Single sign-on is an identification system that permits websites to use trusted sites to verify users. This liberates businesses from the compulsion to keep passwords in their databases. It also cuts down on login troubleshooting. Moreover, it decreases the damage of a potential hack.
SSO systems work like ID cards. If you get pulled over for speeding, the police officer does not have to know you personally. She can just look at your license. It also shows that an authority vouches for your identity.
With SSO, too, the website does not make you prove your identity by checking within itself. It actually asks Google or LinkedIn or Microsoft if they can verify your identity. The site takes their word for it.
To tell the truth, SSO is in practice a mix of SSO and delegation/federation. There are several platforms involved. But this discussion is rather basic.
SSO implementation comprehension requires background. Usually, when one logs into a system, the provider of site/service authenticates you on its own.
- One hits an intermittent page as a user that checks to confirm if you are already logged in.
- If you are not logged in, a login screen appears;
- You fill in the form and password. The website checks credentials against the database, then confirm/rejects;
- Once logged in, the website issues a tracker.
As one moves around the site, the tracker tries to keep your authentication up to date.
In a real SSO system, you will just move around the site with full access. Google, in a delegated system, returns both verifications of identity and set of authorized uses. They may access name and email, but cannot access age or location.
- Ease – users need only remember one set of login details. You ensure that sporadic users can remember how to log in by connecting your site to their logins at Google.
- Transparency – In other words, what is being shared from one system to another is known. If you are unhappy with options, you opt out;
- Speed – used do not have to go through lengthy sign-up and verification processes. New users can sign up as quickly as they log into Facebook. That’s because Facebook has already done all the email verification and data collection.
- Security – The password actually remains secure.
A True SSO System
There is a difference between a single sign-on and password vaulting. With password vaulting, you could have the same username and password. However, you have to enter it each time you move to a different website or application.
Also, once you are logged in via SSO solution, you may access al the company applications and websites without having to log in again. This includes on-prem and cloud applications often available through an SSO portal.
Federation SSO Features
SSO solutions using federation enable true sign-on. This is done by utilizing the organization’s identity provider. Instances are Microsoft Active Directory or Azure Active Directory. The identity provider acts as the authentication server. Also, it stores the user’s identity and information, for example, password, username, domains the user accesses.
For an SSO to be true
- SSO solution is built into the identity provider;
- SSO solution utilizes one or more identity providers to authenticate the user.
SSOs build trust. A trust relationship happens when one domain trusts another’s information as regards user identities, devices, and access privileges.
Above all, IT people are in a constant battle to find the perfect balance between productivity and security. Maybe the time is coming when assessing security threats to SSOs will be necessary. We must not be complacent.