How Single Sign-on Works
SSO (single sign-on) is an authentication mechanism that allows users to login once using a single login account to access multiple applications or websites without re-entering the same login credentials. So for example, you login to your SSO application using your username and password, then all of your applications for work are available to access without logging into each of them one at a time (e.g. Microsoft Active Directory, Azure Active Directory, Google Enterprise, email, banking, social media accounts, etc.). An SSO application for an enterprise organization can have hundreds of password-protected applications accessible. SSO is essentially “one login to rule them all”.
Benefits of single sign-on technology.
SSO allows faster access to many accounts while reducing the need to continuously retype usernames and passwords. Good security means lots of disciplined locking the computer and signing out of accounts. Then manually typing a long password that can be easily mistyped (and forgotten) many times a day just to access what users need to do their work.
- Faster login for users. No need to keep retyping passwords repeatedly, save time by gaining access to all your password-protected accounts through a single login.
- Easier to enforce security for IT admins. Instead of letting hundreds of users each manage dozens of passwords, streamline access control into one, secure login.
- Faster user onboarding. Imagine having to communicate hundreds of passwords for hundreds of people. With SSO, there’s no need to send dozens of passwords to each user to manage. One login gives them all their logins.
- Reduce IT costs with fewer helpdesk tickets. The average helpdesk ticket costs $75 each. Rather than suffer more helpdesk tickets, reduce forgot password incidents that lead to more helpdesk calls. IT has more important things to focus on.
Risks of single sign-on technology.
SSO applications grant access to many vital accounts and need proportionate protection.
Potential downsides of SSO:
- Greater impact of credential theft/misuse. Since one login gives access to many, without restriction, if a malicious actor were to steal the SSO password, they gain access to everything. Then they may have unhindered access to all of the victim’s accounts available through the SSO application.
- The ‘all or nothing’ problem. Just as easy as one can access all, a user can easily find themselves without access to any of the programs or websites they need. Relying on a master password, if a user gets locked out of their SSO application, or the SSO application itself is down, the users are locked out of everything.
- Controlling least privilege permissions. SSO grants access, but may not necessarily be able to give dynamic control of access to certain programs/databases or provide any additional layered protection for each account.
- Not all applications are SSO-friendly. SSO may not be available for all applications depending on the circumstances. SSO needs to be built to work with each application on the back end. If this has not been done with a certain application, then SSO may not work for that application.
How GateKeeper works with single sign-on.
GateKeeper Enterprise secures end user access to websites desktop applications – acting as both the password manager and 2-factor authentication mechanism. GateKeeper can work with SSO providers to enhance the security and ease of access to user’s applications and websites. SSO applications require strong authentication to protect the multitude of accounts available for easy access. Using GateKeeper, IT admins can enforce strong 2FA on each user’s computer and SSO account while ensuring users can login to their SSO account using the GateKeeper Password Manager. End users will now have reduced multiple steps in the authentication and login process required to access their applications. Also, the computer automatically locks to protect SSO applications from unauthorized access. Check out how one medical center uses GateKeeper to access their accounts faster in this case study.