SSO, or Single Sign-On, is a service which allows a user to log into one application or network domain, and then be logged in automatically to other associated applications or domains. The user therefore only needs one set of identity-verifying credentials (e.g. username/password) to access multiple services and applications.
Single Sign-On has long been used in the enterprise to reduce (and better manage) the number of credentials an employee requires to access enterprise applications. However we now also see common use of SSO for external users, like customers, consumers, or partners. With breaches and attacks on customer identity data increasing, this blog post focuses on the much needed customer / consumer scenario.
For example, an energy company could use SSO to enable customers to use just one identity for simplified login to all of its digital services – account settings, electricity reporting, gas usage, payment history etc.
Let’s look at some FAQs around SSO – the benefits, levels of security and set-up.
Note: for a more technical look at ‘What is Single Sign-On (SSO)’, check out our blog, ‘What is Single Sign-On (SSO) – technical guidance for web application developers‘.
What are the benefits of SSO?
User experience (UX)
Enhanced UX is perhaps the most obvious benefit of Single Sign-On. Repeat logins are cumbersome and annoying, so removing this necessity is a big advantage. As customers increasingly demand a good digital experience, poor UX will lead to loss of business.
As a further UX benefit, the single sign-on could be authenticated with any credentials that you expect your visitors will want to use – e.g. username/password or something stronger, like bank ID – or you could improve the user experience even further by giving users options. There’s no need for the user to create a brand-new set of credentials at all, if you so choose – many options exist for a user to verify themselves with a digital identity they already have – keeping users happy and enhancing security (more on that later).
Reduced admin time and costs
With just one set of credentials to manage, login issues are dramatically reduced, which means much less time wasted by IT admins sorting them out – a benefit that scales with the growth of your business.
Furthermore, simplifying internal creation and deactivation of access credentials – for example, when partner contracts begin/end within a B2B service – also saves time.
As we all know, time equals money. SSO saves time, and therefore saves your business money.
Is Single Sign-On secure?
Whilst an initial impression of SSO might leave you questioning the security of only needing one set of credentials to access several systems, Single Sign-On actually improves security when implemented correctly.
If we take the B2B partner use case from above with simpler revoking of access credentials when contracts expire, this also means it’s much easier to view and control who has access to your organisation’s data.
What’s more, initial authentication can be very strong, with multi-factor authentication (MFA) now a standard requirement. Users are likely to create a stronger, unique password if they only need to create one, or opt for MFA if they only need to do it once. SSO allows you to improve your security posture by reducing the amount of identity credentials you expect your users to manage and, instead, consolidate multiple identities into a single identity – i.e. one set of credentials for all your applications.
If levels of security assurance requirements vary between your services, you can create the following workflow. If a user has authenticated with a higher/equal level of assurance in the first application to the level required for the second application, they can Single Sign-On to the second application. However, if a user has authenticated with a lower level of assurance in the first application and the second requires higher level of assurance, you can require the user to re-authenticate.
What are the SSO protocols?
The Single Sign-On protocols are well tested, proven and mature and traditionally included enterprise orientated Security Assertion Markup Language (SAML) and Web Services Federation (WS-Fed). Today, in customer identity and access management (CIAM) and partner (B2B IAM) Single Sign-On use cases we see OAuth 2.0, OpenID Connect (OIDC) and Mobile Connect being used. It’s important to choose an SSO solution that supports the Single Sign-On protocol that best fits your use case.
If you need to compare the protocols to determine which one(s) are best for your business, download our free white paper on SSO / authorisation protocol comparison.
How easy is Single Sign-On to set up?
Single Sign-On is a standard entry to identity digitalisation for many organisations, making it one of the most common digital identity use cases. However, heed caution when attempting to integrate SSO protocols and functionality in-house from scratch. IAM can be complex, and with complexity comes risk. Fortunately there are many SSO solutions that can help reduce this complexity.
Using a SaaS (software-as-a-service) solution for embedding SSO functionality into your application can dramatically reduce the time and cost of deploying services. One such solution is Ubisecure IDaaS (Identity-as-a-Service or, as referred to by Gartner, SaaS delivered IAM).
The time to market (and time to value) for IDaaS is reduced compared to a more complex identity solution due to the standardised feature sets and because the enterprise does not need to manage the deployment, security, configuration and maintenance of the solution themselves. It’s a matter of simple out-of-the-box deployment – rather than reinventing the wheel. IDaaS also reduces the risks created by bad design choices that can happen when developing a single sign solution in-house.
Read more about IDaaS at ubisecure.com/idaas/.
Read more about Ubisecure SSO.
Interested in setting up SSO for your own business technology? Check out this case study of how one Ubisecure customer implemented Single Sign-On to the benefit of all users in their system.
More of a visual learner? Watch our 45-second video about ‘What is Single Sign-On (SSO)?’.