A new year is here, which means that businesses plan and strategize for what’s ahead. Cybersecurity will be a top priority, particularly within the context of hybrid and remote work.
One particular component of cybersecurity to consider is single sign-on or SSO. Single sign-on is one specific part of the identity and access management industry.
Ultimately, when we look at the capabilities and limitations of SSO, we often find that using a holistic IAM approach is a much better option, but it’s still worth evaluating the particular elements of SSO to make an informed decision.
What is SSO?
Single sign-on at its core lets users access multiple applications with one set of credentials for login. Otherwise, without something to help manage to sign on, users will be spending a lot of time and dealing with frustration that comes from having so many different usernames and passwords.
With a simplified login experience, users can be more productive and engaged.
With SSO, there is a relationship between a service provider and an identity provider. The service provider is the website or application. The identity provider is the single sign-on system.
The identity information is in the form of login tokens. The login tokens contain user information, so the service provider can ensure the connection is coming from a trusted source.
While the technical elements are complex, the user experience is simple.
From the technical standpoint, first, a user opens an application they want to use, for example. In doing so, the service provider sends a token to the single sign-on system. The token is a request to authenticate the user. If the user has already logged in on a visit before or on an application under the same SSO umbrella they’re granted access. The identity provider will validate their login credentials and send a token to the service provider.
The Pros of Single Sign-On
Single sign-on benefits include:
- Simplified management of passwords: The primary advantage of SSO is that it takes out the tediousness of managing passwords for users. Users don’t even need their passwords to log into applications in many situations.
- Admin control: With the implementation of SSO, IT admins have a high level of visibility into what end-users are accessing. That reduces the likelihood of shadow IT. Admins also can remove user access to apps when needed.
- Efficiency: The average user will spend 48 minutes per month entering and resetting their passwords. This can significantly impair productivity. SSO allows instant access to whatever apps users need to do their jobs efficiently.
- Security: Password weakness is a major source of cybersecurity risk.
- Password fatigue reduction: Password fatigue is one issue that falls into the larger category of password weakness. Password fatigue means that your users are forced to create, remember and enter so many credentials they reuse them over time.
- Reduced help desk requests: One single password request costs an estimated $70 in labor costs. With SSO, you can lower the request burdens that fall on your help desk.
The Cons of Single Sign-On
There are downsides of single sign-on to be aware of as well.
- Cost: It can be expensive to implement SSO, especially for small businesses. There are a lot of budgetary burdens it can create. SSO vendors will also often charge by the feature, so you can find that the price adds up faster than you even expect.
- Needs an LDAP: SSO solutions are usually layered with a directory, so you might find yourself using disparate solutions to get the results you need.
- Limitations: SSO is often limited to web apps. On the other hand, if you have a comprehensive IAM solution, it will cover you fully.
- Password strength: For SSO to actually deliver on security, passwords need to be incredibly complex and strong. Otherwise, it could create devastating opportunities for bad actors. If an SSO provider is targeted in an attack, all connected resources become a potential attack surface.
- Implementation: SSO does require setup and configuration, so you need to factor the time and resources to do that into your approach.
- Shared computers: If you have a shared or multi-use computer, SSO solutions can open up new potential attack vectors if someone forgets to log out.
So how do you combat these challenges of SSO? Again, you need more than SSO used in a vacuum. You need comprehensive IAM solutions that also integrate other tools like multifactor authentication.