Web Application Single Sign-On (SSO)

Written by Brenna Lee on November 30, 2021

Share This Article

In 2021, the average number of Software-as-a-Service (SaaS) apps used across organizations worldwide was 110. When web applications first hit the market, they gained popularity and began proliferating very quickly, and this number has grown significantly every year since. This explosive growth is what led to the creation of web application single sign-on (SSO).

In a nutshell:

  • There was an event: Web apps emerged and rose in popularity.
  • There was a need: Organizations needed secure and efficient means to connect employees to their work apps that lived outside of the on-prem, Windows-based domain.
  • There was an untapped opportunity: Web app SSO providers came up with the first generation of Identity-as-a-Service (IDaaS) solutions to fill this need — aka web app single sign-on tools.

What is Web Application SSO?

Web application SSO refers to the traditional version of single sign-on that allows users to sign in one time using a single set of credentials to gain access to all of the web applications they use, generally through a web portal or a browser extension. To achieve this, organizations typically purchase and set up a web application SSO tool that is then layered on top of their existing directory service or identity provider (IdP). 

A high-level overview of the how the SSO process works:

  1. A user attempts to sign in to a web application.
  2. The web application checks with the SSO tool which has either attested that the user is who they say they are through verification with the IdP, or the SSO tool embarks on that process to verify the identity of the user.
  3. If the user has already been attested by the SSO solution, they are logged into the app.
  4. If the user has not already been verified by the SSO solution, it will prompt the user to start that process.

Can I Use SSO on its Own?

Web app SSO must be used in conjunction with an entity that stores user credentials. Most web app SSO providers do not store user identities; instead, they validate user credentials against a separate identity database, traditionally a directory service or identity provider. 

More recently, some web app SSO providers have begun offering identity provider services, which layer into their overall product packaging; however, this is an add-on service which generally comes with additional costs and may fragment the core identity database into multiple, “mini” directories. Web app SSO tools generally aren’t used on their own for this reason.

Is Web App SSO Still Used?

Web application SSO is still used extensively across many organizations, but the market is shifting away from offering this as a more traditional point solution in conjunction with a separate directory service. Alternatively, the interest and adoption of broader, more comprehensive identity and access management (IAM) platforms continues growing, with web app SSO as a major component. 

A holistic IAM platform includes far-reaching single sign-on capabilities among many other features that give IT more control over identities and access. With all of the necessary IAM features included in a single platform, organizations no longer have to worry about layering a web application SSO solution on top of their separate directory/IdP. 

The transition away from web app SSO point solutions is happening for a few reasons: 

  • An interest in vendor consolidation.
  • A desire to avoid hidden costs.
  • A widespread need for improved identity and access management.

Common Web App SSO Use Cases

There are a variety of use cases that drive web app SSO adoption:

  1. Small organizations that use a variety of web applications.
  2. Mid-market and enterprise-sized organizations that implemented web app SSO back when it was more relevant as a standalone solution within the IT environment.
  3. Organizations with Active Directory (AD) in place already.
  4. Organizations trying to adopt an IAM strategy.
  5. Organizations that are unaware of the modern cloud-based replacement for AD and web app SSO that is a far more seamless, cost-effective, and integrated platform.

What Size Organizations Need Web App SSO?

Organizations of all sizes can benefit from web app SSO. The trick here is to complete an SSO cost/benefit analysis, by dissecting the pros and cons of SSO and comparing those to the total cost, especially in a small organization with limited human and capital resources. This involves analyzing the price tags on a directory solution/IdP and an SSO tool, plus anything else you may need to add on to create a complete IAM solution – i.e. people time.

Often, mid-size organizations and enterprises benefit more from web app SSO solutions, because the number of users they have to keep track of is worth the associated costs. However, many of these larger organizations don’t realize that web app SSO is still not a comprehensive enough IAM solution for their needs. These organizations usually end up moving to a more sustainable solution for their IAM needs which is a cloud-based directory that includes modern SSO capabilities among many other security and productivity features.

What Kind of Organizations Need SSO?

Organizations in any industry can benefit from implementing single sign-on. It’s common for startups to begin considering SSO solutions after they hire a fair amount of people and realize that manual onboarding, offboarding, and access management are inefficient and ineffective. When users need access to a wide variety of digital IT resources, the organization is more likely to adopt an SSO tool to take some of the burden off of IT and management. 

The problem here is that these organizations don’t often realize how little web app SSO actually covers. It streamlines access management across web applications, but what happens with all of the other IT resources users need to access? They often go unmanaged or there is a significant lack of control over those resources and the identities that access them, creating unnecessary vulnerabilities across the organization.

A Modern Single Sign-On Solution

Fortunately, there’s a much better solution out there that mitigates risk and streamlines IAM processes all under one cloud-based platform. This modern IAM solution comes with built-in far-reaching SSO capabilities and provides a variety of benefits, which include:

  • Giving organizations the IAM coverage they need to pass audits.
  • Keeping user identities and organizational resources secure.
  • Controlling user access to virtually all IT resources.
  • Streamlining onboarding and offboarding with simple identity management.
  • Automating access provisioning and deprovisioning through protocols such as SCIM and SAML JIT.

This cloud-based platform is called the JumpCloud Directory Platform, and it acts as a complete IAM solution with what we call True Single Sign-OnTM built-in. True SSOTM is the modern version of single sign-on that allows users to securely and efficiently connect to virtually all of their IT resources. On top of facilitating user authentication to web apps, True SSO lets users sign in to resources such as Mac, Windows, and Linux devices; WiFi networks and VPNs; physical and virtual file servers; cloud infrastructure; legacy apps; and more with a single set of credentials. 

True SSO Graphic Connecting All Resources

The coverage that this single sign-on solution provides amplifies user and IT admin productivity by drastically reducing sign in time. For IT admins, automated access provisioning and deprovisioning through protocols such as SCIM and SAML JIT can dramatically save time, increase security, and support compliance initiatives. Plus, True SSO is included in JumpCloud’s directory platform, so there’s no need for a separate IdP — it’s all included in a single pane of glass.

With comprehensive solutions like this on the market, it’s no wonder there is a significant transition away from add-on web app SSO solutions happening. Organizations of all sizes and types need cost-effective, all-encompassing, and scalable IAM solutions that will evolve with them, and unfortunately, web app SSO tools may not be the modern answer. These tools solved the initial problem of efficiently accessing web apps that lived outside of the domain back when everything was on-prem in a Windows-based environment, but modern IT issues need modern IT solutions.

Try JumpCloud’s SSO Solution

Test out JumpCloud’s modern, simplified IAM solution with True SSO, and see if it’s right for your organization! Sign up for a trial of JumpCloud today.

JumpCloud

Learn more about JumpCloud's Modern SSO Solution

Brenna Lee

Brenna is a Content Writer at JumpCloud that loves learning about and immersing herself in new technologies. Outside of the [remote] office, she loves traveling and exploring the outdoors!

Continue Learning with our Newsletter