The Single Sign-On (SSO) market has been flourishing, so of course Google Identity-as-a-Service recently included the functionality for Single Sign-On to their platform that integrates with a few select web applications. With this new functionality, is Google IDaaS a True Single Sign-On™ solution?
In order to answer this question, let’s take a step back and understand what True Single Sign-On is.
Single Sign-On was Possible in the Past
Historically, the workplace consisted of on-premises networks and IT resources with a Microsoft ecosystem. This formula resulted in Mircosoft creating a solution to control user access to Windows systems and applications – Active Directory (AD). Active Directory was introduced in 1999 and has become the dominant directory services platform since then. AD enabled a user to login to their machine and connect to the entire on-prem network, and the domain controller would then grant them access to the on-prem IT resources that they were authorized for including systems, applications, files, and the network itself. Effectively, it was the first incarnation of single sign-on.
Then, the IT landscape significantly changed, and that one Windows login no longer enabled access to all of their IT resources. The cloud changed where users accessed networks, files, and data; web-based apps were introduced; and Windows systems lost ground to Mac and Linux systems. Microsoft wanted to keep users within their domain, so they have made it difficult to connect users to these new types of resources.
A Comprehensive SSO Solution is Still Missing
Web application SSO providers emerged in response to the dramatic rise in web applications. These first generation SSO solutions have enabled users to sign in to a large variety of web-based apps with one set of credentials. But, SSO providers have only bridged part of the gap. Users are still left using a different set of credentials for accessing Windows, Mac and Linux systems, on-prem applications, cloud and on-prem services, files and data, and networks.
Google’s Identity-as-a-Service takes this first generation approach to SSO. Unfortunately for most IT organizations that’s just not enough. The problem with multiple identities is their deteriorating effect on security within an organization. First, having multiple credentials tempts users to reuse passwords or use passwords that are easy to remember and easy to crack. Second, it becomes harder for IT to maintain control over the different identities an employee might use to access their resources. When that employee leaves, how does IT really know they deprovisioned that employee from every resource they had access to?
As organizations move to the cloud, mixed platform environments, and various networks and storage systems, they need a cloud identity management platform that can connect all of those resources together, and offer True Single Sign-On.
A True SSO Solution has been Found
Directory-as-a-Service® (DaaS) is a True Single Sign-On platform for today’s modern cloud world. As a virtual identity provider, DaaS securely manages and connects users to systems, applications, storage, and networks. Additionally, our True Single Sign-On solution can strengthen your identity security with features like Multi-Factor Authentication (MFA), password management, and event logging API’s.
You can learn more about IAM best practices and pitfalls with this webinar that discusses next generation IAM strategies. You can also reach out to us, if you are ready to learn how you can start implementing True Single Sign-On with Google cloud identities in your IT environment. Need a little more convincing? Start testing True SSO and our other identity security features in your environment by signing up for a free account. Your first ten users are free forever.