Definition of Single Sign-On

Written by Ryan Squires on September 17, 2018

Share This Article

Identity and access management (IAM) is a foundational and wide-reaching segment of any IT admin’s responsibilities. Like a Swiss army knife, IAM is not limited to a singular feature that it offers to an organization, the concept of IAM can span various tools and functions. One of the most common examples of an IAM solution is single sign-on (SSO). The term itself, SSO, has taken on multiple meanings over the years and came to join the IT lexicon during the rise of web apps. It’s helpful when seeking the definition of single sign-on to understand that like all IT, it evolved over time. At its most basic, the definition of SSO is a platform that provides one login “experience” to a myriad of resources (most commonly, SaaS apps).

SSO and Web Applications

Okta and SSO

While not in line with the conventional definition of SSO, you could say the first version of SSO emerged almost a couple of decades ago when the enterprise was dominated by Microsoft®. Back then, users could simply log into their desktop computer and then they’d be able to access all of the Windows-based resources they needed including Office, Exchange®, and what was most likely a wired network. This was possible because the leading identity provider at the time, Active Directory®, was created to manage user access in an on-prem, Windows®-centric ecosystem. The catch was environments had to remain locked-in with Microsoft in order to create that single sign-on experience for end users.

This was fine for a time, but then web-based applications hit the market. On-prem Active Directory wasn’t built to support this type of resource, so the generally understood approach to SSO emerged. This approach is what many web app SSO providers (also known as first generation IDaaS) deliver; it allows users to access web applications such as GitHub, Slack®, Salesforce®, and many other useful workplace tools via one set of credentials.

However, SSO is not a complete IAM solution (read: identity provider); it works primarily with web apps. As a result, organizations have been leveraging additional IAM tools (often Active Directory) in conjunction with an SSO provider. The SSO solution would sit on top of AD and federate AD identities to web-based applications, while IT admins continued to use AD to manage the rest of their on-prem, Windows environment. But, the IT environment is never static.

Changing IT Environments

Construction Cone SSO Emerging

Shortly after web-based applications emerged, people started to gravitate towards Mac® and Linux® systems, and infrastructure shifted to the cloud via AWS® and GCP. Macs became a popular endpoint for users and Linux systems were used to to tap into cloud infrastructure. Those Linux systems, like Macs, fell outside of AD’s grasp. Somewhere in this mix, wireless networks began to infiltrate the environment. More laptops in the IT infrastructure meant users could access network resources from afar, but they required the use of slow VPN connections.

All of these changes added to the list of resources that AD couldn’t natively manage via its identity store. When you factor in the fact that SSO providers only focused on web-based applications, this forced admins to try and layer solutions on top of AD to try and create some sort of user management for all these new resources. An approach like this is painful, inefficient, and costly. The good news is a solution has emerged that can connect users to virtually all of their IT resources. It’s called JumpCloud® Directory-as-a-Service®.

Help is on the Way

SSO alternatives

With JumpCloud Directory-as-a-Service (DaaS), the issue of layering disparate solutions on top of an aging Active Directory implementation is no longer a problem. Because every protocol that a user may need is built into the cloud-based directory service, IT admins no longer have to cobble together solutions and hope they work. With LDAP-as-a-Service, RADIUS-as-a-Service, and SAML integrations, users can authenticate to legacy applications like OpenVPN and MySQL, connect to wireless access points (WAPs) via their unique credentials, and utilize a multitude of Software-as-a-Service (SaaS) applications from a single pane of glass. In addition to these protocols, JumpCloud DaaS allows for authentication to on and off prem file servers (Samba, NAS, G Drive, Box), cloud infrastructure (AWS, GCP), and productivity platforms (Office 365, G Suite). This solution is not merely for the Windows environment, either, it works with all major platforms including Mac and Linux systems.

Learn More

If you’re seeking an updated definition of single sign-on, one that works regardless of platform, protocol, or location, give JumpCloud Directory-as-a-Service a try for free today. You don’t even need a credit card to sign up, and your first 10 users are free forever. If you want to see JumpCloud in action, schedule a demo or watch a video on our YouTube channel.

Continue Learning with our Newsletter