What is Single Sign On (SSO) and how does it work?
SSO is a user authentication service that has simplified the way we log into multiple applications. Using SSO, a user only needs one set of login credentials (such as a name and password) to access multiple applications. Top SSO providers include Okta, Microsoft, and OneLogin.
SSO uses a framework that enables an end user's account information to be used by third-party services without exposing the user's password. When a user attempts to access an application from the third party, the third-party will send a request to the identity provider for authentication. The third party provider will then verify the authentication and log the user in.
The Pros of SSO
-
Seamless login
The obvious pro of SSO is that it is a seamlessly quick way to login to multiple accounts at one time while eliminating the need to remember various passwords
-
More administrative control
Once an SSO strategy is implemented, it is quick and easy to shut off access to the numerous accounts your company uses. This is especially helpful if your company experiences high employee turnover
-
Enhanced security for older apps
SSO will provide 2 factor security for apps that do not natively support 2 factor authentication, like older or internally developed apps
The Cons of SSO
-
Once is all it takes
The biggest strength of SSO is also its biggest weakness - should the SSO be breached, all related accounts will also be breached as having an SSO effectively means you have the same password for every system. Also, as the recent Okta breach shows, SSO providers are high priority targets for many hackers
-
No room for failure
Similarly, should the SSO go down, access to any linked system goes down with it. This will deny access to all connected services and will cause much more impact than if just a single system went down
-
The cost
Using SSO will not come cheap – besides the implementation and SSO provider cost, most apps require you to be on their Enterprise level plans to be able to use SSO. These plans are typically several times more expensive than their standard plans. If you are a larger company upgrading all accounts, this can become expensive quickly
To sum it all up…
SSO is useful for organizations with high employee turnover that use a wide range of different applications, especially home-developed apps, but we don't recommend it for our VC/ PE clients with low employee turnover, fewer applications, and high security requirements.
Last month we wrote a blog on password managers, which are a great alternative to SSO as they provide better security, fewer downsides (and much lower cost). If you are in the market for better security, password managers might be your best bet as long as you have 2 factor enabled for all accounts and don’t store the 2nd factor in your password manager.
If your company is currently using SSO keep stressing to all your team that they need to be incredibly careful with SSO authentication prompts, make sure they know exactly what is prompting them and why, since the “compromise once - breach many times” nature of SSO makes your users the weakest link.
Not sure if SSO or password managers are right for your organization? We can help! Please feel free to give us a call at 888-353-1763 or send us an email at info (at) hybridge.com and we will be happy to discuss your specific situation.
Share this blog: