What is Single Sign-On and how does it work?

Single Sign On (SSO) is an authentication system that allows users to access multiple softwares using a single username and password. This is commonly achieved through an SSO login, where a user will provide their credentials. This SSO login will then store this authentication token and pass it to the relevant software that the user wishes to access.

Most people will have come across an SSO portal (and even used SSO login) without ever realizing they’ve done so, as services such as Facebook and Microsoft employ them across their suite. Users benefit from single sign on as it allows them to keep the number of usernames and passwords they need to remember down, which increases personal security.

SSO is a software asset management tool businesses can benefit from utilizing in a similar way, by tying all of their business software needs to a single login portal. This saves time for their employees by allowing them access to their key work tools in a single place, whilst also minimizing administrative  burdens  associated with onboarding and offboarding staff. It also acts as a catalyst for the software industry trend towards a Software as a Service (SaaS), both as a business model and  suppliers and as a way to meet software needs. 

How does SSO work:

Single Sign On is a complicated framework that requires trust between software providers. The basic steps that are used are as follows:

1) a user attempts to log on to a service

2) the service checks to see if the user has logged in to any other service under the SSO system

3) if they have, the user is granted access to the service. If they haven’t, the user is passed to the SSO system to log in

4) after log in, the service passes on authentication information with the user as they try to access other services under the SSO system

An SSO portal eliminates the requirement for an SSO service in the above outline by authenticating the user upfront and using these credentials when accessing the services underneath.

Risks of SSO

Whilst SSO authentication can have many benefits, it is also important to note some risks it may pose. In normal login systems, should a user’s credentials be stolen, an attacker would only have access to the singular system they gained the credentials of (assuming the user was following sensible security protocols and had unique logins for each service). Under an SSO system,(with an SSO ID) the same attacker would gain access to every piece of software under the SSO portal that the user subscribed to. This can however be mitigated by measures such as enforcement of 2 factor authentication (2FA) for all users. Furthermore, this downside is largely negated by the fact that most people use a password manager provided by their email service, and hence are equally risking all their account information if their email is compromised.

2FA is becoming increasingly common as a general security measure, being implemented and strongly encouraged by leading internet companies such as Amazon and Google for general login security. Many users will have experienced this in the form of a code sent via text to confirm a log in. Some companies such as banks utilise special pieces of hardware such as card readers or tokens that will generate a code every 30 seconds. This means that users will be familiar with these systems and be very comfortable using them alongside single sign on services. This greatly increases the security of SSO portals, mitigating the downsides substantially.

Another key benefit of SSO portals is scalability. An organisation that does not utilise SSO will require a dedicated role to manually manage access for employees to the services they need, for instance when off-boarding employees as they leave the company. With SSO, an organisation is able to manage access to multiple services via a single path, freeing up crucial capacity for an IT team to undertake other tasks. It also streamlines the process if an organisation buys a new software service. Without SSO, the organisation would need to ensure that each user of the new software had credentials and could access it. With SSO, the software can simply be assigned to users in their workspace (or assigned to groups of users if the portal is advanced enough), again freeing up IT capacity.

Working from Home, the New Norm

It is also important to recognise the rapid change the working world has undergone in the wake of the COVID-19 pandemic. Many workplaces have had to rapidly adapt to remote working environments as offices and workplaces shut down under quarantine conditions. Shifting to using SaaS models and remote working introduces a prime environment to take advantage of all of the key benefits of an SSO portal by allowing work systems to be more flexible around the changing demands of both employers and employees. It has seen businesses from various sectors such as health, education and private enterprise embrace SaaS, and embracing SSO is the next step in making processes much easier moving forwards. 

Software Management and SSO

Let’s look at the business benefits of adopting an SSO system. The most common ticket item for any businesses IT team is users, having forgotten their passwords, needing their account to be reset. This can happen at many points through a users day: credentials for their desktop and email plus any number of individual services they utilise through the day. Once multiplied across an organisation this creates a large burden on IT, even for small enterprises. This also has knock on downsides for security protocols as users, when constantly forced to change these passwords, are tempted to reuse them for all of their services. An SSO system, once implemented well, will allow users to only require one set of authentication credentials to access all of their services, which improves the security of an organisation’s systems as well as freeing up capacity in the IT team to focus on more important projects. This allows for an overall increase in productivity of the whole organisation by reducing friction for everyone involved in the process. Read more about the problems associated with software management here.

Advantages and Disadvantages

In summary, the advantages of SSO are

– reduction of IT burden for both users and businesses

– increases security by only requiring 1 set of authentication

– scalability of login solutions

Disadvantages of SSO are

– increases the impact of security breaches if they happen

– introduces a single point of failure for all of the software systems that are behind it