You enter the meeting room. All eyes focus on you.

“You’re late. Again,” says your boss.

You mumble something about the trains, when it was actually the bus, as start your computer and log into Google Drive where your meeting documents are saved.

*Invalid password*

No, that’s the password to my Netflix account.

*Invalid password*

Oh God! What is it? I can’t remember.

Your boss shakes his head.

*Invalid password*

 

 

We’ve all experienced, hopefully less extreme, versions of this.

 

Fortunately, there is a way around. Single Sign-On (SSO) is a method that allows users to access different services or applications across multiple systems through a single login. SSO solves a key issue that most users have when it comes to passwords:  we have so many versions/variations of the same password that we sometimes struggle to remember which one we need.

 

How SSO works

 

SSO essentially works by centralising your logins. Common setups include logging in to a portal that provides access to your applications or logging in to a service through a third party. An example of the former would be like how logging into your Google account gives you access to your Google Drive, Gmail, YouTube etc. And an example of the latter would be like logging into a service with Facebook or another social media account. An analogy to make sense of the concept is to think of this like an amusement park, where buying a single ticket (SSO) gives your access to all the rides (applications/services) at the park.

 

 

Four Advantages of SSO

 

The use of SSO brings with it several benefits through efficiency and convenience however, some may argue that it diminishes security as there is only one password. I will lay out the limitations in part two of this article.

 

 

 

  1. SSO reduces password fatigue

 

Password fatigue is a term used to describe the exhaustion having to remember an excessive number of passwords for one’s day-to-day digital activities.

 

Different providers usually have different password requirements and policies, most users (myself included) end up with variations of the same (and potentially weak) base password.

Today’s password cracking methods and software are incredibly robust at deducing these variations, if the base password is known. In other words, the password ‘apple123’ is no more secure than ‘apple’.

 

The integration of SSO takes away the need of remembering or guessing which password was used for that account, and allows the use of a smaller set of stronger passwords rather than several weak ones.

 

  1. SSO reduces the need for constant logins

 

As previously stated, there is a significant loss of time due to the need for constant logins. Although the typical time needed for a single login is relatively short (10 - 15 seconds), when you consider other factors, such as trying to figure out which variation of password was used, contacting the IT service desk for password assistance, resetting the password, and so on; the total time spent can reach 15 - 20 minutes in a single day.

 

Furthermore, when you contact your IT service desk, that’s not only your time that is used but also someone else’s. The use of SSO can increases efficiency by allowing users to access different services after they have authenticated once.

 

 

  1. Significantly improved scalability

 

Generally speaking, a company’s system administration team handles the integration of new services and applications into the existing system, ensuring that all users are setup properly. In addition, it is not uncommon for the same team to operate the IT service desk and handle any login inquiries. Although easily manageable for small companies (15- 20 users), this can be a nightmare for large corporations and can prevent system administrators from performing their other duties due to the sheer amount of time needed to handle this.

 

The integration of SSO with applications and services would mean that system administrators only have to manage a smaller number of credentials. In addition, when a new service or application is deployed, existing credentials can be used, eliminating the need to setup a new account for each user every time. This allows for a highly scalable setup as substantially less time is wasted on password related activities, allowing system administrators to get on with their other day-to-day tasks. Furthermore, in a portal-like implementation, system administrators can easily revoke a user’s access to all applications and services, if a user has been hacked or a user has left the company.

 

  1. Improved security

 

With our growing reliance on third party applications, digital identity management has always been a security challenge to almost every company. With the rapidly changing security landscape, some companies may not have sufficient resources or capital to keep up with the latest security requirements. The adoption of SSO with an adequate Identity Provider (IdP) can allow companies to shift this burden to a specialist who is adequately equipped to tackle these challenges. Some example of respectable IdPs include: Okta, Azure AD, Auth0, etc.

 

 

This is part 1 of 2 of this article on SSO. Next time, I will address some points that people think are limitations of SSO, how one can tackle these, as well as briefly discuss common configurations of SSO.

Find out more about Convene's security features here.

 

Dheng Siah

Written by Dheng Siah

IT Security Engineer at Azeus UK LTD

Subscribe to the Convene blog to get regular tips and updates on Governance and Digital Transformation!