Single sign-on, or SSO, is one of the best solutions for managing account access and mitigating the problems caused by the growing number of apps and logins.

Single Sign On

When applied at an enterprise level, Single Sign On has a meaningful impact on businesses as following:

UserConvenienceUsers no longer have to struggle with multiple passwords and remembering which one is for which account
ProductivityIf available apps are easier to access, they will used more effectively.
SecurityReducing RiskHaving only one access point minimizes the likelihood of employees using simple or easy-to-crack passwords
ComplianceTerns of service agreements are initiated and stored to comply with IT audits
ITReduce Help Desk Costs30% of help desk requests are password resets, a single login reduces the number of authentication problems
User Management Terms of ServiceTech staff can easily create, delete, or edit accounts across multiple systems

Risk in SSO

If SSO password is cracked, then malicious players also get access to multiple accounts. This is why SSO implementation is paired with

  • Identity management and access control
  • Multi-factor authentication

Additional features which can make more values

  • Mandate SSO Usage - Funneling all logins through a single portal provides a way for access to be effectively monitored and license usage to be audited.
  • License Analytics - Accuractely reporting app usage results in smart spending decisions and an average of 30% savings on SaaS costs
  • Customizable User Experience - Users can hide, remove, edit, and organize their SSO applications. Setup automatic launch of applications after sign-in
  • Integrated Identity and Access Management

Associated technologies

  • OAuthOAuth is simply a secure authorization protocol that deals with the authorization of third party application to access the user data without exposing their password. eg. (Login with fb, gPlus, twitter in many websites..) all work under this protocol.
  • SAML (Security Assertion Markup Language)SAML(Security Assertion Markup Language) allows security credentials to be shared by multiple computers across a network.  It describes a framework that allows one computer to perform some security functions on behalf of one or more other computers (Authentication, Authorization)

AWS Cognito

  • Amazon Cognito User Pools is a standards-based Identity Provider and supports Identity and Access Management standards, such as Oauth 2.0, SAML 2.0, and OpenID Connect.