What is Single Sign On?
SSO – Single Sign On is an authentication process that allows users to login once and access multiple applications seamlessly, without having to login to multiple applications. SSO Login typically works with one set of username and password. With SSO, users don’t have to login multiple times and they don’t need to remember multiple user names, and passwords.
Why is SSO important?
Better User Experience
Users don’t have to remember dozens of passwords
Strong IT Security
Weak passwords in Applications are no more allowed
Multi Factor Authentication
Just password alone is not secure enough these days
Users don’t have to login multiple times
No Password Lockouts
Password reset calls to Helpdesk would be greatly reduced
Users don’t have to remember Applications URLs anymore
IT Security Audits demand Single Sign On
Centralized User Management
Access to multiple applications is terminated instantly
Enforce Password Policies
Enforce user to change SSO password periodically
How does SSO work?
User gets redirected to SSO for authentication by user application. SSO collects and validates user credentials with identity store such as Microsoft Active Directory. After a successful authentication, SSO servers creates a session cookie (example: SMSESSION cookie for Siteminder SSO). Applications would read the SSO cookie, and other user tokens sent by SSO server. When the user accesses another application in the same browser session, user is still redirected to SSO in the background, but SSO would not challenge the user for user credentials again, because the current SSO session is still valid.
What’s the SSO Login flow?
- User enters Web Application1.
- Web Application1 is SSO enabled and redirects the user to SSO for authentication.
- User enters user credentials in SSO login form.
- User credentials are verified in identity store (LDAP Server) and SSO session is created in user browser.
- User is redirected back to the application home and continues to work in Web Application1.
- User try to access another application, Web Application2.
- Web Application2 is SSO enabled and redirects the user to SSO for authentication. However, SSO does not challenge the user for credentials again, because the previous SSO session is still on. Remember, its a single sign on.
- User is redirected back to the Web Application2 without having to login again. In the whole login process, no application passwords are involved. Its just one SSO password, which is typically Network/SSO ID.
Single Sign On Architecture
Web Applications are SSO registered with SSO servers for authentication. SSO Servers are configured to authenticate users against backend user identity stores – LDAP Servers such as Microsoft Active Directory. Users, Passwords, and Groups..etc are stored in identity store.
What is SSO Portal?
SSO Portal is a web application that allows user to login once and access other applications seamlessly, i.e. without having to login again. This improves user experience as she doesn’t have to login multiple times and she would not have to remember or bookmark the URLs for all other SSO Applications.
What are the available Enterprise Single Sign On Solutions?
What are the challenges of Single Sign On Implementation?
Here are the top 3 reasons why small and medium businesses can’t get Single Sign On implemented. Find out how SSOgen addresses these challenges.
Small and medium businesses may not afford software licensing, infrastructure, and implementation costs of traditional enterprise SSO solutions.
Cloud SSO SaaS Solutions may need synchronization of user details including password to cloud, which is a challenge for IT Security teams.
Traditional on-premise SSO solutions are complex. If not properly implemented, Enterprise SSO solution may become a single point of failure for many applications.