Single sign-on (SSO) is an authentication service that allows users to enter their credentials, such as username and password, once to access multiple applications. In the same vein, SSO includes Single Log Out, meaning if the user logs out of one app, the other apps will also be logged out.
How Does it Work?
Single Sign-On (SSO) operates on a foundation of trust between the application or service and an external service provider, also known as an Identity Provider (IdP).
This trust is established through seamless communication between the application and a centralized SSO service, which the application relies on when a user attempts to log in. The SSO service typically operates on its dedicated SSO policy server.
When a user inputs their credentials to sign into the application, the application generates an SSO token. This token, a digital file containing user-identifying information, plays a crucial role in authenticating the user between the application and the SSO service.
Subsequently, an authentication request is transmitted to the SSO service, which verifies whether the user has been previously authenticated. If authentication is confirmed, access to the application is granted. However, if authentication fails, the SSO service redirects the user to the central login page to re-enter their information.
A successful login seamlessly grants the user access to the application, while a failed attempt prompts an error message. In cases of repeated failed attempts, the user's account may be temporarily locked for security purposes, ensuring cybersecurity and promoting Cyberfit practices.
Advantages of Using SSO
- Using SSO means remembering fewer usernames and passwords, leading to less password fatigue. Also, employees are more likely to create one strong password rather than use multiple weak ones or one easy-to-remember repeatable one.
- Because many applications will lock out a user after numerous failed login attempts, IT departments often get flooded with requests to reset passwords and unlock accounts. Implementing SSO reduces the workload for IT helpdesk employees.
- One set of credentials means fewer targets for cybercriminals, reducing the chance of being phished.
Disadvantages of Using SSO
- Some applications require stricter password requirements than others; SSO doesn't always address this issue.
- If the SSO policy server becomes unavailable, every app that uses SSO is also inaccessible until connectivity is restored.
- If unauthorized access is gained to one app via a cyber-attack, then access to any of the other apps is also available to the attacker. Many security professionals recommend refraining from using social SSO services, such as those associated with Google, Apple, Twitter, and Facebook, because of the risk of exploitation if one set of credentials is compromised.
Every network is different and is presented with varying levels of risk. For extra protection, organizations should pair SSO with identity governance and multifactor authentication to improve their security footprint.
References: