Single Sign On (SSO): An Insight

Single Sign On (SSO): An Insight

There are thousands of different applications and security databases within the industry today. Each operating system and application has its own set of security requirements for both user id and password. With the introduction of so many systems it is possible that users will forget their user id or password and eventually lock themselves out. Unfortunately this happens frequently. Help desk personnel are overwhelmed with the amount of calls regarding password reset and account activation.

Many organizations have internally developed applications that authenticate to proprietary databases. As it is rare that all these different components are managed and maintained by the same department, it is less likely that standardization has taken place. User name and password restrictions would all benefit from standardization. Security often competes with convenience in many different areas within an organization. Reducing password restrictions for end user convenience may or may not be an acceptable sacrifice.

Due to this problem, single sign-on (SSO) exists. SSO is the ability to authenticate once and never have to repeat the process for the duration of the session. Many solutions are available throughout the market that provides SSO capabilities. As a whole they all provide some form of Authentication, Authorization, Access control and password synchronization.

Authentication is the process of a user being identified as who they say they are. SSO applications either take advantage of the existing databases within the organizations or require the implementation of a proprietary database. Typically SSO products contain a central server. The central server is responsible for authenticating the user against one of the security databases within the organization. This is usually the database where all the users’ accounts exist.

The level of access control that SSO can provide will differ depending on the solution as well as the intended end users. The last stage is password synchronization is the ability to synchronize passwords around the corporate network. This is a vital aspect for SSO and can be considered the Back Bone of the solution. Passwords are captured from one or more security databases and then distribute vie the central server around the enterprise network.

However, there are some discussions that SSO and password synchronization creates a security risk. If the password is the same across all security databases then the users account is only as secure as the weakest operating systems security. This probably true, but we also have some advantages by using SSO:

–           Many of the solutions available are multi tier by design and don’t require all users or systems to participate. Careful consideration can be given to who and what is included within the SSO Enterprise.

– Administrators are able to enforce more stringent password restrictions across the environment from the central server.

– Password Synchronization reduces users confusion. With only one password to remember it is less likely that the password will be wrote down on a piece of paper. SSO products that allow end users to reset the password after successfully answering a variety of questions reduces help desk cost and risk of social engineering.

– Employees that leave organizations can quickly be deactivated on all systems from one location.

– Authentication to less secure operating systems can be enhanced with two factor authentication.

– With little intervention required to sign on to applications the process is less likely to fail and cause volume helpdesk calls

In general, SSO facilitates the authentication process and removes a good deal of pain from end users, helpdesk and administrators. On the other hand, in the end, security is all about layers.