Single Sign On (SSO)
SSO is an enterprise solution that allows users to authenticate once (typically once per session) and get access to all enterprise resources connected to the SSO system. Typically to achieve this magic, multiple techniques are used behind the scenes, depending on what methods each resource supports
Single Sign On (SSO) is a solution that allows a user to authenticate once and gain access to all applications/resources supported by the SSO, without having to sign in separately to each application/resource.
There are many SSO solutions in the market. Active Directory (AD) is an example of a SSO because all domain resources joined to AD can be accessed without the need for additional authentication. SAP, Oracle, IBM and others offer SSO solutions for enterprise use. Okta, OneLogin and others specialize in single sign on for web applications.
To name a few of the many advantages provides an organization
Access logs – an SSO portal provides detail reporting on who accessed what
Session time – by eliminating credential reauthentication users spend less time on the authentication process leading to improved productivity.
Centralized database – one database that includes logs for authentication and authorization to support compliance and administration.
Less credentials means less chance of phishing – phishing emails and social engineering are nearly impossible
Reduce help desk costs – reducing the amount of credentials (passwords) translates to less help desk calls which are estimated at 20 – 50% of all help desk calls.
The main disadvantage of SSO is in its use of one set of credentials, if those credentials are not protected correctly and are stolen the thief has access to your entire kingdom.
Companies should always use a 2nd factor to login to SSO (at the very less), companies who take security seriously will use multi factor authentication (MFA).
The second less talked about disadvantage to SSO is the fact that while it provides single sign on it does not provide single sign off, the logoff process varies from application to application and depends on the settings of the application, user sessions usually stay active long after the user has completed his/hers use which can easily lead to session hijacking.