applications||Using a single password increases the chances of password vulnerability|
|Reduces the load of memorising several passwords||When SSO fails, access to all related systems is lost|
|Easy to implement and connect to new data sources||Increased risk of identity spoofing and phishing in user-external accesses|
For businesses, having an authentication system such as Single Sign On frees the user from remembering several passwords. It also offers significant benefits directly related to efficiency and security. In turn, this reduces calls to technical support or the IT department to solve issues related to password security.