SSO 101

By Natalie Bluhm Posted April 11, 2019

SSO 101

The single sign-on (SSO) market is on fire these days. Last month alone, keyword research reveals that SSO had been searched over 40,000 times. You might be wondering, why SSO? Why are people interested in single sign-on, and why should you use it? What’s the benefit? Well the quick answer is that SSO is highly sought after because it greatly impacts security and productivity within an organization. We will dive deeper into these benefits, but before we do, we need to quickly go through an SSO 101, if you will, to understand what single sign-on is and why SSO is needed in the first place.

Single Sign-on 101

What is Single Sign-On?

Single sign-on is the idea that a user only has to log in once to access all of their applications; they don’t have to type their username and password in each individual application. Typically, SSO is delivered via a third-party tool like Okta® or Onelogin, and most are dependent on you having an identity provider (IdP) in place.

How SSO Works

First, an SSO solution needs to be integrated into your existing directory service infrastructure usually using the LDAP protocol. Then, it typically uses the SAML protocol to exchange authentication and authorization information between the identity provider and web-based applications (or service provider in SAML parlance). You’re probably wondering, why do you need a directory service in the mix? Why not just use SSO?

If you are solely using web-based applications in your environment, you might be able to get by with just using an SSO solution. However, the majority of organizations also use systems, file storage, and networks to accomplish their daily work. Since a single sign-on platform focuses centrally on web-based applications, you need a directory service if you hope to centralize user access to the rest of your IT network. Further, SSO solutions have taken their identities from the on-prem directory service already existing rather than being a directory services solution themselves. So, why do directory services need help connecting users to web-based applications in the first place?

Why SSO was Needed

SSO solutions emerged in the early 2000’s because web-based applications started to populate the workplace. You see, identity providers at the time couldn’t natively support user access to these online resources. The leading choice (Microsoft® Active Directory®) was built to centralize user access to primarily on-prem Windows®-centric resources like Microsoft Office®, Outlook®, Windows systems, and others. Manual user management for web-based applications was an option, but users got bogged down with hundreds of credentials. Meanwhile, IT admins faced time sinks and less control and security. As a result, many organizations have been flocking to single sign-on solutions ever since they surfaced. So how does SSO help?

Benefits of SSO

The main benefit organizations experience is providing end users with one set of credentials to access all of their web-based applications. Doing so increases productivity and security. For example, end users don’t have to waste half an hour each month just getting access to their online tools, and IT admins only have to spend minutes each week on managing user access to web-based applications instead of hours. When it comes to security, IT admins can centrally enforce password requirements across all of their IT resources used in their organization, and they can know for certain only the right people can access the right applications. These are just a couple of the benefits that have led to single sign-on solutions blowing up in recent years.

Is Single Sign-on Right for you?

While SSO can be a powerful addition to your IT network, truth be told it’s really not the best solution for everyone. Single sign-on is for you if you mainly leverage Microsoft IT resources with web-based applications in the mix.

However, the IT landscape has continued to evolve since web-based applications came on the market. In recent years, many companies have come to use the following tools to get work done: Mac® and Linux® systems, cloud infrastructure (eg., AWS®, GCP™, Azure®), virtual and physical file storage, and wireless networks.

If you use any of these new IT resources, you really don’t need an SSO solution. Instead, you need a different directory service because these new tools also don’t fit in with the Microsoft paradigm that AD requires. Consequently, you’ll end up needing more than just Active Directory and web application SSO to gain control. You’ll also need add-ons like identity bridges, MDM solutions, VPNs, and more. Not only is this expensive, but the benefits you experience with an SSO solution are diminished. End users still end up with multiple credentials, which increases the amount of time they have to spend just logging in to their IT resources. IT admins on the other hand are stuck with a piecemeal identity management approach that is cumbersome to manage.  

If you think you belong in the camp that needs more than AD and SSO to solve your identity management needs, the good news is the directory services market is finally changing thanks to a solution called JumpCloud® Directory-as-a-Service®.

Going Beyond SSO with JumpCloud

JumpCloud is a next generation identity provider that is securely connecting users to virtually all of their IT resources regardless of protocol, platform, provider, and location. This includes the following:

  • Systems: Windows, Mac, and Linux
  • Servers: Windows and Linux, in the cloud or on-prem
  • Applications: G Suite™, Salesforce®, Jenkins, Atlassian®, Kubernetes, etc.
  • File Storage: Dropbox, G Drive, NAS appliances, and others
  • Networks: wired and wireless

By managing all of the above in JumpCloud, you can give your end users True Single Sign-on™; it’s the ability to use a single identity to connect to everything they need to Make Work Happen™, not just web-based applications. In addition to benefiting end users, you can streamline user and system management so that you have more time in the day for project work. That’s the beauty of using a cloud-forward identity provider.

Find Out More

Hopefully this SSO 101 post was the starting point you needed to learn about single sign-on. If you still have some questions, drop us a note. We’ll gladly get you the answers that you need. For those who are interested in testing True SSO with JumpCloud, watch the Getting Started video below, and then sign up for a free account. Your first ten users are free forever.

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

Recent Posts