Before finding out how it can benefit your business, lets take a look at what Single Sign-On (SSO) is. SSO is a service that allows a user to access multiple applications using the same login credentials – for example, a name and password. Smaller businesses, organisations and individuals can use SSO to manage their usernames and passwords easier.
A more standard SSO that is connected to your browser requires an application server agent module to retrieve specific authentication credentials from a dedicated SSO policy server and authenticate users against a user repository, such as LDAP (Lightweight Directory Access Protocol) directory. In the same session, the service authenticates the user for all applications the user already has access to and slims down the number of passwords and usernames that need to be remembered for different individuals applications.
How Single Sign-On works
Known as OAuth, Open Authorization is the framework for enabling third-party services, such as Facebook, to access a user’s account information without exposing their password.
By providing the service with an access token, OAuth acts as an intermediary between the end user and the service. Whenever a user attempts to access an application from the service provider, the service provider will use the identity provider to confirm the user’s identity before granting access.
The Different Types of SSO Configurations
Protocols used by some SSO services include Kerberos and Security Assertion Markup Language (SAML).
SAML is an extensible markup language (XML) standard for exchanging authentication and authorization data between secure domains. In SAML-based SSO services, a user, an identity provider and a service provider all communicate.
When Kerberos is used, a ticket-granting ticket (TGT) is issued after the user credentials have been provided. TGT retrieves service tickets for other applications the user wishes to access without requiring the user to re-enter their credentials.
An end user who uses smart card based SSO must use the card holding their username and password to log in the first time. Once the card has been used the first time the usernames and passwords will be able to be automatically entered. Depending on the SSO solution the usernames and passwords will be stored on smart cards.
The Security Risks of SSO
Single Sign-On may be really useful for helping to remember all of the usernames and passwords however, an obvious side effect of this is that if they manage to breach your SSO service then they have access to all of your usernames and passwords. A lot of SSOs combat this by having systems in place like 2FA (Two Factor Authentication) or sometimes MFA (Multi Factor Authentication).
Users can use SSO services offered by Google, LinkedIn, Twitter and Facebook to login to a third party application with the credentials they use for social media authentication. Unfortunately, Social SSOs have the same security risks as the rest of them. That being that if they gain access to your SSO then they now have all of the usernames and passwords.
With enterprise single sign-on (eSSO), users can log on to target applications by replaying their credentials using client and server components. Typically, eSSO credentials are usernames and passwords; target applications do not need to be modified.
Ensuring you get the most from the tools you have
Here at Office Automation Technologies Inc we will take the time to get to know the intricacies of the way your business works so we can best improve upon or support all of your IT and IT needs. If you are interested in setting up any new technologies or just want help with the ones you already have contact us today!