search
Where Thought Leaders go for Growth
Reference a solution

SSO: definition and promises of single sign-on

SSO: definition and promises of single sign-on

By Jennifer Montérémal

Published: 28 October 2024

SSO authentication system: what definition can we give to this technology, which is increasingly encountered in both our private and professional lives?

We are living in a context of digital transformation of society, in which digital tools are multiplying as much as the challenges linked to IT security. With this in mind, we need to ensure that our personal data is protected as far as possible by means of secure identification details.

This is where SSO comes in.

Without further ado, let's take a look at its definition, its advantages and disadvantages, and a few use cases to help you get the most out of this technology.

Definition of SSO

For security reasons, we are increasingly forced to generate complex passwords (containing at least one capital letter, a special character, etc.). The temptation is therefore great to use the same identifiers to connect to all our digital tools.

SSO (an acronym for single sign-on) is the technology that overcomes this problem.

Deployed in both the private and professional spheres, it allows you to authenticate once for the duration of a session. Once logged in with a unique identification, users no longer need to re-enter their various passwords to access applications linked to the system.

SSO: how does it work?

The SSO process

The SSO system works like a contract of trust between service providers (SP) and identity providers (IdP). In other words, the site X to which the user wishes to connect relies on the identity provider Y to certify their identity.

Let's look at the process in detail:

  1. The user logs on to the application or site of the service provider governed by the SSO system. To do this, they enter their access codes, which are usually a combination of user name andpassword. Note that there are also other means of identification, such as fingerprints or Face ID.

  2. The SSO system sends a request to the identity provider's server or site . The identity provider is responsible for authenticating the user and retrieving identity information. This is why it makes sure that the person trying to log on does indeed have access rights, by validating their user name and password, for example.

  3. The identity provider then issues access tokens. Stored in the user's browser or in the SSO service servers, they enable automatic access to linked applications or sites.

Examples of use cases

To illustrate our point, let's take a look at two giants who have integrated the web SSO system into our daily lives:

  • Facebook: for several years now, we have been able to use only our Facebook login details to access multiple sites and applications (some of which have nothing to do with the famous social network). This is a perfect illustration of the 'trust' relationship mentioned above, since these various service providers rely on Facebook (then the identity provider) to authenticate users.

  • Google: once you have logged in to your Google account, you can browse all the related applications (Gmail, YouTube, G Suite applications, etc.), and even third-party sites.

Examples of sites and applications that allow you to connect with your Facebook and/or Google accounts:

SSO and SAML

Finally, SAML (Security Assertion Markup Language) is often associated with the notion of SSO.

In reality, this is an IT standard (using XML) that enables authentication data to be exchanged securely. One of the main uses of this standard is for SSO, since it enables identity providers to verify and transmit identification data to service providers.

Advantages and disadvantages of SSO

Advantages of SSO

For the Internet user

  • Ease of use: Internet users no longer need to remember all their logins and passwords to connect to their various accounts.

  • Increased security: as a result of the previous point, the temptation to use the same authentication data is avoided.

  • Saves time: there's no need to re-enter your login details every time you want to connect to a site or application.

For businesses

  • Increased security: SSO makes it easier to impose strong, unique passwords on teams. But above all, this technology makes it possible to control and track employee access.

  • Increased productivity: no more time wasted searching for and entering logins.

  • Less helpdesk work: helpdesks also benefit. According to Evidian, 30% of calls to the help desk are due to forgotten passwords... a problem avoided thanks to SSO.

  • Easier teleworking and mobility: SSO supports modern working practices, such as teleworking. It simplifies and secures access to the company's various tools at any time and in any place.

Disadvantages of SSO

The main disadvantage of SSO is that if a malicious person obtains your master password, they can access all the others.

To mitigate this risk, you should :

  • deploy a robust Identity and Access Management ( IAM ) process and identity governance policy within the company;
  • combine strong identification methods with other systems, such as the use of physical keys or two-factor authentication.

Software using SSO technology

How can companies use SSO in practice? Here are a few examples of solutions and software:

  • 🛠️ Keycloak: Keycloak is an open source SSO solution. As an open-access identity provider, it enables your technical teams to implement an in-house SSO to manage users or their authentication on the systems and applications of your choice.

  • 🛠️ LastPass: LastPass is a turnkey password manager. With this tool, you have a password vault that can be accessed from anywhere using single sign-on. And thanks to SSO, this software lets you connect to over 1,200 pre-integrated applications, without having to worry about re-entering your credentials.

  • 🛠️ Ping Identity: a provider of identity-based security tools, Ping Identity is a global SSO solution and company. It offers a range of solutions to secure access for employees and customers alike, so you can deploy technology to make it easier for them to log in and register for your various media, and increase customer loyalty. And all with complete flexibility ( cloud deployment, private cloud, on premise, etc.).

You'll understand that it's important to think about implementing such technology within your organisation, if only by setting up a turnkey password manager.

By doing so, you will be meeting two important objectives:

  • strengthening the security of access to the company's various tools,
  • while keeping the user experience and productivity at the heart of procedures.

Article translated from French