Comparing Single Sign-On (SSO) Providers

By Greg Keller Posted November 19, 2015

comparing SSO

The Single Sign-On (SSO) space is hot in identity management these days. SSO, often referred to as Identity-as-a-Service, is also often misunderstood for a couple of reasons: the complexity of the space and the vast number of different vendors playing in the space. There are a variety of players all claiming to do single sign-on, and many of them are making accurate claims. However, trouble arises when you attempt to match up these public claims with the differing views of an IT organization’s single sign-on needs. In order to compare SSO providers, we need to start with understanding what the different needs are.

Why Does Your Organization Need Single Sign-On?

  • Internal network – A largely traditional view of SSO references when the user enters the network by logging onto their device. They immediately have access to their device, the internal network, (wired or WiFi), and associated on-premises systems and applications. This construct was largely promoted by Microsoft’s domain controller viewpoint and has persisted as a compelling SSO use case.
  • Web applications – As more web-based applications have emerged, a new category of SSO solutions materialized to connect users to their cloud applications. These solutions leverage a core user directory to populate a user’s credentials and then federate that access to the appropriate web applications.
  • Infrastructure-as-a-Service – As most organizations outsource their data centers, technical personnel need to sign into servers located in the cloud. Ideally, these credentials are the same as their internal credentials stored in the directory service.

SSO Solutions Made Simple

You will be able to better identify appropriate SSO solutions once you’ve discovered the requirements of your organization. Solutions that resolve each of our example use cases usually refer to themselves as SSO providers, or at minimum consider that they are part of that ecosystem. For the use cases above, the following identity and access management categories can help:

  • Directory-as-a-Service – The core user directory service for an organization is the solution to your internal SSO problem. Functioning as the core user database and allowing IT to manage user access to devices, internal applications and servers, cloud servers, and WiFi networks, DaaS solutions are your single identity into the network. The two solution providers in this space are JumpCloud and Microsoft.
  • Web application single sign-on – Perhaps the most competitive space in the Identity-as-a-Service sector, there are a large number of players that can support an organization’s needs in this category, including  Bitium, Okta, OneLogin, and Ping Identity among many others.
  • Password managers – While not necessarily an SSO, since you technically can have multiple credentials, this category can function as an SSO equivalent. Logging into your LastPass or Keepass application then unlocks the ability to login directly to your web applications. These solutions are often more focused on the end user, but do have some enterprise capabilities.

SSO is perhaps one of the most misunderstood categories in identity and access management. It means something different to everybody. Hopefully with this breakdown, you’ll be able to better direct your SSO efforts. Regardless of which category or categories you choose from, all of these solutions can provide your organization with significant value.

If you would like to learn more about SSO, drop us a note – we’d be happy to discuss it with you.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts