search
Where Thought Leaders go for Growth
Reference a solution

SSO: definition and promises of single sign-on

SSO: definition and promises of single sign-on

By Jennifer Montérémal

Published: October 28, 2024

SSO authentication system: what definition can we give to this increasingly popular technology, in both our private and professional lives?

We are living in a context of digital transformation of society, in which digital tools are multiplying as much as the challenges linked to IT security. With this in mind, we need to ensure that our personal data is as securely protected as possible .

This is where SSO comes in.

Without further ado, let's take a look at its definition, its advantages and disadvantages, and a few use cases to help you get the most out of this technology.

Definition of SSO

For security reasons, we are increasingly obliged to generate complex passwords (containing at least one capital letter, a special character, etc.). The temptation is therefore great to use the same identifiers to connect to all our digital tools.

SSO (an acronym for single sign-on) is the technology that overcomes this problem.

Deployed in both the private and professional spheres, it allows you to authenticate once for the duration of a session. Once logged in with a unique identification, users no longer need to re-enter their various passwords to access applications linked to the system.

SSO: how does it work?

The SSO process

The SSO system works like a trust contract between service providers (SP) and identity providers (IdP). In other words, the site X to which the user wishes to connect relies on identity provider Y to certify his or her identity.

Let's look at the process in detail:

  1. The user logs on to the application or site of the service provider governed by the SSO system. To do this, they enter their access codes, usually consisting of a username-password combination. Other means of identification are also available, such as fingerprints or Face ID.

  2. The SSO system sends a request to the identity provider's server or site . The latter is responsible for authenticating the user and retrieving identity information. For this reason, it ensures that the individual attempting to log in has the correct access rights, by validating his or her username and password, for example.

  3. The identity provider then issues access tokens. Stored in the user's browser or in the SSO service's servers, they enable automatic access to linked applications or sites.

Examples of use cases

To illustrate our point, let's take a look at two giants who have integrated web SSO into our daily lives:

  • Facebook: for several years now, we've been able to use only our Facebook login details to access multiple sites and applications (some of which have nothing to do with the famous social network). This perfectly illustrates the "trust" relationship mentioned above, since these various service providers rely on Facebook (then identity provider) to authenticate users.

  • Google: once logged into your Google account, you can browse all related applications (Gmail, YouTube, G Suite applications, etc.), and even third-party sites.

Examples of sites and applications offering to connect you with your Facebook and/or Google accounts:

SSO and SAML

Finally, SAML (Security Assertion Markup Language) is often associated with the notion of SSO.

In fact, it's an IT standard (using the XML language) that enables authentication data to be exchanged securely. And one of the main use cases for this standard is SSO, since it enables identity providers to verify and transmit identification data to service providers.

Advantages and disadvantages of SSO

Advantages of SSO

For the web user

  • Ease of use: users no longer need to remember all their logins and passwords to connect to their various accounts.

  • Increased security: as a consequence of the previous point, the temptation to use the same authentication data is avoided.

  • Time-saving: no need to re-enter your login details every time you want to connect to a site or application.

For companies

  • Enhanced security: SSO makes it easier to impose strong, unique passwords on teams. Above all, this technology makes it possible to control and track employee access.

  • Increased productivity: no more time wasted searching for and entering logins.

  • Reduced help desk workload: help desks also benefit. According to Evidian, 30% of calls to the help desk are due to forgotten passwords... a problem avoided thanks to SSO.

  • Easier teleworking and mobility: SSO supports modern working practices, such as teleworking. In fact, it simplifies and secures access to the company's various tools at any time and in any place.

Disadvantages of SSO

The main disadvantage of SSO is that if a malicious person obtains your master password, they can access all the others.

To mitigate this risk, you should :

  • deploy a solid IAM (Identity and Access Management) process and identity governance policy within the company;
  • combine strong identification methods with other systems, such as physical keys or two-factor authentication.

Software using SSO technology

How can companies use SSO in practice? Here are a few examples of solutions and software:

  • 🛠️ Keycloak: Keycloak is an open source SSO solution. As an open-access identity provider, it enables your technical teams to implement an in-house SSO to manage users or their authentication on the systems and applications of your choice.

  • 🛠️ LastPass: LastPass is a turnkey password manager. With this tool, you have a password vault that can be accessed anywhere using a single sign-on. And thanks to SSO, this software lets you connect to over 1,200 pre-integrated applications, without having to worry about re-entering your credentials.

  • 🛠️ Ping Identity: a provider of identity-based security tools, Ping Identity is a global SSO solution and company. In fact, it offers a range of solutions to secure access not only for your staff, but also for your customers: you can deploy a technology that makes it easier for them to log in and register with your various media, and increase their loyalty. All with the utmost flexibility ( cloud deployment, private cloud, on premise, etc.).

You'll have understood that it's important to think about implementing such technology within your organization, if only by setting up a turnkey password manager.

In so doing, you'll be meeting two important objectives:

  • strengthening access security to the company's various tools,
  • while keeping user experience and productivity at the heart of procedures.

Article translated from French