Chances are you have used Single Sign On (SSO) in the past week even though you may not have a full understanding of what SSO actually is.
What is SSO?
Single sign-on (SSO) is an identification system that allows websites to use other, trusted sites to verify users. This frees businesses from the need to hold passwords in their databases, cuts down on login troubleshooting, and decreases the damage a hack can cause.
SSO systems work as an identity provider, similar to an ID card. For example, if you are asked to provide ID checking into a hotel, the receptionist doesn’t have to know you personally, they can just look at your license or passport and see that your state vouches for your identity.
Likewise, with SSO, your website doesn’t make you prove your identity by checking within itself. Instead, it checks with an SSO provider (such as LinkedIn, Microsoft, or Google) to see if it can verify your identity. If it can, the site takes their word for it.
How does SSO work?
When accessing a website, as a user, you hit an intermittent page (an SSO portal) that checks to see if you’re already logged in. If you are, it scoots you off to whatever you really wanted—your Gmail inbox, for instance.
If you’re not already logged in, the website presents you with options for authentication via a third-party identity provider). You pick your provider of choice and then log in with that provider, let’s say, Google.
Google checks to see that you’re you, checks to see that website.com is the site it’s claiming to be, then authenticates you based on the Google password database and issues a token back to website.com.
Website.com gets the token from Google, verifying your identity. It now associates you with the rest of your user data—preferences, history, shopping cart, and you’re all set.
A true SSO system will give you the option to just cruise around from site to site with full access.
View this post on Instagram
Why should your company use SSO?
Incorporating SSO into your company will lead to more lead generations and more user sign-ups. SSO provides a lower barrier to entry, so new customers can sign up easily and securely, by relying on a known brand.
SSO increases the efficiency of the employees by eliminating the need to enter credentials for multiple applications. It is also more efficient for IT managers to have a single set of credentials to they can easily manage help desk tickets for forgotten passwords or manage account privileges for individual accounts or applications.
This also leads to less time-consuming work on the back end. Meaning, you won’t have to play around with passwords. While reducing your hack risk is important, even more, important is not having to reset people’s passwords every five minutes. All the authentication and password heavy-lifting is managed by the trusted authenticator.
Benefits of SSO for organisations:
- Control given back to the IT dept.: IT can control password resets, password change frequency and timeout periods according their internal Information Security policies. With a one-button click, IT can admin, enable or disable the whole organisation – or individuals – for both offsite and onsite employees. (Prevents the single access point being a risk as well as a disadvantage.)
- Security and Compliance: Under SSO, organisational control of access can fall under your own policies (that may be required under regulatory or standards-based requirements) rather than those set by the Service Provider and/or your employees. Employee onboarding and exits can be easily managed with full security control over vital information and access to sensitive data. (Vital under GDPR).
Arguably the most important benefit SSO can provide your company with is reduced risk. Hackers have less incentive to hit your site if you don’t host a ton of login details. You’re also less likely to have a bunch of users with horribly weak passwords poking holes in your site’s overall security. In short, adopting an SSO solution can make life easier for you and for your clients.
If you would like to know more about SSO, click on the link below and set up a call with a HRLocker sales consultant, we’ll be happy to help you figure out your needs.
Share this Post