Author Jose-Miguel Maldonado
It is near impossible to work in the tech field without being inundated with a flurry of acronyms you’re supposed to know. NAT, TCP, UDP, IDS, IPS, MDM, LDAP, IAM, PSK, and the list goes on and on. If you work in the cyber field and do any time of user or cloud administration, you may hear the term SSO or Single Sign-On. Here is a quick primer on what SSO is and what it does.
When you go to work, you have several things you need to log into. For example, you need to log into your computer and e-mail, but additionally, you may need to log into other apps or cloud services like Slack, Quickbooks, Jira/Confluence, GitHub, AWS, or even a ticketing system. Logging into each and every one of these apps can be cumbersome. This is where SSO really shines. SSO handles the authentication of a user when they’re logging into an app or cloud service and simplifies the experience for the user because they only have to log in once and they gain access to all the services they need. On the backend, SSO can be implemented in a number of ways. You can use SAML, OpenID Connect, or even Facebook Connect.
There are a number of reasons SSO may be implemented in an organization but first and foremost, implementing SSO helps take some of the administrative burden off of the IT team – think password fatigue and cloud sprawl. The IT team is freed up from having to spend time on password resets or users being locked out of accounts/cloud services. When someone leaves the company, the IT team has something of a “killswitch” and can disable a user’s access to all their apps/cloud services with SSO. Additionally, IT admins can easily provision new cloud services that use SSO. By leveraging SSO, you can help users save time from having to enter/re-enter credentials into every single site or app that they use.
When implementing SSO, it is easy to layer on additional security such as MFA (Multifactor Authentication) or even IP restrictions to the initial login and strong password requirements. SSO can help break bad habits such as reusing weak credentials without MFA on users’ cloud accounts.
In the end, SSO provides a lot of advantages to an organization when you consider IT administration and security. Whatever SSO solution you choose, ensure that you take time to thoroughly read through the implementation guides so that you are adhering to best practices. This will help you set up a secure system for your users to use.
About the author: Jose-Miguel Maldonado is the VP of Business Ops & Security at Rubica, a cybersecurity startup, and has acquired a reputation for creating cybersecurity champions out of non-technical people.