As more of your business’ data is stored remotely, security and access become ever more important. Single Sign On gives users access to data across multiple applications through one identity – which streamlines the process of accessing information, and improves security for the organisation.
Over time, the definition of Single Sign On has evolved, and the meaning within an organisation can differ. There are several different methods that are described as Single Sign On, but not all of them are truly the same:
Password Synchronisation is not the same as SSO – in essence, each system has the same log in details, but they are not connected – the user simply uses the same identity across multiple applications.
Between Passwords and SSO, there are occasions where there is partial SSO – some applications are connected. This can appear like SSO, but still requires a user to have multiple identities. From a security perspective, this can create issues with administrating a network of users, as the individual identities will be stored separately.
True SSO is a single identity or credential that is used across multiple applications. Microsoft use this approach in Windows – the identity used to log into the system provides access to applications and is tied to the cloud storage. Windows uses Active Directory to connect the applications together, and user’s identities are managed centrally. True SSO works with applications within a single family (e.g. the Microsoft Suite), but might not extend to other applications.
With Federation, identity uses external standards such as SAML to build the trust relationship between the systems and the identity is held centrally. With Federation, the identity uses a trusted token from the originating system that allows the user to log into an application and access information, but the actual user data is held securely.
As noted above, security is a key reason for adopting SSO. When a user has a single identity that they use as part of their day to day work, it is much more straightforward for the IT department to manage permissions through a single interface rather than across multiple admin systems.
Beyond security, Single Sign On also benefits end users by giving them simpler access to information and as such helps with productivity. Users can access their data in a single source, and move information between applications more simply.
Businesses who choose to implement SSO can sometimes struggle with the complexity of managing a federated identity – ADFS requires extensive configuration – and there are several specialist skills required.
At IG CloudOps we have substantial experience in providing organisations with Single Sign On using ADFS that enables them to combine identities across Microsoft’s offline and online applications (e.g. Office 365), and with other applications that the business uses. Please feel free to download our white paper about ADFS for more information.
For more information about how we approach SSO, please contact a member of our technical team to book an initial consultation to discuss your needs.
IG CloudOps' clients benefit from direct access to fully accredited Microsoft Azure and Amazon AWS specialists who manage deployments from planning through to maintenance. This means our clients get access to the right advice and receive quicker resolutions for any issues.
Read more about this and other topics in our articles and white papers area.
Contact us to find out our security hardening approach for Microsoft Azure and Amazon AWS products.
How to Succeed with
Single Sign-On in the AWS & Azure Cloud