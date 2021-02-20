Single sign-on (SSO) is a user authentication tool that enables users to securely access multiple applications and services using just one set of credentials. Whether your workday relies on Slack, Asana, Google Workspace, or Zoom, SSO provides you with a pop-up widget or login page with just one password that gives you access to every integrated app. Instead of twelve passwords in a day, SSO securely ensures you only need one.

Single sign-on puts an end to the days of remembering and entering multiple passwords, and it eliminates the frustration of having to reset forgotten passwords. Users can also access a range of platforms and apps without having to log in each time.

SSO is built on the concept of federated identity, which is the sharing of identity attributes across trusted but autonomous systems. When a user is trusted by one system, they are automatically granted access to all others that have established a trusted relationship with it. This provides the basis for modern SSO solutions, which are enabled through protocols like OpenID Connect and SAML 2.0.

When a user signs in to a service with their SSO login, an authentication token is created and stored either in their browser or in the SSO solution's servers. Any app or website the user subsequently accesses will check with the SSO service, which then sends the user's token to confirm their identity and provide them with access.

There are a variety of protocols and standards to be aware of when identifying and working with SSO. These include:

Security Access Markup Language ( SAML): SAML is an open standard that encodes text into machine language and enables the exchange of identification information. It has become one of the core standards for SSO and is used to help application providers ensure their authentication requests are appropriate. SAML 2.0 is specifically optimized for use in web applications, which enables information to be transmitted through a web browser

SSO technology has its roots in the on-premises identity tools that helped organizations securely connect their computers, networks, and servers together in the mid-to-late 1990s. At this time, organizations began to manage their user identities through dedicated systems like Microsoft's Active Directory (AD) and Lightweight Directory Access Protocol (LDAP), then secured access through on-premises SSO or Web Access Management (WAM) tools.

And as IT has continued to evolve by moving to the cloud, dispersing across multiple devices, and facing more sophisticated cyber threats, these traditional identity management tools are struggling to keep pace. IT teams now need a solution that provides users with quick, secure single sign-on access to any application or service.

There are plenty of misconceptions surrounding SSO, but these are continually dispelled by modern solutions. Common SSO myths include:

SSO actually helps IT teams be more effective by increasing automation, providing enhanced security and visibility, and enabling better workflows. It directly addresses IT teams' core mission of smoothly, securely, and quickly connecting employees to the tools they need to get their job done. SSO also allows for faster scaling, better insight into application access, and reduced helpdesk tickets and IT costs.

Legacy tools may have been complex in their day, but modern SSO is quick and simple to deploy. Today's SSO tools have pre-built connectors to thousands of popular apps, which saves IT teams from having to manually build integrations. Organizations can also connect users and import from existing directories without having to configure, install, or support their hardware or make changes to their firewall. SSO is easy to deploy, centralizes the onboarding of new users and apps, is highly available, and minimizes costs, ensuring simple yet secure access.

It can be tempting to think that by requiring only one password, SSO leaves an appealing attack vector open to cyber threats. But the reality is that a single point of failure already exists, and it's the user. When forced to juggle different credentials, users often resort to recycling passwords and bad password hygiene, creating a security risk for companies. By eliminating the need for multiple sets of credentials, SSO allows IT teams to set password policies that standardize regular security protocols, while monitoring application, user, device, location, and network context for each access request.

SSO and password managers enable users to access multiple apps with one login, but that's where the similarities end. Password managers are vaults that store and remember users' credentials for various apps or websites protected by one primary password. However, they focus on protecting passwords, which account for over 80% of all security breaches and offer hackers a potential entry point into an organization or identity. SSO solutions, on the other hand, manage access through trust and leverage existing relationships to create a single domain where authentication takes place.