Single sign-on (SSO) is an important aspect of access management. It is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials – for example, a username and password coupled with multi factor authentication (MFA). This makes life easier for end users since they don’t have to remember multiple passwords. This also provides administrators a centralized way to manage all accounts and govern which users have access to them.
SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens which contain identifying bits of information about the user like a user’s username.
Advantages of SSO include the following:
- Users need to remember and manage fewer passwords and usernames for each application.
- The process of signing on and using applications is streamlined — no need to reenter passwords.
- Fewer complaints or trouble about passwords for IT helpdesks.
Disadvantages of SSO include the following:
- An attacker who gains control over a user’s SSO credentials is granted access to every application the user has rights to, increasing the amount of potential damage.
- It does not address certain levels of security each application sign-on may need.
- If availability is lost, users are locked out of all systems connected to SSO.
Sources:
https://www.techtarget.com/searchsecurity/definition/single-sign-on