Hosted single sign-on (SSO) has become a powerful asset for IT admins and end users. End users gain frictionless access to the IT resources they need while IT admins enjoy widespread visibility and greater control over their IT environment. However, not all hosted single sign-on platforms are created equal.
But, in order to understand the differences among single sign-on providers, we need to first take a look at how SSO has developed over time.
Single Sign-On began Long Ago
While it wasn’t called SSO in the early days, Microsoft created the concept with Active Directory®. End users would simply login to their Windows devices, and then subsequently be able to access anything on their network that was Windows-based. Nobody gave it much thought or called it anything because it just was expected to work that way. However, it took a great deal of work behind the scenes to provide this SSO experience to end users – including the use of multiple protocols such as Kerberos and LDAP. This doesn’t include all of the domain controllers scattered across the network, VPNs to make sure that everything could talk to the Active Directory servers, and permissioning work done by the IT team.
This version of single sign-on slowly started to crumble when web applications were introduced, and users started to use non-Windows resources like AWS.
Single Sign-On took a Narrow Approach
Another generation of SSO solutions emerged in the early 2000’s in response to web applications’ rise in popularity. This SSO approach often called IDaaS or Identity–as–a–Service focused on simplifying life for end users. They didn’t have to remember so many usernames and passwords to all of their web applications, and IT admins could relax a little knowing the temptation to reuse passwords or use really easy ones was reduced.
However, this approach had a few shortcomings. One flaw was that it was still an on-prem solution. In order to work effectively, this version of SSO still required an identity provider like Active Directory. A second flaw to this single sign-on approach was that it only simplified access to web-based apps. Users still needed a separate identity to access their system, networks, and data.
When hosted versions of single sign-on surfaced in the late 2000’s, hosted single sign-on grew in popularity just as their first generation counterparts had. But, all of the challenges that existed with SSO in the past, had not disappeared with this new version. Hosted SSO services still needed to be built on top of Active Directory, and users still needed multiple sets of credentials to access their systems, cloud-based services like G Suite and AWS, and on-prem resources like WiFi and storage devices.
But not all is lost. A comprehensive next generation IDaaS solution has emerged that easily connects users to all of their resources, and helps IT to achieve greater control over their environment
Hosted Single Sign-On with a Broader Vision
Our modern hosted single sign-on solution has a much broader vision. Our multi-protocol approach makes it possible to leverage one set of credentials across all of the resources a user needs access to. Via our system agent, only one identity is needed for end users to login to their systems (Windows, Mac, Linux) and cloud and on-prem servers (AWS, GCP, Azure, etc.); via LDAP and SAML that same identity can be used to access legacy and cloud applications; and via RADIUS it is possible for that identity to access wired and WiFi networks.
By leveraging a myriad of protocols, our virtual identity provider removes the need to manage multiple solutions, while still offering a comprehensive service that can connect users to all of their resources. IT organizations no longer need a directory service and an excess of IAM extensions, and they are able to achieve a centralized environment. On the other hand, users can finally gain access to all of the resources they need with One Identity to Rule Them All™. With our hosted single sign-on platform, users can access resources that are on-prem and cloud-based, remote and on onsite, using the system of their choice.
We also hope you reach out to us to learn how you can start optimizing your IT environment with our hosted single sign-on platform. You’re also invited to start testing One Identity to Rule Them All by signing up for a free account. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud