Hosted single sign-on (SSO) has become a powerful asset for IT admins and end users. End users gain frictionless access to the IT resources they need while IT admins enjoy widespread visibility and greater control over their IT environment. However, not all hosted single sign-on platforms are created equal.
But, in order to understand the differences among single sign-on providers, we need to first take a look at how SSO has developed over time.
Single Sign-On began Long Ago
While it wasn’t called SSO in the early days, Microsoft created the concept with Active Directory®. End users would simply login to their Windows devices, and then subsequently be able to access anything on their network that was Windows-based. Nobody gave it much thought or called it anything because it just was expected to work that way. However, it took a great deal of work behind the scenes to provide this SSO experience to end users – including the use of multiple protocols such as Kerberos and LDAP. This doesn’t include all of the domain controllers scattered across the network, VPNs to make sure that everything could talk to the Active Directory servers, and permissioning work done by the IT team.
This version of single sign-on slowly started to crumble when web applications were introduced, and users started to use non-Windows resources like AWS.
Single Sign-On took a Narrow Approach
Another generation of SSO solutions emerged in the early 2000’s in response to web applications’ rise in popularity. This SSO approach often called IDaaS or Identity–as–a–Service focused on simplifying life for end users. They didn’t have to remember so many usernames and passwords to all of their web applications, and IT admins could relax a little knowing the temptation to reuse passwords or use really easy ones was reduced.
However, this approach had a few shortcomings. One flaw was that it was still an on-prem solution. In (Read more...)