JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Does SSO Equal Good Security?



Identity compromises are a major issue for IT organizations. More breaches have been caused by compromised credentials recently than ever before. This spate of breaches has many IT organizations thinking hard about how to protect their users.

One common tool that many IT organizations are leveraging is web application single sign-on. So, the question for IT admins becomes, does SSO equal good security?

Sending Out an SSO

sso-security

In many cases, an SSO solution can be considered a security solution. However, it isn’t a black-and-white issue.

For web applications that leverage SAML as the authentication protocol, there is a good chance that their security has been stepped up. In general, SAML integration works on assertion rather than a username and password concept. That assertion is being made by the identity provider to the service provider (in this case the web application). The identity provider is ensuring that the user is who they say they are, so the service provider ends up relying on that. The stronger that an identity provider can make the authentication process, the better it is. For example, adding multi-factor authentication steps up the authentication process.

While this is true for web applications that leverage SAML, many more actually still use passwords. Those passwords end up being stored in a vault with the SSO provider. The passwords are stored either on the person’s machine or in the cloud. When the user decides to log into the site, the SSO solution enters the password for the user. While this is convenient for the end user, it doesn’t really solve the problem of making everything more secure.

JumpCloud® Answers The Call

true single sign-on SSO

A new concept in the Identity-as-a-Service world is starting to emerge. Called Directory-as-a-Service®, the solution is delivering on the promise of a True Single Sign-On solution. As a central, authoritative directory service, the goal is to let IT control user management to applications, systems, and networks. The core identity provider leverages a wide variety of protocols, including SAML, LDAP, SSH, RADIUS, and REST. In addition, the platform never stores a password that can be reverse engineered. Credentials are stored as a one-way hash and all communication is over mutual TLS. For enhanced security, multi-factor authentication can be implemented on Mac and Linux systems and on the user console, which enables access to applications.

The concept of True Single Sign-On also is complemented by the ability to log authentication events. These events can help detect compromises across the infrastructure.

True SSO Does Equate to Good Security

If you would like to learn more about how an SSO solution can increase your security, drop us a note. Or please try our Directory-as-a-Service platform yourself. Your first 10 users are free forever.


Recent Posts
Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Blog

Introducing the JumpCloud Windows App for Workflow Simplicity and Security

Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Blog

Which Protocols Should Be Used for IAM?

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.

Blog

Breaking Down the Domainless Enterprise

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.