What Is Single Sign-On (SSO)?
The question “what is single sign-on?” is one we get asked a lot. To understand this solution, consider an analogy:
“Imagine going to the mall, and at each store you must register with the store for your first purchase. Then, every time after that, you have to prove who you are to buy something.”
Unfortunately, this is exactly what happens when you shop online. Each website makes you create a new and unique identity specific to that website. On top of that, you have to log in and authenticate each time.
So the big question that we face is, why can’t it be like the offline world? Why can’t we go wherever we want and show one universal identity like a birth certificate, passport, or driver’s license?
While some web properties do offer the option to sign in using social identity, the majority of customers still have to log in to each web property. This often happens even when the websites are part of the same parent organization.
There are solutions out there that would make this situation a thing of the past, one being single sign-on (SSO), which allows customers to use a single digital identity across multiple domains.
What is an SSO login?
Single sign-on (SSO) is a centralized session and user authentication service in which a set of login credentials can be used to access multiple applications.
In simple terms, “SSO assists customers to sign in to connected domains or applications with one username and password.”
What are the types of single sign-on?
There are three types of single sign-on solutions: web, mobile, and federated single sign-on.
The concept of seamless access is common to each type, but they differ in their architecture and methods:
Web SSO: Web single sign-on enables your customers to access any of your connected web properties with a single identity. As customers navigate from one site to the next, your systems will be able to recognize who they are on each site.
Mobile SSO: Mobile single sign-on is like web SSO, expect that customers can use a single identity to access connected mobile apps.
Federated SSO: Federated single sign-on works a little differently than web and mobile SSO. Rather than connecting websites or mobile apps, you use the login credentials held by partners. This happens by using industry-standard SSO protocols, which allow customers to gain access to web properties without authentication barriers.
Some of the major SSO protocols include:
- SAML
- JWT
- OAuth
- OpenID
- Multipass
There are also password synchronization solutions that are often grouped as single sign-on solutions. These solutions, however, are not the kind of SSO implementations that businesses or enterprises are looking for in today’s age.
What are the benefits of single sign-on?
Any business that has more than one website or mobile app should use single sign-on for the following benefits:
- Seamless user experience. Customers can use a single identity to navigate multiple web and mobile domains or service applications.
- Unifies customer profiles. Creating a single instance of the customer data provides a centralized view of the customer across all channels.
- Improves conversions, usage, and revenue because customers can access all domains and services with a single active session.
- Mitigates risk for access to third-party sites (user passwords are not stored or managed externally).
- Reduces password fatigue from different username and password combinations.
- Reduces customer time spent re-entering passwords for the same identity.
- Reduces IT costs due to fewer IT help desk calls about passwords.
How do you implement single sign-on?
Deciding the best implementation method really depends on your individual situation, technical architecture, and business needs.
Here are some things to consider when deciding how to implement a single sign-on solution:
- Is SSO the best option for your business? For example, do you want your websites and applications linked? Do you want your customers to be able to use one identity? Or do you want them to sign in to each digital property?
- If you allow your customers to use a single identity, which sites and apps do you want to include? For example, do you want your customers to be able to access all your digital properties with the same identity? Or only a select few?
- Once you have decided on using a single sign-on solution, you next have to decide which implementation method will be best for your business. For example, do you want to build a single sign-on solution in-house? Do you have the expertise and time to do so? Or do you want to purchase an out-of-the-box solution?
If you decide that a readymade solution is best for your company, then lucky for you there are many customer identity providers to choose from. Many of these platforms offer fast and easy implementation. And SSO is only one of the tools they offer.
How does single sign-on work?
As explained earlier, single sign-on allows customers to log in to related websites or applications with one digital identity. This can be done by centralizing the process of identity provision and authentication.
Check out these use cases on the different types of single sign-on at LoginRadius:
Web SSO: Let’s say that a university has signed up for a LoginRadius site license. This university has a library site, a student services site, a course directory site, and a healthcare site.
Each of the 40,000 students needs to access all four websites, and having one set of credentials to remember is preferable (to say the least) to remembering four.
SSO is set up to allow seamless navigation between each of these properties. The user interface is made to feel like a single hub connecting all of their university’s properties.
Mobile SSO: Let’s say that an electric utility company has signed up for a LoginRadius site license. This utility company has 900,000 subscribers, with two mobile apps. One app is used to track power consumption and the other app is used for billing.
Each subscriber needs to access both mobile apps. From the subscriber’s point of view, having one set of credentials to remember is preferable.
SSO is set up to allow seamless navigation, and the user interface is designed to feel like a single hub connecting both apps.
Federated SSO: Let’s say a municipality embarks on a project to improve the way it delivers services to its citizens. Having recognized what a complicated process it is to complete some workflows in person (like permitting and licensing), they consolidate service desks to reduce the amount of time spent going from department to department.
They decide to do the same online as they have done offline. However, each department delivers services using different service applications.
A portal is set up with all the apps connected to it via SSO. Citizens are able to access and receive services from different departments, regardless of website, mobile app, or service application.
To learn more about single sign-on and how it can benefit your company, check out these resources.
*** This is a Security Bloggers Network syndicated blog from LoginRadius authored by Emily Genge. Read the original post at: https://www.loginradius.com/blog/2019/05/what-is-single-sign-on/