Identity and Access Management: Single Sign-On Integration

Even people with relatively non-technical work and personal lives deal with single sign-on at some level. In fact when online, most people will have to deal with single sign-on at some point to access a more secure part of the net. Have you noticed how every website and its brother lets you sign in with Facebook? People have mixed feelings about this, with some extolling the convenience and others dismayed when no other sign-in options are available, making Facebook the de facto keeper of a tremendous amount of access power.

Single Sign-on convenient, efficient, and makes it less likely that people will write down passwords.

Knowing your big sister’s Facebook login opens up a whole universe of entertaining options!

In a professional setting, single sign-on (SSO) is similar: you have multiple connected, yet independent software systems, and SSO lets you log in one time to gain access to all of them. It’s convenient, efficient, and makes it less likely that people will write down passwords. But there’s no SSO solution that works for every organization. It needs to be risk-appropriate for the environment.

Benefits of SSO

Single sign-on solutions share centralized authentication servers that the other apps and systems use for authentication. The benefits of a good SSO strategy are obvious. Less time is spent reentering passwords for the same identity. There are fewer IT service desk calls concerning passwords. Overall, password fatigue is diminished. When passwords have to be changed monthly, can’t contain dictionary words, and require a special character, capital letter, lower case letter, number, and two emojis, people are going to write them down on sticky notes, which aren’t known for being very secure.

Drawbacks of SSO

But SSO isn’t perfect. Once a user is initially authenticated, he or she gains access to lots of resources at once. Learning someone’s SSO credentials is like getting the Master Key in Dark Souls. Implementing SSO requires increased focus on credential protection, and depending on the level of risk should be combined with authentication methods like one-time password tokens and smart cards.

Another drawback is that genuine loss of SSO credentials by a key employee can result in denial of access to every system unified under the SSO system. So if system access has to be guaranteed at all times, SSO may not be workable.

If you’re in charge of, say, the Hand of Omega or Skynet and your smart card accidentally goes through the wash, you might have a problem.

Throw in mobile devices, and challenges multiply. Applications that are web-architected may be able to use existing SSO tools, since smartphones and tablets have web browsers. But native mobile resident apps can create gaps in SSO support, and currently the solutions offered to this problem are either proprietary, immature, or otherwise inadequate. Oy gevalt!

How SSO Helps Your IT Service Desk

IT service desk workers spend a lot of time resetting passwords. Features like self-service portals can help by walking end-users through the password reset process, but this isn’t a perfect solution, particularly when passwords give access to critical data and social engineering hacks are a possibility. SSO can help. Suppose your organization runs a dozen services and they’re used by the majority of end-users. If end-users have different passwords to each service, and a self-service portal isn’t appropriate, password reset requests can throw a wrench into IT ticket management initiatives. With SSO, users only need to recover a single account.

SSO-Service Desk Integration Best Practices

If SSO is on the horizon for your organization, you need to evaluate which applications are likely to be retired, and which apps you’re using today that you plan to keep around for the long haul. When apps are retired, SSO integration should be a factor for consideration with their replacements. Check if the apps you plan to continue using long term already offer SSO integration. If they don’t, ask the vendors if there are plans to provide such integration in the future. If not, you may need to rethink replacing them.

Increasingly, app designs are moving toward the cloud and web architectures. As more organizations start using SSO, it’s increasingly likely that in the future, tool and service selection will be at least partly based on ability to integrate SSO.