Single Sign-On (SSO) And Federation

By Rajat Bhargava Posted May 11, 2016

The concepts of single sign-on and federation are often used together, but they are distinct. They are discrete in most respects because of how the identity management landscape has evolved over the last decade and a half. That market evolution has largely occurred because of fundamental changes in the IT industry. Over fifteen years ago, web applications were just emerging and cloud infrastructure was still in its infancy, so much so that it was not even called cloud infrastructure. Other changes, such as the rise of Apple Macs and Linux platforms, had yet to occur. Additionally, the evolution of mobile devices hadn’t really begun; they were essentially just phones. As a result, the network was largely based on Microsoft Windows and behind the firewall.

How Federation is Similar to a Mix and Mingle

How did the concept of federation come about? It happened as organizations began to talk to each other through users accessing systems on different networks. Without the open Internet, those communications were mainly over private networks. Since communication was now over the public Internet, there needed to be a model of trust and identity. Early on, federation was a significant step toward organizations trusting each other and their users. Today, the concept of federation could easily extend to one organization leveraging SaaS applications from another. Applications and infrastructure that used to be hosted internally are now cloud based and provided by a third party.

Single Sign-On Seeks a Mate, Too

Single sign-on is a closely related concept, yet there are some differences. Single sign-on refers to the ability to use a single identity source or set of credentials to login to a wide variety of IT resources. Those IT resources have typically been web applications, since the web app SSO vendors have been the ones to promote this concept. SSO could actually extend much further than just web applications to include devices, systems, and networks. While the concept of federation is granting access between organizations, the concept of SSO is the access itself. It seems the same to the user, but it is slightly different to the IT organization.

Directory-as-a-Service® Unites Single Sign-On and Federation

In the cloud era, the two concepts are starting to merge and resemble each other. A True Single Sign-On™ system in a modern cloud-forward organization is leveraging a single set of credentials to access a wide variety of IT resources, including the user’s device, cloud servers, web applications, legacy on-prem applications, and WiFi networks. Interestingly, many of these IT resources are provided by third parties, so the concept of federation can be applied. The integration of these two concepts is practice in solutions such as Directory-as-a-Service (DaaS). In case you haven’t heard, DaaS is a cloud-based directory service that is connecting users to virtually all of their IT resources.

Find Your Perfect Directory Service Partner Today

If you would like to learn more about SSO and federation, drop us a note. We’d be happy to discuss with you how JumpCloud’s Directory-as-a-Service platform is leveraging those concepts to create a modern cloud directory service. Or, you should feel free to try JumpCloud’s Identity-as-a-Service platform for yourself. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts