Single Sign-On (SSO), a subcomponent within Identity and Access Management (IAM), has traditionally been viewed as the ability to login to web apps like Salesforce, Dropbox, and Slack using one set of credentials. In the modern era of cloud identity management, many IT admins are asking what is single sign-on for this era?
First generation SSO has been enthusiastically embraced by end users and IT admins. SSO has made the end user’s life simpler by reducing the number of passwords they need to access their resources. IT admins have been enjoying finer control and visibility over their users’ web application logins thanks to this first generation view of SSO. However, SSO is not a perfect solution for improved IAM or cloud identity management when you consider the broader IT landscape.
In this blog post, we look at how SSO was possible in the past, and then we’ll examine some of the challenges with this approach to SSO, and then talk about what the modern incarnation of single sign-on looks like.
Single Sign-On in the Past
A version of SSO existed a couple decades ago. In the late 1990’s, Microsoft built Active Directory (AD) making sure it functioned best in a Microsoft ecosystem. The on-premise IT environment at the time made it possible for a user to login to their Windows machine and gain access to their apps, network, and data storage as well. This level of SSO was stripped away when Mac and Linux systems started infiltrating the workplace, web-based apps were introduced, and the cloud removed the need to have on-prem infrastructure. Legacy directories, like AD, have struggled to connect identities to the cloud, and True SSO™ has just not been possible like it was in the past.
Challenges with SSO Providers
Web-based SSO providers emerged in response to the growing number of cloud-based apps. While these providers make it possible to easily login to a variety of web-based apps, users and IT admins are still unsatisfied. Web-based SSO providers don’t connect users to the many on-prem resources IT environments are still using like Windows, Mac, and Linux endpoints, legacy apps, and WiFi networks. Web application SSO doesn’t also solve the DevOps problems related to user management with AWS, GCP, or Azure systems.
This is crucial for effective identity management. The more widespread a user’s identity is within an IT environment, the harder it is to manage that user. This can have a huge effect on the time it takes to act when an identity is compromised. Web-based SSO only centralizes a user’s identity in one resource sphere, but a True Single Sign-On™ solution does exist.
True Single Sign-On with DaaS
Our cloud IAM (CIAM) platform is a comprehensive SSO solution. With one set of credentials, a user can login to their Mac, Windows, or Linux system, connect to a WiFi network, cloud or on-prem servers (e.g. AWS, GCP, Azure, etc.), access on-prem and cloud data storage, and remain productive with legacy and web-based apps. IT admins can gain peace of mind with the level of visibility they achieve with Directory-as-a-Service® (DaaS). Your IT environment can also benefit from our other identity security features like MFA, password management, and streamlined onboarding/offboarding.
If you would like to learn more about what single sign-on is and how you can leverage our CIAM system to solve your SSO challenges, drop us a note. We also encourage you to start testing our True SSO solution and other identity security features for yourself by signing up for a free account. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud