Last week we presented a webinar with Infosecurity Magazine on the topic of ‘SSO, Passwords, and Beyond.’ It became apparent that we need to address some of the hurdles that have prevented many organisations from implementing SSO.
Managing users’ authentication to web applications is a common pain point cited when companies are rolling out web applications. On average, employees have to log in to ten applications to allow them to do a day’s work.
When employees forget their log in details this has an obvious impact on productivity and help desk resources. Frustrated employees may resort to risky tactics such as writing passwords on post-it notes, or using easily guessed passwords.
Single sign-on (SSO) was introduced to address the risk of employees using weak passwords and to reduce the time and cost of helpdesk calls for password resets. However, while its benefits are obvious, SSO has not had a smooth path into the enterprise.
I have compiled below 5 major stumbling blocks of SSO, along with some suggestions on how to tackle them.
1. Isn’t SSO less secure, since I only have one password now?
SSO should not be thought of as “password synchronisation”, this would be a bad policy since it degrades the authentication system to the lowest common password policy. On the contrary, SSO creates an opportunity for CIOs to introduce much more rigorous authentication such as 2FA and biometric identification. With only one master credential, this significantly reduces the password reset burden on help desk employees, freeing them up to focus on more rewarding tasks.
2. Not all web sites support SSO standards
Standards, such as SAML, were specifically developed to support SSO to multiple web applications. However, SAML usually supports all users or none. If your organisation only requires SAML for a subset of user accounts, SAML may not be the most appropriate standard.
Our advice is to select an SSO solution that has the flexibility to support not only SAML but other authentication methods too. Look for a solution that supports any web application and can integrate with your existing enterprise directories, to allow for role-based access to applications and support for subsets of users.
3. SSO projects often fail, why should I bother?
The principal reasons for SSO implementation failures have included insufficient flexibility to support a dynamic IT environment with constantly changing applications; insufficient resource allocated to see the deployment through and lack of internal communication and change management to ensure user acceptance of the new SSO authentication policy.
4. What about my legacy applications?
As stated above, selecting an SSO solution that supports all standards and all browser-based applications, without requiring any changes to backend applications, will reduce deployment cost and encourage user acceptance.
5. SSO only solves part of the problem. I need to know what users are doing in between login and logoff.
Organisations in regulated industries such as healthcare, retail and finance, need more than authentication. They need to govern what is permitted to be viewed, processed, or shared while users are logged in. This is why we talk about providing SSO and going beyond it, to provide web application control and auditing.
SSO and Beyond
SSO can be used to enable new services to be easily rolled out to employees, partners or customers. For example, portals, enabled by SSO, can be used to provide a single point of access. Users quickly get accustomed to using a single logon to access a portal and this provides an organisation with a central point where new services can be published. By providing visibility of user activity within the portal, usage statistics can be compiled for licensing, productivity metrics, service uptake analysis and other business intelligence.
In spite of the issues listed above, SSO can yield rapid cost benefits. Therefore, it is worth selecting a solution that supports all of the current and legacy applications your organisation is running, as well as supporting rapid on-boarding of new applications and users.
Considering the ease of implementation, coupled with the security, cost, productivity and management benefits offered by SSO today, it’s time that organisations took another look.
[contact-form][contact-field label='Name' type='name' required='1'/][contact-field label='Email' type='email' required='1'/][contact-field label='Comment' type='textarea' required='1'/][/contact-form]
