how-does-single-sign-on-works

Can Single Sign-On Kill the Password?

Authentication is one of the most important components of strong data security. The ability to quickly, accurately, and securely verify the identity of a user is essential to controlling access to devices or applications that have been entrusted to store private, personal, or proprietary information.

The most well-known implementation of managing user access is the password. Whether it’s a four-digit PIN or a complex phrase peppered with special characters, the ubiquitous password field is the traditional barrier to entry for user authentication. 

Cybersecurity experts, however, believe that passwords are among today’s most critical cybersecurity issues. Not only are most passwords short and easy to guess, but many phrases or password variations are also commonly used among people. Security experts recommend that users choose passwords that rely on random but memorable characters, yet the most common passwords are easy-to-type phrases like “123456” or “password.” 

According to Microsoft, at least 44 million accounts are vulnerable due to the risk of compromised or stolen passwords. Verizon’s Data Breach Investigations Report has identified compromised passwords as being responsible for 81% of hacking-related breaches. In spite of those risks, a survey by Google has revealed that more than 65% of people reuse the same password across multiple accounts. That risk extends to the enterprise, as 73% of users rely on duplicate passwords between work and personal accounts.

What is a single sign-on (SSO)?

Single-sign on (SSO) is a user authentication solution that grants access to multiple applications or services through a single set of login credentials. Rather than relying on a user to input different passwords across different platforms, SSO solutions enable users to authenticate just once in order to use a full suite of applications.  

Reducing password fatigue is essential to providing a good user experience and maintaining strong cybersecurity. Considering that the average company now runs more than a dozen cloud applications, it should come as no surprise that users reuse or rely on easy-to-remember passwords. By replacing the need to input multiple passwords with a universal solution, users can quickly, conveniently, and securely access all of their applications from a single point of entry.

What are the benefits of SSO?

SSO provides organizations with a highly secure user authentication process that also helps streamline operations in a variety of different ways, including:

  • Enhanced security. Delivering a centralized user session, SSO can be combined with risk-based authentication (RBA) to demand extra verification as well as secondary authentication methods through multi-factor authentication (MFA).
  • Improved user experience. Not only does SSO reduce password fatigue, but granting users a full suite of applications through a single method can also speed up tedious authentication tasks such as onboarding. 
  • Reduced administrative burden. Consolidating authentication into a single source reduces the need for IT administrators to assist users with password reset requests across a wide variety of platforms.

What are some common use cases for SSO?

Organizations take advantage of SSO to help streamline mobile workflows, manage access to several cloud-based apps, and provide strong security:

  • Multiple applications. For users tasked with accessing a suite of several different work applications, SSO reduces the need to remember multiple passwords for each individual application. Providing a single method of signing on can also save time, eliminating the need to access multiple login pages for different apps.
  • Remote workflows. For an organization’s work-from-home or bring-your-own-device policies, SSO provides an additional, high-quality layer of security for users who may not be accessing a device or application on a corporate network. 
  • High security. When combined with MFA, SSO can provide passwordless authentication through the use of an additional physical device, such as a smart card or USB key, delivering a second layer of physical security. 

How does SSO work?

SSO authentication takes advantage of a federated authentication service as a means of providing identify and access management (IAM) for the user. After logging in with SSO, any application the user attempts to access is granted a specific access token that provides authentication. Authentication credentials are passed on using Security Assertion Markup Language (SAML), an open standard for federated authentication intended for enterprise security, or OAuth, a Google and Twitter-developed open standard intended for mobile devices. 

When using an SSO service, a user may be asked at first to provide a single password. When combined with an MFA requirement, a user may also be asked to provide an additional security confirmation, such as inserting a secure USB key into a device or scanning a mobile app access code. Once the SSO process is complete, the user is granted access to any and all cloud applications made available through an organization. Rather than having to visit multiple websites to use SaaS cloud-based applications, an SSO homepage can provide quick links to authenticated apps.

Which vendors support SSO? 

Major enterprise-level security providers, such as IBM, Oracle, and Microsoft, offer SSO solutions for its applications and platforms. SaaS-focused companies like Okta also provide automated credentials management specifically intended for a full suite of cloud-based platforms. LastPass Enterprise, for instance, integrates with hundreds of popular cloud-based platforms. 

Does Fluix support SSO?

Fluix provides full SSO capabilities based on the SAML authentication standard. Any identify provider including Okta, Auth0, Microsoft AD can provide access to Fluix using a common set of login credentials. To see how SSO can be implemented in Fluix, read the Fluix single sign-on feature tutorial.