What is SSO?

Single Sign On, what is it?

In this article we are going to be looking into Single Sign on and what it can do for your business. Let’s first examine what Single Sign-On (SSO) is before learning how it might help your organisation. A user can access various applications utilising SSO by using the same login information, such as a username and password. SSO makes it simpler for individuals, smaller enterprises, and organisations to handle their usernames and passwords.

A more common SSO that is linked to your browser needs an application server agent module to retrieve certain authentication credentials from an exclusive SSO policy server and authenticate users against a user repository, like an LDAP (Lightweight Directory Access Protocol) directory. The service reduces the amount of passwords and usernames that must be memorised for various specific applications by authenticating the user for all applications to which they already have access in the same session.

How Single Sign-On works

The framework for allowing third-party services, like Facebook, to access a user’s account information without disclosing their password is called Open Authorization (or OAuth).

OAuth serves as a middleman between the end user and the service by giving it an access token. Every time a user tries to access one of the service provider’s applications, the service provider will check the user’s identification using the identity provider before allowing access.

The Different Types of SSO Configurations

Several SSO services utilise the protocols Kerberos and Security Assertion Markup Language (SAML).

SAML is a standard for transferring authentication and permission information between secure domains using extensible markup language (XML). A user, an identity provider, and a service provider all communicate with one another in SAML-based SSO services.

When Kerberos is utilised, a ticket-granting ticket (TGT) is generated following the submission of the user credentials. Without forcing the user to re-enter their credentials, TGT retrieves service tickets for each additional applications they wish to access.

While using smart card-based SSO, an end user must log in for the first time using the card that contains their username and password. Usernames and passwords can be automatically input when the card has been used for the first time. The usernames and passwords will be kept on smart cards depending on the SSO solution.

The Security Risks of SSO

Single Sign-On may be incredibly helpful for making it easier to remember all of your usernames and passwords, but it has the apparent drawback of giving anyone who manages to break into your SSO service access to all of your usernames and passwords. Many SSOs mitigate this by putting in place mechanisms like 2FA (Two Factor Authentication) or occasionally MFA (Multi Factor Authentication).

Social SSO

Users can log in to a third-party application with the credentials they use for social network authentication by using SSO services provided by Google, LinkedIn, Twitter, and Facebook. Social SSOs, regrettably, share the same security issues as other SSOs. This means that if they manage to access your SSO, they will have access to every user name and password.

Enterprise SSO

Users can log on to target applications with enterprise single sign-on (eSSO) by replaying their credentials using client and server components. Target applications do not need to be changed because eSSO credentials are typically only usernames and passwords.

Ensuring you get the most from the tools you have

Since our conception back in 2005, at Vostron we have operated under a series of predetermined guiding principles: agility, people, and approachability. With those principles adopted wholeheartedly throughout everything that we do, along with our progressive approach in helping our clients to achieve their business goals in the most cost-effective and secure way possible, we are proud to say that we have earned the trust of a loyal customer base across the UK from our home in Southampton. Please don’t hesitate to get in contact to find out how we can help you!

Single Sign On