WHAT IS SINGLE SIGN-ON (SSO)?
Single sign-on (SSO) is an access management function that enables users to log in with a single set of identity credentials to multiple accounts, software, systems, and resources. For example, when an employee enters their credentials to login to their workstation they are also authenticated to access their apps, resources and cloud-based software.
What is the importance of SSO?
According to a recent study, the average enterprise uses 210 distinct collaboration and cloud services, and the average employee uses 36 cloud services at work. One set of secure login credentials to access all of those apps and services promotes better cybersecurity hygiene, which improves security and experience for all.
How does SSO work?
SSO is a federated identity management (FIM) arrangement that relates specifically to access management. Identity federation enables interoperability so that a user can use a single set of login credentials to sign in to multiple applications, systems, and services.
SSO ensures the user's credentials are not shared with the application, system, or service being accessed with an Open Authorization (OAuth) framework that replaces user login information with an access token. If necessary the application, system, or service provider can verify the user identity further by issuing an additional authentication request when the access token is received.
Are there security risks for SSO?
Yes. The high level of convenience enabled by SSO can be taken advantage of by an attacker who gains control over a user's credentials. In order to alleviate the risk, it is highly recommended to leverage SSO with additional security, such as adaptive risk-based authentication that provides a step-up challenge or high assurance credential-based passwordless authentication with SSO. No password, nothing to steal.
What are the advantages of SSO?
- Improved security with reduced potential of poor password hygiene
- Simplified user administration for IT teams
- Greatly improves the user experience
What makes Entrust SSO different?
SSO for secure access is only as good as the authentication foundation on which it is based. Entrust’s identity and access management (IAM) platform supports an unparalleled number of use cases and deployment options for consumers, employees, and citizens. This solution provides a full range of options to help you build a strong authentication foundation based on a Zero Trust framework.
Also, using either OIDC or SAML, Entrust SSO means users only have to authenticate once to access cloud and on-prem apps including legacy applications.