Enterprise single sign-on: Easing the authentication process


Enterprise single sign-on: Easing the authentication process

Single sign-on (SSO) is a form of technology that eases the authentication process for users and IT administrators. Through SSO, a user can enter his or her username and password once for access to

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

multiple applications. Users are given rights to specific applications, and they will be able to access all of those apps when they enter their credentials, which eliminates continuous prompts. SSO also reduces the cost of managing an endless number of passwords for IT staffs.

SSO systems improve security by centralizing authentication on dedicated servers. All authentication credentials must travel through a dedicated SSO server first, which then passes along the specific authentication credential it has stored for an individual user. This centralization is more likely to weed out malicious access than single-factor authentication systems. Additionally, SSO systems usually provide stronger storage of sensitive material, since they are usually protected by corporate firewalls.

SSO is also helpful in documenting the logging and monitoring of user accounts -- i.e. extermination of inactive employee accounts, tracking user activities -- that not only improve organizational security, but are also requirements of the Sarbanes-Oxley Act (SOX).

Although single sign-on can be a huge convenience to users and IT administrators alike, it can also present several risks to enterprise security. If a malicious hacker gains control over a user's SSO credentials, the hacker may be granted access to multiple applications rather than just one, which increases the amount of potential damage. In order to prevent malicious access a thoroughly detailed implementation and deployment procedure is a must, as well as secure transmission and storage of data.

SSO: Implementation and deployment
When preparing for a single sign-on (SSO) implementation, the size of the organization and risk levels of corporate systems need to be considered. It's important for an organization to develop its SSO system based on its unique needs, architecture and infrastructure.

In order to avoid malicious access, it's essential that every aspect of SSO implementation is coupled with an in-depth look at an organization's authorization and access control policies. It's important to ensure current polices are, in fact, protecting sensitive information. A compromised SSO credential coupled with a weak authentication model can result in unauthorized access to a slew of sensitive information.

Administrators also need to be aware of what type of authentication corporate systems need and what directory services the systems are currently using before they begin the implementation process. There must be a firm understanding of where and why SSO is being implemented. Is it for network access, Web access or both? Is it being implemented in hardware, software or both?

Software-based SSO systems are more favorable among large enterprises. These systems, comprised of various functional modules, can be slightly more difficult to configure and require dedicated hardware. Alternatively, a hardware-based implementation requires compatibility with the network architecture, but is much easier to configure, which often makes this type of system more appealing to smaller companies.

Once it is established where and why the organization is implementing SSO, it must be determined which systems will require SSO access. The best way to make this decision is to look at the systems employees most commonly use. By examining employee activity, administrators can determine which systems need access control and what technology is needed for implementation, depending on whether users are accessing applications or network systems.

Lastly, it is important that SSO deployment is planned and comes in stages. If the process isn't carefully handled and something goes wrong, the corporation could risk the simultaneous collapse of its entire access management infrastructure.


  What is authentication?
  ID and password authentication
  Biometric authentication devices, systems and implementation
  Enterprise single sign-on: Easing the authentication process
  PKI and digital certificate authentication and implementation
  Security token and smart card authentication

This was first published in November 2008

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.