By Cassa Niedringhaus Posted November 5, 2019
Where SSO solutions once connected employees solely to web applications, these solutions now connect employees to all the resources they need, including systems and networks.
Regardless of the single sign-on solution an organization uses, though, SSO increases the organization’s flexibility, time management, and security.
Evolution of SSO
What we think of as the first generation of IDaas (Identity-as-a-Service) platforms emerged in the late 2000s as web application single sign-on solutions.
These solutions enabled IT admins to maintain their core, authoritative directory — typically Microsoft® Active Directory® — in on-prem servers. With SSO, admins federated their AD identities to web applications, rather than recreating each identity in each application. This meant less work for IT admins, easier access for employees, and increased security.
Originally, SSO solutions were designed as a way to extend identities to web applications, but some now expand beyond applications to include other resources. As any employee knows, web applications comprise only one portion of the tools they use each day. They also access files, networks (i.e. WiFi/VPNs), and systems (Windows®, Mac®, or Linux®). Unbeknownst to end users, they use a variety of protocols and mechanisms, including LDAP, SAML, and RADIUS, to do so.
Organizations now have the choice of layering a modern approach to SSO on top of their on-prem directory or integrating it into a comprehensive cloud directory. Stack Analysis acknowledged this dichotomy in a research brief and recommended IT admins take stock of their organizations’ approach to identity management in selecting their SSO path.
Does an organization evolve its legacy architecture because of the enormous amount of time and work already invested to integrate a solution into the existing IT environment, or does it make a break from the past to a modern, cross-platform solution? This decision is often epitomized by the direction IT organizations take when it comes to identity management.
In either choice they make, IT admins find numerous benefits in SSO, though.
Benefits of SSO
Flexible and Customizable
With an SSO solution, IT admins leverage a portal for employees to access their authorized applications. This increases flexibility because admins can create groups and automate access management with tailored permissions for each employee depending on their role, location, department, and other factors. With a click, admins can change access settings for groups and applications.
SSO solutions also come with pre-built connectors to popular applications, as well as generic connectors for admins to mold for applications outside that scope, including ones that are less common or proprietary.
With new SSO solutions, admins can also connect employees to all their resources with one set of credentials. Then, an employee can use their credentials, for example, to log in to their laptop, WiFi, and applications. This True SSO™ approach enables end users to leverage the IT resources they need and IT admins to maintain control.
IT admins will save time by using SSO because it enables them to use groups to scale their actions, reduce the number of password tickets they answer, and implement just-in-time (JIT) provisioning.
In a year, 1,000 password resets costs even a modest-sized organization an average of $70,000 in IT labor, which an SSO solution can mitigate.
With JIT provisioning, a user isn’t created in an application until they go to log in for the first time, eliminating the need for manual account creation. By automating what is potentially a time-consuming process, admins save time and can dedicate it to other valuable projects.
Further, employees will gain secure access to the IT resources they need without the overhead of forms and approvals for access. They’ll save time, too. They have to remember only one password, and they spend less time logging in to their various resources. Salesforce estimates it takes an employee five to 10 seconds to log in (or longer if they mistype their password), and that adds up as the number of applications an employee uses increases.
These interruptions are more than pesky; they lead to interruptions in workflow and wasted time. LastPass estimates employees waste 36 minutes a month on password activities, so, if a company has 100 employees, that’s 60 hours a month of wasted company time that could be reduced or eliminated with an SSO solution.
Ensure Tighter Security
Because each employee uses only one set of secure credentials, IT admins have fewer credentials to track, monitor, and secure. They can add password requirements, such as complexity and length minimums, and add multi-factor authentication (MFA) to further increase account security.
It’s also easy to onboard and offboard users. Single sign-on means single sign-out, too.
Beyond that, SSO reduces an employee’s motivation to circumvent IT processes for application access (known as shadow IT) because access is streamlined. It also disincentives employees from using variations of a password across their accounts or using weak passwords just because they’re easy to remember. This added security wards against possible breaches, each of which cost an average $3.92 million last year.
JumpCloud True SSO
With JumpCloud® True Single Sign-On™, IT admins connect employees to virtually all of their resources with one set of credentials. Contact our team to learn more or give it a try for yourself. Your first 10 users and systems are free forever.