What is Single Sign On (SSO)?

Password fatigue is a common problem for employees who are often required to create, manage, and remember passwords for many different accounts. A common solution to this problem is for employees to reuse passwords across multiple accounts. However, while this can reduce the burden on employees and improve efficiency, it does so at the cost of security.

What is Single Sign On (SSO)?

How Does Single Sign-On (SSO) Work?

Single Sign On (SSO) is a service that is designed to mitigate password fatigue without compromising security. Employees are presented with a single sign-on screen when authenticating to the environment, which verifies their identity. This authentication is then carried to other systems within the network, enabling employees to use them without remembering a password and logging in for each of them.

 

Traditionally, most applications and systems manage authentication and access management individually. When a user wishes to log into a computer or an application, they provide a set of login credentials that are compared to the set kept on file. If the credentials are accepted, then the user is granted access to the desired resource.

 

SSO keeps this process but applies it to authenticating to the network as a whole. When a user first logs into the network, their authentication information is transmitted to an authentication server, which validates their identity and the access controls assigned to them. After that, when a user wishes to log into a new system or application, their access request is forwarded to the authentication server. Based upon its built-in access control policies, the server tells the system or application to either allow or deny access.

 

Since the application server has already verified the user’s identity and tracks it throughout their session, they no longer need to individually authenticate to each application or system that they use. This eliminates the need for these resources to implement their own authentication systems or for a user to create and recall a unique password for each resource.

What Are the Benefits of SSO?

SSO centralizes access management for a network into a single authentication server. By doing so, it provides a number of different benefits to an organization and its employees, such as:

 

  • Simplified Password Management: SSO enables an organization’s employees to use a single set of logon credentials to gain access to all of its systems. This makes it easier for users to manage their credentials because they only need to remember one instead of dozens.
  • Stronger Identity Management: SSO centralizes the sign on and authentication process into a single authentication page. This makes it easier for an organization to deploy advanced authentication solutions, like multi-factor authentication (MFA), across their entire network infrastructure without configuring and maintaining multiple systems.
  • Improved Password Security: Employees required to remember and use many different passwords are more likely to use weak ones or the same one across multiple systems. SSO reduces this requirement to a single password, making it easier to enforce the use of a strong, unique password for authentication.
  • Increased Efficiency and Productivity: Remembering passwords and authenticating to new systems is time-consuming for an employee. SSO reduces the authentication burden to a single sign on, increasing employee productivity and security.

Is SSO Secure?

The actual SSO protocol is secure and relies on the authentication server to manage and approve or deny access requests. As long as this server is well-protected and an organization’s access control policies are well-designed, then a malicious user or an attacker with access to a compromised account will have their access restricted to the permissions assigned to that account.

 

The primary benefit and risk of SSO is that it allows a user to access everything after authenticating once. This means that an attacker with control over a legitimate account can access anything that account is permitted to access without being required to enter any additional passwords.

 

However, the use of SSO means that an organization can more easily and effectively deploy solutions like MFA to make this scenario less likely. Additionally, while a user may not need to authenticate multiple times to access various systems, an organization can still perform behavioral analytics to identify anomalous or suspicious activity that could indicate a compromised account. If such activity is detected, the security team can take action to lock down the compromised account.

SSO For Businesses

Implementing SSO across an organization’s entire environment is possible with a standalone solution. However, it is much easier to deploy, configure, and maintain if the solution is designed to be integrated from the start. This requires an SSO solution to offer support for secure remote access, cloud-based deployments, and an organization’s on-premises data centers and endpoints.

 

Check Point offers solutions in all of these areas, making it simple and painless to deploy SSO across the enterprise. To see Check Point’s solutions in action, you’re welcome to request a free demo.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK