Single Sign-On: Seamless With Friction

Cybersecurity
Written By Roger Olivares

Its not clickbait.

While we fully support Single Sign-On (SSO), there are nuanced aspects of the technology that often go unnoticed during implementation. Having encountered various SSO implementations over the years, we believe it's valuable to shed light on some of these experiences for the benefit of our audience.

One account for all your services.

Single Sign-On (SSO) stands as a revolutionary solution in the digital landscape, offering numerous benefits for your organization.

  • Convenience provided by utilizing a single set of credentials for majority if not all your supported applications and platforms reduces the chances of users experiencing password fatigue and helps fosters the use of complex passwords.

  • Onboarding and offboarding users becomes simpler when user management is performed from a central point of management.

    Password management is one of the most common IT requests in any organization and limiting the use of multiple passwords decreases the active work load on technology teams.

  • SSO solutions provide granular logging and auditing to ensure organizations can actively keep track of user activity and access.

    Access management goes hand in hand with SSO, providing organizations assurance of proper access to platforms when approved and removal of access when longer required.

What exactly is Single Sign-On (SSO)?

We wont get technical here but think of your organization like a house. Every time you integrate a platform into your organization it adds another room with a set of keys to your house. Without Single Sign-On (SSO), you would be holding a keyring with multiple keys and that can pose challenges. With Single Sign-On (SSO), your house now comes with a special lock on the front door and a specific key for it that each user in your organization has. That key will now open the front door and allows you to open each room in the home as the locks on those doors now check in with the main lock to determine if access can be granted.

How does your organization come into the picture?

As solution providers continue to migrate to the cloud, their business models will continue to shift to a popular method of delivery called SaaS(Software as a Service). Organizations can benefit greatly from this transition.

  • Cost Savings - Instead of purchasing the software outright at full cost per user required, you pay a monthly fee that covers licensing and support.

  • License Management - Many SaaS providers allow for team management, ensuring only approved users are utilizing the software and helps keep track of costs.

  • Integrations - Whether you need to perform data analysis, data injection, access auditing, or seamless authentication, a solution in the cloud helps you streamline and connect your organization’s platforms to create an internal platform of tools.

However now your organization needs to make multiple accounts to handle access to the newly migrated platform in the cloud. This can add overhead in many aspects which leads organizations to seeking a Identity Provider platform.

It may sound like a miracle solution, but some things should be taken into account when deciding how the organization wants to build out their platform.

Seamless but with a catch…..

While Single Sign-On (SSO) has shifted to an industry standard, not all platforms implement the solution in the same capacity.

  • In today's digital world, platforms often offer various service tiers or subscription levels. Typically, the basic tier of a platform does not include Single Sign-On (SSO) functionality. To access SSO features, organizations may need to subscribe to a premium tier, which, despite its higher cost, may only provide basic functionality. This can result in increased expenses for your organization.

  • Not all platforms willingly integrate with other platforms. On the road to full integration, organizations will need to assess what platforms actively support their identity provider and determine if the organization is willing to take on the risk of having a platform that exists outside of the organizations identity mana’s identity management solution.

  • Not all Single Sign-On (SSO) is equal. Platforms can integrate the solution in varying capacity.

    Incomplete Account Setup:

    Issue: Some platforms simplify Single Sign-On (SSO) confirmation but still require manual account provisioning by the organization.

    Impact: Access is seamless if the account exists in the identity provider.

    Subscription Lingers Post-Access Termination:

    Issue: The platform creates an account upon initial login via the identity provider but fails to automatically remove the subscription when the user no longer needs access.

    Impact: While access is revoked, organizations may incur unnecessary costs for unused licenses.

    Advanced Configuration Needed for Automation:

    Issue: While the platform supports SSO, automated provisioning and deprovisioning require advanced configuration via API.

    Impact: Organizations need to invest additional effort to set up automated procedures for managing user access efficiently.

Don’t let this discourage you.

We advocate for the implementation of Single Sign-On (SSO) as it contributes to improved cyber hygiene for organizations. This article aims to offer valuable insights into the potential challenges of adopting SSO within your organization. Additionally, it provides key considerations for identifying platforms that seamlessly integrate with your existing infrastructure.

Interested in learning more about Single Sign-On (SSO) or need help implementing?

Roger Olivares
Previous

Social Hour at Structure Brewing
Next

123456: The Password Predicament