With the popularity of Single Sign-on as a way to access multiple services and applications, let’s look at the advantages and disadvantages of this approach for enterprise customer identity and access management.
What is single sign-on (SSO)?
Single sign-on (SSO) is an authentication method that allows a user to login in with a single set of credentials to several related, yet independent, software systems. This single login to several can be used with different enterprise applications under the same domain or organization. It can also be used to access different applications on separate applications on different domains and organizations.
Currently, the most common implementation of SSO is using social login to access different applications and services. Another scenario is when you are logged on to a Google account on your browser, you can access the different Google applications like Docs, Sheets, or Youtube. These applications are all under the organization of Google. Additionally, while you’re still logged on to your Google account, you can use that account to log on to or access other web applications like Twitter, Canva, Spotify and others.
Google, LinkedIn, Twitter and Facebook offer popular SSO services that enable an end user to log in to a third-party application with their social media authentication credentials.
As different applications and resources support different authentication mechanisms, single sign-on must internally store the credentials used for initial authentication and translate them to the credentials required for the different mechanisms of the different applications.
Advantages of SSO
Using single sign-on in your customer identity and authentication management solution brings several advantages.
Users remember and manage fewer usernames and passwords when you enable SSO on your CIAM solution. This gives them a more convenient way to access your services and offerings. It also streamlines the process of signing on and using applications, removing the need to repeatedly enter their credentials.
As you reduce the number of times the user has to enter the password, you reduce the number of times the user can make a mistake entering a password, resulting in more password resets.
Resetting passwords is never an enjoyable experience, and your users will appreciate it if they don’t do it just to access your service.
Disadvantages of SSO
Although single sign-on is convenient for the end users, it has its disadvantages.
Security is one of the main concerns for SSO, since it creates a single point of failure that can be exploited by attackers. Once the main SSO account is compromised, the risk of exposure to the other systems increases.
Another disadvantage of SSO is if users get locked out from the main account, they also are potentially locked out from the rest of the systems in the single sign-on network. If that happens, they will have to manually access the other system one by one.
To overcome these disadvantages, the most common and effective way is to increase the security of the main account. One way to do this is to use multi-factor authentication on the sign-on account. By adding additional layers of authentication like one-time password (OTP), biometric authentication, or device fingerprinting, you can ensure that those trying to access these accounts are who they say they are.
Single sign-on can provide convenience and ease of access to your users. It improves the user experience for your brand and reduces resources needed to authenticate and authorize customers. But with this convenience comes security risks that can be mitigated by applying appropriate authentication procedures.
Next Identity can help you perform customer identity and access management best security practices for your enterprise, including how to properly implement SSO for better user experience. Visit http://nextreason.com/products/ today.