How Single Sign-On Works
One of the most popular security methods that is being used in an increasing number of websites and networks is what is called single sign-on (SSO). But how does it work and is it really secure in controlling access to these systems?
The Technology Behind Single Sign-On
Single sign-on is an authentication method that allows users to securely authenticate with multiple applications and websites by using just one set of credentials. This is based on a trust relationship that is established between the application, website, or system to be accessed (also known as a service provider) and the application or system that holds the user’s identity (AKA the identity provider) in which the service provider accepts the “information” provided by the identity provider out of the service provider’s trust in the verification conducted by the identity provider to confirm the user’s credentials, thereby allowing access to the user.
This “information” given by the identity provider to the service provider is what is called a certificate and it contains tokens which contain identifying bits of information about the user like a user’s email address or a username. The tokens must be digitally signed for the receiver to verify that the token is coming from a trusted source. Once verified, the certificate is then exchanged during the initial configuration process.
SSO vs. Password Vaulting
Given the description above, there are some who think that single sign-on is similar to the sign-in activity being done password manager apps, otherwise known as password vaulting. Adding to the confusion is the fact that password vaulting is also known as same sign-on or SSO as well.
In reality, password vaulting is not the same as single sign-on. With password vaulting, you may have the same username and password, but they need to be entered each time you move to a different application or website. Password vaulting only stores your credentials for all the different applications and either fills them up automatically or you can quicky copy and paste the credentials on the login screen. There is no trust relationship set up between the applications and the password vaulting system.
With single sign-on, once you are logged in to the service provider, you can access all company-approved applications and websites without having to log in again since there is already that trust relationship established between your SSO provider and the application.
Advantages and Disadvantages of Single Sign-On
The primary advantage of SSO is that it can simplify and streamline username and password management for both users and administrators. For users, they no longer have to keep track of different sets of credentials and be mindful of just one login. This allows for users to access apps and websites much quicker and easier.
For administrators, SSO can cut the amount of time spent on assisting users with lost passwords. It’s also easier for administrators to roll out or take back login privileges when needed requirements, as well as control password complexity and multi-factor authentication (MFA).
Despite the advantages that it offers, SSO has its disadvantages as well. For one, It does not address certain levels of security that a particular application sign-on might require. On the part of the user, in the event they lose their access to the identity provider, they lose access to all apps and sites that are tied into to their identity provider. This becomes more worrisome if an unauthorized person gains access to the user’s SSO credentials, thus being able to possibly hack into all areas the user has access to through their SSO access. Thus, it is still important for users to be mindful of protecting their login credentials.