Single Sign-On (SSO) Solution Requirements

User community support

Does the SSO solution support all your user communities?

• Workforce (employees and contractors)
• Partners/Vendors
• Customers

Onboarding customers

If your customers need access, does the SSO system support commonly-used consumer authentication methods?

• Facebook
• Google

True SSO

Does the SSO solution allow true single sign-on, as opposed to password vaulting?

• User only enters one username and password to access all apps/sites
• User only has to log in once per day or session to gain access to all corporate apps/sites

Enterprise access

Does the SSO solution integrate with your network access points?

• Integrates with VPN
• Integrates with Wi-Fi for app access
• Provides endpoints for integration with RADIUS and LDAP (commonly used authentication protocols)

Reputation for security

Does the vendor adhere to the recommended security standards?

• SOC 2 Type 2
• ISO 27017
• ISO 27018
• ISO 27001
• TRUSTe
  
• U.S. Privacy Shield
• GDPR
• EU Model Contract clauses
• NIST Cybersecurity Framework

Internal security controls

Does the vendor take their own security seriously?

• Performs penetration tests and vulnerability patching
• Implements network scans

Availability and disaster recovery

Does the SSO service consistently demonstrate high availability and prompt disaster recovery?

• Historical availability of over 99%
• Recent availability (last twelve months) of over 99%
• Uses multiple data centers in different regions
• Uses replication and redundancy across regions

High usability

Is the SSO user interface simple enough that employees will embrace it?

• Provides a single portal of apps
• Integrates with all the common browsers
• Streamlines the app access process
• Makes it easy for users to reset their own passwords

Mobile ready

Does the SSO solution provide dedicated support for mobile users?

• Provides SSO for mobile devices (via a native mobile app)
• Supports a variety of devices, via SAML and partnerships with MDM vendors
• Works with your multi-factor authentication (MFA) tool

Flexible password rules

Does the SSO system support and enforce password requirements in a usable and effective manner?

• Lets you set password expiration times
• Enables you to set password complexity (length, characters, etc.)
• Provides expiration notifications (helping to reduce support tickets)
• Provide end users with the means to reset their own passwords
• Enforces MFA requirements for password resets

Federation

Does the SSO solution allow you to continue using your existing, corporate identity providers?

• Microsoft Active Directory/Microsoft Entra ID
• Amazon Active Directory
• LDAP
• Google Directory
• Human Resource Management Systems (HRMS)

Advanced authentication

Does the SSO solution provide more than just plain authentication?

• Multi-factor authentication
• Adaptive authentication
• Automatic forced authentication for high-risk resources
• X.509–based certificates

Reporting

Does the SSO solution provide reports that enable you to meet compliance requirements and enhance your security, based on threat data?

• Ability to externalize authorization events to third-party SIEM solutions
• Out-of-the-box reports and audit trails

Scalability

Will the solution keep up with the growing and changing demands of your organization?

• Will it still perform efficiently if the number of users doubles?
• Does it support seamless integrations with any number of apps, without compromising efficiency?

A secure, user-friendly SSO solution can safeguard your applications and users, while also boosting productivity and convenience. But remember that SSO is only a small part of an identity and access management solution. Digital transformation today relies on Identity and Access Management (IAM) platforms, that include SSO, as well as other processes like MFA and directory integration.