Single sign-on (SSO) in the enterprise refers to the ability for employees to log in just one time with one set of credentials to get access to all corporate apps, websites, and data for which they have permission. SSO solves key problems for the business by providing:
The proliferation of cloud apps and services in the enterprise—often in addition to on-prem ones—has created a significant fragmentation problem. Fragmentation in the enterprise is a challenge for IT and users. IT must manage the many apps in the enterprise, as well as deal with shadow IT. Employees have to use more and more apps each day just to complete their work, which means logging in to and switching between multiple apps and websites.
SSO helps to solve the enterprise fragmentation problem.
Usernames and passwords are the main target of cybercriminals. Every time a user logs in to a new application, it’s an opportunity for hackers. SSO reduces the number of attack surfaces because users only log in once each day and only use one set of credentials.
Reducing login to one set of credentials improves enterprise security. When employees have to use separate passwords for each app, they usually don’t. In fact, 59% use the same or similar passwords on multiple accounts. Thus, if a hacker gets access through one poorly secured website, they are likely to be able to access other corporate systems.
SSO helps with regulatory compliance, too. Regulations, such as Sarbanes-Oxley, require that IT controls are documented and that organizations prove that adequate methods are in place to protect data. SSO is a way to meet requirements around data access and antivirus protection.
SSO can also help with regulations, like HIPAA, that require effective authentication of users who are accessing electronic records or who require audit controls to track activity and access. Regulations, like HIPAA, also require automatic logoff of users, which most SSO solutions enable.
When SSO is part of an identity and access management (IAM) solution, it utilizes a central directory that controls user access to resources at a more granular level. This allows organizations to comply with regulations that require provisioning users with appropriate permissions. UAM systems enable SSO with role-based access control (RBAC) and security policies. This type of SSO solution also deprovisions users quickly—or even automatically—another common compliance requirement meant to ensure that former employees, partners, or others can’t access sensitive data.
With the move to the cloud, employees are using more and more apps in the workplace. Requiring separate usernames and passwords for each app is a huge burden for employees and, frankly, is unrealistic. Single sign-on reduces that cognitive burden.
Signing in once also saves time, thus improving employee productivity. Given that 68% of employees switch between ten apps every hour, eliminating multiple logins can save a company considerable time and money.
SSO solutions that are part of an identity and access management system usually have an app portal. To use an app, employees select it from the portal. If the user doesn’t have an app, he or she can request it through the portal and it’s added with SSO enabled. It all happens quickly, so users who might be discouraged from requesting or using apps are more likely to use them.
SSO lowers IT costs by saving time on password resets. When apps each require a different username and password for every employee, chances are high that employees will forget passwords—and that means help tickets for password resets pile up.
With SSO, users have only one set of credentials to remember, reducing the number of help tickets. And most SSO solutions allow users to reset their passwords themselves, eliminating the need for IT involvement.
SSO that is part of a unified access management system takes advantage of a central directory to provision and deprovision users, making the process faster and cheaper. Policies can be defined based on user role, location, and other user traits. And employees, partners, and customers can be quickly provisioned across multiple applications in one action, rather than having to separately provision each application. Similarly, IT saves time on deprovisioning, which can be done in minutes instead of hours.
When enterprises implement a quality SSO solution, it adds security, improves usability, and saves time and money for the IT department.