Open-Source Single Sign-On (SSO)

Written by Brenna Lee on September 27, 2021

Share This Article

Single sign-on (SSO) solutions are a popular category within the identity and access management (IAM) sector. With that, interest in two categories of SSO are rising above the rest: cloud-based single sign-on and open-source single sign-on. According to Linchpin SEO, as of 2021, 93% of CIOs in the SaaS industry reported that they’re planning to adopt cloud SaaS. On top of that, average small and medium businesses use 102 and 137 different apps, respectively, and spending growth is outpacing the number of unique apps in use (Blissfully).

These stats lead us to a couple of conclusions: 

  1. Whether they know it or not, IT admins at different organizations are constantly in need of cloud-based SSO solutions to help securely manage user access to all of these applications.
  2. Single sign-on solutions can get extremely pricey, so it’s no wonder that IT organizations are searching for open-source single sign-on alternatives.

The overall concept of SSO has been extremely valuable to IT admins over the years, and many single sign-on solutions have hit the market and evolved to fit in with today’s modern IT environment. Single sign-on provides organizations with improved security, increased room for productivity among end-users, and less login friction and frustration. 

One popular SSO solution on the market is web application SSO, and while it does its job well, web app SSO only helps IT centralize user access to one pocket of resources – web applications. Single sign-on platforms out there have been built around this notion of web app SSO, meaning that standalone or open-source SSO solutions might not be the best for an IT environment that houses networks, file servers, systems, legacy apps, or anything else that’s not a web app. After all, IT admins want to connect their users to everything that they need with one set of credentials, not just web apps.

To understand this further, we need to step back and take a look at the problem web-app SSO was created to solve.  

Will Open-Source Single Sign-On meet the need?

The Emergence of Web App SSO

Before web-based applications surfaced, IT organizations were able to centralize user management solely using Microsoft Active Directory (AD). This was possible because their networks were largely Windows-based and on-prem. But IT lost some of this capability when web-based applications exploded onto the market. Users needed to access them, but AD didn’t let you connect to them with the same credentials. Due to this, security at many organizations took a hit, admins had less control over the IT ecosystem, and end-users experienced more login friction than necessary.

Because of this, a generation of web app SSO providers – often called IDaaS solutions – emerged to fill this unwanted gap. As they gained popularity, friction emerged both in terms of cost, capability, and integration and thus, the interest in open-source single sign-on solutions developed.

The Issue with Open-Source Single Sign-On

The Issues with Creating an Open-Source SSO Solution

Unfortunately, web-app SSO doesn’t lend itself well to open-source. OpenLDAP, FreeIPA, Samba, and other solutions in the IAM world are popular open-source alternatives to Microsoft Active Directory as an identity provider, but these are not web-app SSO alternatives. 

The challenge with SSO is that there are ‘connectors’ or plug-ins for each web application and somebody needs to write and manage those connectors. With some SSO providers having over 10,000 of them, you can see why the open-source category isn’t easily solving this need. Even if there is minimal development with an open-source implementation, testing of the integration is required. And, what that ultimately translates to is a significant amount of work that can prove detrimental in your efforts to build a viable open-source web app SSO implementation.

Plus, there is another issue with the more traditional web app SSO category that needs to be considered. Web-based applications aren’t the only “new”, modern resource to cause trouble for Active Directory. Between the rise of Mac and Linux and cloud infrastructure, most IT admins are looking beyond the typical AD and IDaaS setup altogether

Instead, they want a solution that can provide their users with a central identity that they can use to access far more IT resources than just Windows-based resources and web apps — including systems, legacy apps, file servers, and networks. This approach is much broader than traditional IDaaS/SSO platforms and the solution turns into a core cloud identity management platform. 

Open-Source SSO Options

If you do only want SSO across your organization’s web apps and you want to add another one-off solution into your IT environment, there are now some open-source single sign-on point solutions available on the market. A few of these options are: IdentityServer, KeyCloak, CAS, Authelia, and WSO2. Generally, these open-source SSO platforms utilize protocols such as SAML, OAuth, OpenID, or similar.

The issues with these solutions are: 

  • The limited functionality they offer
  • The level of knowledge needed to set up, configure, and manage them; and,
  • The fact that they often need to be added into an IT ecosystem on top of all of the other existing tools. 

There is still a lack of viable options in the open-source SSO space, and over time, as things continue to change across tech and the overall IT landscape, admins will keep searching for comprehensive tools to implement that solve multiple problems all in one place while also providing room for scaling. 

Point solutions and open-source solutions can be tough to manage, especially as the list of the tools your organization uses grows exponentially. This is where the JumpCloud Directory Platform comes into play — not only can it function as your cloud-based core identity provider, but it also comes with built-in SSO capabilities with pre-configured connectors for virtually all of the business applications that you use.

A Better Approach than Open-Source Single Sign-On

A Better Approach Than Open-Source Single Sign-On

This cloud IdP solution is not only cost-effective, but it’s also extensive. JumpCloud® provides end-users with one identity that can be used to access virtually all of their IT resources. Rather than adopting an open-source web app SSO point solution, with JumpCloud, a user can use a single set of credentials to access their system (Mac, Linux, or Windows), legacy applications like JIRA, web-based applications such as Salesforce, physical and virtual file storage (NAS devices, Dropbox), as well as wired and WiFi networks. We call this solution True Single Sign-On™.

Users get to enjoy frictionless access to virtually all of their IT resources, and IT admins gain some peace of mind because their environment is securely managed. Further, JumpCloud’s modern approach to a cloud identity management solution is broad enough to cover not only centralized user management and True SSO, but also: 

Try JumpCloud Single Sign-On Free

Test out the JumpCloud Directory Platform and its full functionality, including single sign-on, for free for up to 10 users and 10 devices. All you have to do is set up a JumpCloud Free account to get started. We also have 24×7 in-app chat available for the first 10 days where you can ask any questions that arise or provide comments to us about your experience!

Continue Learning with our Newsletter