Secure and Easy Access: How does Single Sign On work?
by Eric Avigdor
As technology evolves, organizations evolve their access security to meet the increasing demands of cloud computing and pave their path towards a Zero-Trust culture. A shared responsibility model in the cloud provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls. Organizations are already opting for integrated, cloud-agnostic access security platforms which embed strong access management controls, such as verification and authentication of users for account access via Single Sign On (SSO) and multi-factor authentication (MFA).
Single Sign On (SSO) is a technology that provides the capability to authenticate once and then be automatically authenticated when accessing other platforms or applications. With SSO, a user only has to enter their login credentials once to access all of their SaaS applications. SSO is often used in a business context when user applications are assigned and managed by an internal IT team. Remote workers who use SaaS applications also benefit from using SSO.
Single Sign-On (SSO) authentication is now required more than ever. Nowadays, almost every website requires some form of authentication to access its features and content. With the number of websites and services rising, a centralized login system has become a necessity to reduce the logon burden users face.
How does Single Sign On work?
The concept of a centralized digital identity is known as federated identity. Federated identity management enables identity information to be developed and shared among several entities and across trust domains. Tools and standards permit identity attributes to be transferred from one trusted identifying and authenticating entity to another for authentication, authorization and other purposes, thus providing “single sign-on” convenience and efficiencies to identified individuals, identity providers and relying parties.
Federated identity systems govern access functions including authentication, authorization, user attributes exchange, and user management.?When identities are federated, access management services can share credentials among federated applications, saving users from having to re-enter them each time they log onto an application. Identity federation creates a trust relationship between different authenticating organizations defining how trusted parties can authenticate against stored credentials without exposing them.
领英推荐
Identity federation is accomplished through various protocols, such as Open Authorization (OAuth), Security Assertion Markup Language (SAML), and OpenID Connect.
Whenever a user signs in to an SSO service, the service creates an authentication token that remembers that the user is verified. An authentication token is a piece of digital information stored either in the user's browser or within the Identity Provider (IDP), like a temporary ID card issued to the user. When the user accesses an app, the app will check with the IDP which passes the user's authentication token to allow for the user to be authenticated. The ability to pass an authentication token to external apps and services is crucial in the SSO process. This is what enables identity verification to take place separately from other cloud services, making SSO possible.
Is SSO enough for a strong IAM?
The short answer is “no.”
Although SSO comes with many advantages – primarily reduced password fatigue, and a frictionless login experience – it should not be considered as a panacea. SSO is only one aspect of managing user access. It must be combined with access control, authentication, permission control, activity logs, and other measures for tracking and controlling user behavior within an organization's systems.
The notion of a static login for all user activities is not enough to address the evolving risk landscape where businesses operate. Employees and partners access corporate data and apps through a variety of networks and devices. Hence, it is important for the IAM system to cater for an adaptive, contextual and risk-based authentication to step up access security in the form of more stringent authentication when required.
However, SSO is a crucial element of access management. Securing and managing identities is central to an enterprise’s IAM strategy. Without a centralized, iterative process for identity management, organizations cannot build a sound cloud adoption strategy. Identity lifecycle management becomes inefficient, password resets lead to high help desk costs, and IT require multiple consoles to troubleshoot users. Plus, compliance risk increases as IT lack visibility into who is accessing what and when.
Cybersecurity Professional
3 年I developed a system of passwords with just enough similarity that I can remember the different formulas I use for corporate, financial, social and shopping. And I update them all at least every 90 days.
Director of Product | Strategic Leader | Product Marketing | Increase traction | Shorten the sales cycle
3 年When we are distracted, we can easily forget passwords. Think of how differently it would have gone in the Monty Python sketch about the Bridge of Death if each of the knights had an authenticator instead of answering 3 questions.
Passionate about Product Marketing I Positioning, messaging, content strategy, competitive analysis, feature prioritization and external communications for global cyber security solutions
3 年At the end of the day its all about making sure you are who you say you are - but without using passwords. Eric, it sounds simple but actually under the hood it takes an intelligent solution to be able to make smart access decisions without compromising security, or degrading your logon experience. I found the handbook to be very helpful in giving me the rundown. Thanks for recommending. #thalescloudsecurity