Ever wondered how by logging in to Gmail, you are also able to navigate to Google’s other children like YouTube, Google Drive, G+ etc without being prompted for an ID or password?

Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. With SSO, a user logs in once and gains access to different applications without the need to re-enter log-in credentials at each
application.

SSO is a common procedure in enterprises, where a client accesses multiple resources/applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. On the back end, SSO is helpful for logging user activities as well as monitoring user accounts. SSO mechanisms vary, depending on application type.

However, SSO is not suited for systems requiring guaranteed access, as the loss of log-in credentials results into denial of access to all systems. Ideally, SSO is used with other authentication techniques, such as smart cards and one-time password (OTP) tokens.

Common SSO Mechanisms:

Following are the most common mechanisms used for SSO. We will not delve deep into them for now but in future blogs.

Kerberos-based – Initial sign-on prompts the user for credentials, and gets a Kerberos ticket-granting ticket (TGT). Additional applications that the user navigates to use these TGT proving the user’s identity without prompting the user to re-enter credentials

Smart-card-based – Initial sign-on prompts the user for the smart card. Additional software applications also use the smart card, without prompting the user to re-enter credentials. This method either uses certificates or passwords stored on the smart card.

Security Assertion Markup Language (SAML) – SAML is an XML-based solution for exchanging user security information between an SAML identity provider and a SAML service provider.

Pros of SSO:

· Reduce password fatigue from different username and password combinations

· Reduce time spent re-entering passwords for the same identity

· Reduce IT costs due to lower number of IT help desk calls about passwords

· Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally)

· Minimizes phishing.

· Improves compliance through a centralized database.

· Provides detailed user access reporting.

Cons of SSO

· It increases the negative impact in case the credentials are available to other people and misused or if hacked. This can be prevented with high security, governance and 2-factor or multi factor authentication.

· A loss of SSO can result in denial of access to all systems unified under the SSO. A workaround is to keep highly critical applications out of SSO.

IBM ISAM, Okta, RSA etc are among the leading SSO solutions in the industry.

• Stay tuned for future blogs. Please leave a comment or suggestions if any.