A close-up of a person seen from the neck-down using a laptop. The person uses one hand to control the laptop's trackpad, while their other hand holds a smartphone. The person wears a dark T-shirt with the word "WHY" written on the right side of the chest.
Single sign-on is easy to work with from a user standpoint. A single successful login unlocks access to multiple programs, so employees only have to enter their credentials once. — Getty Images/Tom Werner

As businesses seek to secure their systems from the increased threats of phishing, malware, and ransomware, many IT experts are recommending implementing a single sign-on process. Single sign-on is considered by many to be a convenient, easy way to secure your system against a data breach, but it does have its limitations. If you’re considering adding this identity access management tool to your security system, here’s what you need to know.

[Read more: What Is the One Thing We Can Do Right Now to Improve Our Cybersecurity?]

What is single sign-on?

Single sign-on (SSO) is an authentication process that allows users to enter multiple applications and websites using one secure set of credentials. When you add SSO to your work environment, your employees can log into one application and automatically be signed into other programs, regardless of the platform, technology, or domain the individual is using.

How does SSO work?

Single sign-on can get pretty technical behind the scenes, but the user experience is relatively simple. Essentially, the user starts by opening the application they want to access, such as Gmail. The user logs in with their email address and password. Gmail—which in this case serves as the “Service Provider”—sends the information to the Identity Provider.

The Identity Provider may ask for additional authentication, such as a one-time password or biometric credential (e.g., a fingerprint). Once the Identity Provider has validated the credentials, it will confirm with the Service Provider and the user will be logged into multiple applications. In this example, once someone logs into Gmail they are also automatically authenticated to YouTube, AdSense, Google Analytics, and other Google apps.

The technical explanation is more complicated than this example implies, with various protocols and standards involved (such as SAML, OAuth, and OIDC). These protocols can easily be outsourced to an IT specialist or an SSO provider that can take care of the nitty-gritty implementation for you.

SSO empowers better identity and access management, locking down key systems and making it easier for IT teams to monitor and control user credentials.

What are the benefits of SSO?

Advocates for single sign-on say that the system is a way to both provide a better user experience and secure your system.

For your team, SSO makes it easy to uphold password best practices. “When end users only need to remember a single unique password, instead of different passwords for each app, the risk of password fatigue drops significantly, and with it the rate of time-consuming password resets,” wrote Okta. “What’s more, since they only need to log on to one secure platform, once per day, you eliminate the chance of users repeating passwords across multiple insecure applications.”

Okta, an SSO provider, also found that IT teams at organizations that deploy this authentication process spend significantly less time providing password-related support and can speed up IT integration with acquired businesses by 500%.

On the security side, SSO empowers better identity and access management, locking down key systems and making it easier for IT teams to monitor and control user credentials. But before implementing SSO, there are some drawbacks your company should consider.

What are the drawbacks of SSO?

SSO should be implemented strategically. Some companies may have applications they want to keep locked down a bit more: For instance, healthcare organizations subject to HIPAA regulations may need to be careful about their SSO implementation.

“[It] would be important to choose an SSO solution that gives you the ability to, say, require an additional authentication factor before a user logs into a particular application or that prevents users from accessing certain applications unless they are connected to a secure network,” wrote OneLogin.

Before you get started with SSO, make sure you perform a full review of the applications, employees, and third-party vendors who may gain access through this authentication process. Then, choose a provider who can let you customize controls to suit your company’s needs.

[Read more: 6 Ways to Make Your Hybrid Workforce Secure]

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Published