Single Sign On (SSO)

What is Single Sign-on

Data Governance Definition

Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Most of the applications have their own mechanism for authentication which uses different user-id’s and password. Single Sign-On internally translates and stores credentials of each application the user has access to.

What are the Benefits of SSO

Why are organizations adopting SSO? And more importantly, why would you want to implement it in your business? Here are four reasons:

• Reduces Help Desk costs: SSO saves users from having to memorize a long list of passwords. How does that make you save on costs? Well according to Gartner, up to 50% of all Help Desk calls are just requests for password resets.
• User Experience: SSO is designed to enhance the end user experience during log-ins by making the process quick and simple. A user-friendly login process can be very important because the login screen is where the first interaction between users and the inner halls of your website will be taking place. If those users are customers, you would want their experience to be great right from the start.
• Security: The user’s credentials are provided directly to the central SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service. The central authentication point – the SSO service – limits the possibility of phishing.
• Resource savings: IT administrators can save their time and resources by utilizing the central web access management service. Application and web developers receive a complete authentication and authorization framework that they can use to build secure, user customized services

Single Sign-on Solutions

There are many solutions available in the market for achieving Single Sign On based on the needs of an organization.

• Web-SSO: To access any web based applications in an enterprise Web SSO solution could be used.
• Federated SSO: When the requirement is to access applications across different trusted domains one could go with Federated SSO solution.
• Enterprise SSO: Few SSO solutions provides SSO feature for thick clients as well as thin clients (web browser).

Single Sign-on Implementations

There are multiple vendors that cater SSO services, both web SSO and Federated SSO to the IT industry across the world. While the essential, elemental idea across this array of vendors is pretty much the same, there are slight, mentionable differences.

• Password Replay (FORM Fill): SSO solution stores usernames and passwords outside of IT control and replays them to the applications over the Internet. This approach is a quick fix, relieving user password burden and IT password resets.
• Security Assertion Markup Language (SAML): SAML-based Single Sign-On (SSO) service provides full control over the authorization and authentication of hosted user accounts that can access web-based applications like Salesforce, GoogleApps, etc.
• WS-Trust: Provides security tokens as defined by WS-Security specification over web service to authenticate a user for SSO.
• WS-Federation: Provides security token across a set of domains that have established trust relationships for securely sharing data. The access to an application is provided based on the claim data that is provided by the user.