What is SSO – Single Sign On?

What is SSO?

What is Single Sign On?

SSO – Single Sign On is an authentication process that allows users to login once and access multiple applications seamlessly, without having to login to multiple applications. SSO Login typically works with one set of username and password. With SSO, users don’t have to login multiple times and they don’t need to remember multiple user names, and passwords.

Why is SSO important?

What is SSO?

Better User Experience

Users don’t have to remember dozens of passwords

Strong IT Security

Weak passwords in Applications are no more allowed

Multi Factor Authentication

Just password alone is not secure enough these days

Increased Productivity

Users don’t have to login multiple times

No Password Lockouts

Password reset calls to Helpdesk would be greatly reduced

SSO Portal

Users don’t have to remember Applications URLs anymore

Audit Compliance

IT Security Audits demand Single Sign On

Centralized User Management

Access to multiple applications is terminated instantly

Enforce Password Policies

Enforce user to change SSO password periodically

How does SSO work?

User gets redirected to SSO for authentication by user application. SSO collects and validates user credentials with identity store such as Microsoft Active Directory. After a successful authentication, SSO servers creates a session cookie (example: SMSESSION cookie for Siteminder SSO). Applications would read the SSO cookie, and other user tokens sent by SSO server. When the user accesses another application in the same browser session, user is still redirected to SSO in the background, but SSO would not challenge the user for user credentials again, because the current SSO session is still valid.

What’s the SSO Login flow?

  1. User enters Web Application1.
  2. Web Application1 is SSO enabled and redirects the user to SSO for authentication.
  3. User enters user credentials in SSO login form.
  4. User credentials are verified in identity store (LDAP Server) and SSO session is created in user browser.
  5. User is redirected back to the application home and continues to work in Web Application1.
  6. User try to access another application, Web Application2.
  7. Web Application2 is SSO enabled and redirects the user to SSO for authentication. However, SSO does not challenge the user for credentials again, because the previous SSO session is still on. Remember, its a single sign on.
  8. User is redirected back to the Web Application2 without having to login again. In the whole login process, no application passwords are involved. Its just one SSO password, which is typically Network/SSO ID.