What is SSO – Single Sign On?

What is SSO?

What is Single Sign On?

SSO – Single Sign On is an authentication process that allows users to login once and access multiple applications seamlessly, without having to login to multiple applications. SSO Login typically works with one set of username and password. With SSO, users don’t have to login multiple times and they don’t need to remember multiple user names, and passwords.

Why is SSO important?

What is SSO?

Better User Experience

Users don’t have to remember dozens of passwords

Strong IT Security

Weak passwords in Applications are no more allowed

Multi Factor Authentication

Just password alone is not secure enough these days

Increased Productivity

Users don’t have to login multiple times

No Password Lockouts

Password reset calls to Helpdesk would be greatly reduced

SSO Portal

Users don’t have to remember Applications URLs anymore

Audit Compliance

IT Security Audits demand Single Sign On

Centralized User Management

Access to multiple applications is terminated instantly

Enforce Password Policies

Enforce user to change SSO password periodically

How does SSO work?

User gets redirected to SSO for authentication by user application. SSO collects and validates user credentials with identity store such as Microsoft Active Directory. After a successful authentication, SSO servers creates a session cookie (example: SMSESSION cookie for Siteminder SSO). Applications would read the SSO cookie, and other user tokens sent by SSO server. When the user accesses another application in the same browser session, user is still redirected to SSO in the background, but SSO would not challenge the user for user credentials again, because the current SSO session is still valid.

What’s the SSO Login flow?

  1. User enters Web Application1.
  2. Web Application1 is SSO enabled and redirects the user to SSO for authentication.
  3. User enters user credentials in SSO login form.
  4. User credentials are verified in identity store (LDAP Server) and SSO session is created in user browser.
  5. User is redirected back to the application home and continues to work in Web Application1.
  6. User try to access another application, Web Application2.
  7. Web Application2 is SSO enabled and redirects the user to SSO for authentication. However, SSO does not challenge the user for credentials again, because the previous SSO session is still on. Remember, its a single sign on.
  8. User is redirected back to the Web Application2 without having to login again. In the whole login process, no application passwords are involved. Its just one SSO password, which is typically Network/SSO ID.
How does SSO work?

Single Sign On Architecture

Web Applications are SSO registered with SSO servers for authentication. SSO Servers are configured to authenticate users against backend user identity stores – LDAP Servers such as Microsoft Active Directory. Users, Passwords, and Groups..etc are stored in identity store.

Single Sign On Architecture

What is SSO Portal?

SSO Portal is a web application that allows user to login once and access other applications seamlessly, i.e. without having to login again. This improves user experience as she doesn’t have to login multiple times and she would not have to remember or bookmark the URLs for all other SSO Applications.

What is SSO Portal?

What are the available Enterprise Single Sign On Solutions?

What are the challenges of Single Sign On Implementation?

Here are the top 3 reasons why small and medium businesses can’t get Single Sign On implemented. Find out how SSOgen addresses these challenges.

Costs

Small and medium businesses may not afford software licensing, infrastructure, and implementation costs of traditional enterprise SSO solutions.

Security

Cloud SSO SaaS Solutions may need synchronization of user details including password to cloud, which is a challenge for IT Security teams.

Too Complex

Traditional on-premise SSO solutions are complex. If not properly implemented, Enterprise SSO solution may become a single point of failure for many applications.

Questions? Leave a Comment Below!

2 Comments

  1. Isn’t Active Directory – AD Authentication same as SSO?

    Reply
    • Single Sign On allows user to login once with AD credentials (one set of user credentials: user name and password) and access other applications, without having to sign in. It’s a single login (Single Sign On).

      Active Directory/LDAP Authentication is merely validating the password with Active Directory database, instead of application’s internal database for users and passwords. This is not a single sign on mechanism.

      Reply

Leave a Reply to SSOGEN Support Cancel reply

Your email address will not be published. Required fields are marked *

We appreciate your feedback. Click to rate this product/article.
[Total: 9 Average: 4.8]