Pros and cons of the top single sign-on solutions

Single sign-on solutions are the answer to many of the issues keeping IT professionals up at night. They heighten security and lock down access to proprietary information. They (hopefully) limit the number of employees who come running to your department when they forget their passwords. Combined with SAML integrations, single sign-on solutions ease the pain of provisioning and deprovisioning hundreds of employees a year. 

If your organization is growing rapidly and/or you have remote employees, you’re likely looking for a robust single sign-on solution that allows ease of access to accounts outside of work while still preventing risk to the organization.

But knowing which SSO provider to go with can be a challenge, so we’ve done the work for you. Here are the pros and cons of some of the most popular SSO solutions on the market.

OneLogin

OneLogin is currently used by over 2,500 enterprise customers and has been named by Gartner as Customers’ Choice for Access Management. OneLogin reduces identity infrastructure costs and extends identity policy to the cloud. With this provider, there’s no need for manual de-provisioning, long onboarding or offboarding processes, long integration and provisioning processes, or shadow IT policing.

Pros

• Predefined connectors
• Easily integrates with directory solutions
• Interface that’s accessible to full range of users
• Optimized for multi-factor authentication
• Facilitates providing audit history for compliance
• Easily implemented
• Handles SAML
• Works well in mixed Windows/MacOSX environments
• Manages IP restricted access

Cons

• Difficult to customize the interface
• Cost can be prohibitive for larger organizations
• Speed of service depends on location
• End-user onboarding experience be frustrating

Azure

Azure is Microsoft’s suite of cloud services. Though not specifically developed as an SSO, Azure can perform SSO tasks along with virtual machine deployment, remote storage, and other services. As one can imagine, with a name like Microsoft behind it, Azure benefits from hefty resources. There’s also a chance that your organization is already using Azure for cloud services, and if that’s the case, then using its SSO would be a clear choice. That said, there are some drawbacks to the SSO tool. One of the largest issues is that since Microsoft is so big, it’s difficult to get the kind of support you might find with smaller companies.

Pros

• Supports integration with Workday
• Built to integrate across the Microsoft suite
• Integrates with existing Windows Server Active Directory
• Simple employee onboarding 
• Optimized for multi-factor authentication 
• Compatible with multiple platforms
• Includes a free trial period

Cons

• Designed for enterprises that adopt a cloud-first or cloud-only infrastructure
• Intended mainly for SMBs that don’t have an on-prem Active Directory built on a Windows server
• Needs to be enabled via Azure AD cloud services 
• Deploying Office 365 with AD FS, Azure AD Connect, and Microsoft Identity Manager can take about 18–24 months

Okta

Okta bills itself as the most complete access management platform. It was designed to help protect both workplace identities and customer identities. It’s used by companies like Adobe and Nasdaq and it was recently named by Gartner as a Leader in the Magic Quadrant for Access Management, rating highly in its ability to execute and its completeness of vision. 

Pros

• Great documentation
• User-friendly UX design
• Automates integration of active directory authorization and authentication
• Reduces onboarding time for new users
• Doesn’t require a smartphone
• Responsive support and development teams
• SAML and provisioning support 

Cons

• Difficulty interacting with LastPass and other major password managers
• There are some limitations with on-premise integration
• A bit difficult to add new users
• Cost can be prohibitive
• Can only authenticate one account per browser session
• Some learning curve to understanding Okta documentation
• Does not support enterprise profiles
• Upgrades and browser plugins have occasional issues
• Does not support enterprise wireless profiles

Ping Intelligent Identity Platform

Ping Intelligent Identity Platform differentiates itself by not trusting any user, regardless of whether or not they have credentials. They align themselves more with the TSA in that they screen everyone, regardless of how safe they look. The Zero Trust approach combats credential stuffing by relying on more than a single sign-on to verify users. Ping also defaults to giving the least amount of access possible to every user, which means that if a bad actor somehow gains access, they’ll only have access to limited information. 

Pros

• Robust multi-factor authentication that relies on geolocation, time of request monitoring, hard tokens, SMS messaging, and biometric data 
• Provides API, passwordless login, and social sign on
• Appropriate for large enterprises and SMBs
• Accessible UI 
• Integrates with VPN software
• Ease of configuration and use with LDAP and active directory for accessing applications and SSO

Cons

• No account management, user activity monitoring, access request management, role management, or compliance management
• Limited session management capabilities
• Phone app doesn’t allow for fingerprint logins
• Issues with synchronization in offline mode
• Cloud access broker portal option needs improvement
• Challenging initial install and setup 

RSA SecurID Access

RSA SecurID Access is another industry leader in the SSO space. It offers businesses a wide range of authentication options that work directly on users’ mobile phones and allow for each user to choose the method that works best for them. Options include push to approve, biometrics, SMS, hard tokens like fobs, and more. RSA facilitates the creation of categories of use within an organization. Administrators can configure authentication options based on user, application, context and risk levels. Its administrative functionality and ease of use makes it particularly popular with enterprise users. 

Pros

• Easily scalable for enterprise users
• Robust support for required authentication methods
• User-friendly self-service password administration
• Optimized for multi-factor authentication
• Interoperability across a wide range of apps and services
• Broad range of authentication options
• Consistent and reliable user experience across devices and locations
• Interoperable with other third-party SSO solutions

Cons

• Timed verification process can be inconvenient if you fail to enter information quickly enough
• Reported difficulties with learning curve required to properly deploy
• No log-in options if your organization opts to only use hard tokens and you don’t have your fob with you
• Cost can be prohibitive

 

These aren’t the only five SSO providers out there, but we hope this gives you an idea of variations in the largest single sign-on providers. Picking the right SSO provider will largely depend on your organization’s needs and requirements, so list out the most important requirements for your business before beginning your SSO provider research. 

Then, make a wishlist gathered from the people who will be using your SSO. Does your marketing team need an API? Make that a requirement. Would your customer service team prefer to have an SSO that relies on behavioral attributes for less friction? Add that, too. Make sure your SSO is easy to use, but that the ease of use doesn’t sacrifice security.

Also, you’ll definitely need to work within a specified budget, so this is your opportunity to wheel and deal. If you find a perfect SSO for your organization, but it’s out of your budget constraints, see what kind of magic the sales representative can work to bring the cost into budget. Make sure that if the SSO you selected doesn’t work for your organization in practice, you can easily end your contract and pivot to a different solution.