Single Sign-On (SSO) can mean different things to different people. It commonly integrates with Multi-Factor Authentication and any authentication type may be used, with or without a password. Authlogics provides various pieces of the puzzle to achieve Single Sign-On to meet various requirements:
A single ID is a key step for SSO as the ID will consist of various attributes of the user from their name and password to keys and tokens. Authlogics builds on an existing Active Directory user database to protect the password as well as add Multi-Factor Authentication instead of creating yet another user database.
Federation allows for trust to be built between credentials and application so that an application doesn’t have to worry about how the user was authenticated, it can simply trust that it has been done so in a secure way. Authlogics supports industry-standard federation protocols and standards including SAML 2.0, WS-Federation, OpenID Connect & OAuth.
Not all applications support federation standards and require credentials to be entered each time. While they may be able to utilise the common directory they often require the password to be entered each time. Authlogics includes a highly secure password vault which is used to recall and replay a users AD password into an application when needed.
Authlogics SSO tightly integrates with an Active Directory database of users and provides an Identity Provider for federation as well as a password vault. The Active Directory and Identity Provider may be located on-prem or in the Cloud, similarly, applications that use the Identity Provider can be on-prem or in the Cloud. As we use AD as our accounts database, no directory synchronisation is required. This also means that you are in full control of where your directory data is being stored.
While SSO by itself is a very useful thing, it is best when paired with Mult-Factor Authentication (MFA). An SSO credential is like having the keys to the kingdom; if a bad actor gets hold of the single credential they too can access everything. MFA lowers this security risk by helping to ensure only the authorised user is making use of the identity. All of the Authlogics MFA technologies are included as part of the SSO solution for total peace of mind.
What is Single Sign-On?
The Single Sign-On (SSO) concept was created to solve the problem of users having different credentials for different applications. While some of these credentials may have had the same username and password they were different accounts. The meant that users had to change their passwords in multiple places and central control was lacking. Central directories (e.g. LDAP & Active Directory) were the first step towards SSO as a single identity could be used with multiple applications, and only one password needed changing. The next problem was that users still needed to type their credentials into each application, so SSO was sought after again, but this time it was to consolidate the actual user login and not multiple credentials.
In summary, modern SSO should provide a single identity for a user and not require them to enter their credentials over and over. To do so it has to cater for different protocols, standards and applications – some of which may not support SSO technologies.