What is Single Sign On?
SSO – Single Sign On is an authentication process that allows users to login once and access multiple applications seamlessly, without having to login to multiple applications. SSO Login typically works with one set of username and password. With SSO, users don’t have to login multiple times and they don’t need to remember multiple user names, and passwords.
Why is SSO important?
Better User Experience
Users don’t have to remember dozens of passwords
Strong IT Security
Weak passwords in Applications are no more allowed
Multi Factor Authentication
Just password alone is not secure enough these days
Users don’t have to login multiple times
No Password Lockouts
Password reset calls to Helpdesk would be greatly reduced
Users don’t have to remember Applications URLs anymore
IT Security Audits demand Single Sign On
Centralized User Management
Access to multiple applications is terminated instantly
Enforce Password Policies
Enforce user to change SSO password periodically
How does SSO work?
User gets redirected to SSO for authentication by user application. SSO collects and validates user credentials with identity store such as Microsoft Active Directory. After a successful authentication, SSO servers creates a session cookie (example: SMSESSION cookie for Siteminder SSO). Applications would read the SSO cookie, and other user tokens sent by SSO server. When the user accesses another application in the same browser session, user is still redirected to SSO in the background, but SSO would not challenge the user for user credentials again, because the current SSO session is still valid.
What’s the SSO Login flow?
- User enters Web Application1.
- Web Application1 is SSO enabled and redirects the user to SSO for authentication.
- User enters user credentials in SSO login form.
- User credentials are verified in identity store (LDAP Server) and SSO session is created in user browser.
- User is redirected back to the application home and continues to work in Web Application1.
- User try to access another application, Web Application2.
- Web Application2 is SSO enabled and redirects the user to SSO for authentication. However, SSO does not challenge the user for credentials again, because the previous SSO session is still on. Remember, its a single sign on.
- User is redirected back to the Web Application2 without having to login again. In the whole login process, no application passwords are involved. Its just one SSO password, which is typically Network/SSO ID.