What is SSO?
Single Sign-On (SSO) is an enterprise user authentication tool that enables users to log in to and access multiple applications, websites, and data using just one set of credentials (username and password).
SSO is a popular identity management solution for enterprises who want to reduce security risks surrounding user data, improve the user experience, and streamline IT management and login processes.
The average enterprise uses over 1,000 distinct cloud services. And with hundreds to thousands of employees accessing multiple accounts every day, that translates to a lot of passwords to keep track of and protect.
Securely managing thousands of accounts and associated user data is a challenge for both users and IT administrators. Single sign-on is one solution enterprise organizations use to enhance their IT security, improve user experience, and reduce costs.
What is SSO?
As its name implies, SSO enables users to access multiple websites and applications through a single login step with just one set of credentials.
In other words, SSO makes it easier to access the programs and data you need by removing the extra step of logging in and out of each separate application. Instead, a third party acts as the central authenticator, confirming the user’s identity automatically as they move from page to page and site to site.
SSO exists in both consumer and corporate enterprise environments. For example, consumers might use Facebook or Google to sign in to accounts on other websites rather than creating separate credentials.
This makes the sign-in process quick and easy and takes the burden of authentication and identity storage off the third-party websites.
SSO is a common solution for enterprises whose employees interact with many different programs and applications to do their work.
How does single sign-on work?
SSO simplifies the process of login and authentication for enterprise users.
Here’s how SSO works:
- You (the user) request access to a site or application.
- The site checks to see if your identity has been authenticated with the SSO provider. If yes, the site grants you access. If not, you are redirected to the SSO login to input your credentials (i.e., username and password).
- You enter your login info.
- The SSO solution requests authentication from the identity provider your company uses.
- The identity provider confirms your identity to the SSO solution.
- The SSO solution confirms your identity to the original website and redirects you to the site.
- As you navigate through the website, the site tracks you from page to page using tokens, reauthenticating your identity as you go.
- If you go to another website or application, that site will check your identity with the SSO solution. Since you already logged in, your identity is automatically verified with the new site and you don’t have to log in again.
SSO works a little like a driver’s license or passport. For example, if you go to catch a flight, the TSA agent doesn’t have to know you personally or check you against an internal list to confirm your identity. Your identity has already been verified by a central authority (i.e., the state or federal government).
Similarly, when you try to access a website, the SSO system vouches for your identity. It’s already done the heavy lifting of authentication so the website can trust you.
Benefits of single sign-on
Without SSO, authentication is conducted by each website or application separately. To do this, the site must maintain its own private database of user credentials.
For enterprises that may use a combination of cloud applications and on-premise networks, the sheer volume of user data can be overwhelming. IT must store and manage separate login credentials for each enterprise user (e.g., employees, contractors, and clients), for every single website, program, or application in the system. This situation poses a few problems, including security risks, high management costs, and inefficiency.
That’s where the benefits of SSO come in. SSO helps enterprises with the following:
Reduce help desk requests and lower IT costs
Gartner estimates that up to 50% of all help desk tickets are related to password resets. That’s a lot of time your IT organization could invest in other projects and priorities. And when each password reset costs organizations an average of $70, you’re looking at a high price tag.
SSO largely eliminates these issues. When users only have one set of credentials to remember, they are less likely to forget them—and therefore, less likely to call on IT for help.
Increase efficiency and user satisfaction
With just one login to remember, people spend less time scrolling through a mental list (or physical list) of password combinations trying to access every site they need throughout the workday. The result is more time spent working and happier end users.
As enterprise computing grows, the risks to security and compliance do too. Today, many organizations work with both cloud and on-premise applications. Navigating and managing data across those environments is complex and can get dicey quickly.
For instance, when employees have to keep track of multiple login credentials, they tend to create passwords that are easy to remember and similar to each other. While this makes it easier to access their accounts quickly, it also poses a threat to security. Additionally, if you are hosting and managing user identity data on your own systems, your organization is a bigger target for hackers looking to access valuable user data.
SSO reduces those security risks. Users no longer have to keep track of dozens of passwords and enterprises can offload sensitive data to their third-party SSO platform.
Disadvantages of single sign-on
While there are many advantages to SSO, there are a few single sign-on challenges:
SSO creates a single point of failure
In other words, if your SSO provider is breached, your linked systems could be vulnerable and exposed. That is why it is crucial to enforce strong password protocols and implement additional security measures such as two-factor authentication (2FA) and identity governance at every level.
SSO can be difficult to implement
Enterprise environments are often complex, which means configuring and implementing a strong SSO solution for your organization may take awhile.
Consult with stakeholders from different departments to ensure you understand the different needs, expectations, and use cases your SSO solution must address to prevent blind spots in your implementation.
Reliability issues with your SSO or identity provider interrupt your business
When your SSO or identity provider goes down, you will lose access to your accounts until the systems get back up and running. Choose an SSO vendor with high reliability and contingency plans should you lose connection.
Implementing single sign-on
Configuring and implementing a new enterprise SSO solution is no small task. There are many moving parts and priorities to consider.
Use the following steps and tips to prepare for and enable a successful SSO program.
- Clarify your objectives. Consider: What are your functional goals for this SSO implementation? How can you position the organization to support future identity management changes as needs evolve?
- Identify key stakeholders and intended users. Who will be using the SSO solution? What tools or information will they need to be successful? Who are the key stakeholders (e.g., the SSO vendors, users, decision-makers, etc.)?
- Consider options based on scalability and future-proofing. One of the main reasons SSO solutions fail is because they were not designed and implemented with the future in mind. As you consider your vendor and configuration options, assess both your current and future plans, as well as potential scalability challenges such as changes in technology.
- Prioritize applications for integration. You’ll likely have to configure your SSO solution in phases. Decide early on which applications to prioritize for implementation first. Consider applications that may have higher security or compliance risks.
- Design your architecture. Will you run your SSO solution on-premise, in the cloud, or through a hybrid platform? Iterate and refine your approach as needed.
- Prepare for the implementation period. Enabling SSO will take time. Some applications will be fully offline during SSO configuration, which will interrupt access. Make sure you have the timeline mapped out so users can plan for the downtime.
Test and collect feedback. Once you’ve implemented your SSO solution, you’ll need to evaluate its performance. Are users adopting it and using it correctly? If not, why not? It may be helpful to beta test your SSO program with a small group before implementing it across the whole organization.
Single sign-on isn’t a silver security bullet. But it is one of the best tools enterprises have for limiting security threats, improving data compliance, and saving IT a lot of password headaches.
See how Lucidchart keeps your data private, safe, and secure—and how we help your organization do the same.