SSO explained: Single sign-on definition, examples, and terminology

What is SSO?

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you on one designated platform, enabling you to then use a variety of services without having to log in and out each time.

In the most common arrangement, the identity provider and service provider establish a trust relationship by exchanging digital certificates and metadata, and communicate with one another via open standards such as Security Assertion Markup Language (SAML), OAuth, or OpenID. 

Implemented correctly, SSO can be great for productivity, IT monitoring and management, and security control. With one security token (a username and password pair), an administrator can enable and disable user access to multiple systems, platforms, apps, and other resources. SSO also reduces the risk of lost, forgotten, or weak passwords.

Why is SSO important?

SSO is important because the number of enterprise services and accounts to users’ needs controlled access is ever-expanding, and each of these services needs the sort of security that normally provided by a username/password pair. But provisioning and administering all those accounts can become a burden for administrators and users who struggle to choose strong passwords for multiple accounts. Single sign-on centralizes the process for both admins and users while maintaining secure access to applications.

There are a few different standards that can be used to implement SSO, but they all follow the same basic underlying pattern. The key is that they make it possible for applications to hand over responsibilities for authenticating users to some other application or service.

From the point of view of the system administrator, the SSO platform represents a one-stop shop where user IDs can be managed. When an employee leaves a company, for instance, their ability to log in to a host of internal applications can be revoked all at once.

Copyright © 2022 IDG Communications, Inc.

News Credit

%d bloggers like this: