By Zach DeMeyer Posted August 8, 2019
The single sign-on (SSO) space is heating up the whole identity and access management (IAM) industry. With many vendors, new and old, flooding the scene, IT admins have a lot to consider with regards to SSO. But, while some are evaluating options like Okta vs. OneLogin, savvy IT admins are looking at SSO more holistically, analyzing the overall benefits and risks of SSO before deciding on a vendor. As such, we’ve curated a list detailing some SSO pros and cons to help you make your decision.
What is SSO?
Before we dive right into the pros and cons, though, let’s discuss SSO at a high level. Single sign-on, which can also be classified under the umbrella of Identity-as-a-Service (IDaaS) by industry analysts, generally uses the SAML (Security Assertion Markup Language) protocol to verify access to service providers via a core identity provider. These service providers are most often applications delivered “as-a-Service” from the web.
The Pros of SSO
- Simplifies password management: A core benefit of SSO is that, as a solution, SSO eliminates much of the tedium of managing user passwords. Ultimately, with SSO, IT admins only need to make sure their users are being managed at the identity provider (IdP) level with their directory service.
- Increases admin control: With SSO, IT admins can have better visibility as to what apps their end users are using, meaning fewer chances for shadow IT and other potential risk factors flying under the radar.
- Increases speed for critical log in processes: The average employee spends 36 minutes a month solely entering passwords. While it may seem insignificant, when password entry stands in the way of split-second action, as needed in fields such as healthcare or law enforcement, SSO ensures instant access.
- Reduces security risks: SSO eliminates the need for multiple passwords, meaning fewer attack vectors as a whole for bad actors. This means less risk for your affiliates (partners and customers) as well as your organization.
- Reduces password fatigue: Password fatigue can drive even the most vigilant employee towards complacency. Eliminating password-based log ins with SSO tackles the heart of password fatigue by distilling credential verification to the SAML protocol and process.
- Decreases help desk requests: The average password request costs $70 in help desk labor cost. Since SSO greatly simplifies password management, it takes much of the burden off the shoulders of IT help desks, saving time and money.
The Cons of SSO
- Costly/Best at scale: Simply put, SSO can get expensive, fast. For smaller companies, while SSO can provide great benefits, it can also become a burden on budgets.
- Requires IdP: The backbone of any SSO solution is an IT organization’s IdP/directory service. Of course, like SSO, these can become costly for organizations, both in overhead required for set-up and implementation, as well as the overall toll to the pocketbook.
- Mainly limited to web apps: IAM is a massive field, spanning much of the responsibilities of IT. Managing access to web apps with SSO is only a small portion, meaning IT admins need to employ a whole host of solutions alongside SSO.
- Requires extra-strong passwords: While end users only need to remember a single password for SSO, it is best if that password is long, complex, and well-protected. Although this is generally a boon for identity security as a whole, it also opens up the possibility of a user forgetting or compromising this password, nullifying the benefit of SSO.
- If an SSO provider is hacked, all connected resources are open to attacks: Since SSO is linked to many critical resources, if an SSO provider is targeted by an attack, entire user bases will be compromised.
- SSO requires implementation and configuration: Like many IT tools, SSO is rarely “plug-and-play,” meaning IT admins have to put in the required time and effort to integrate and tailor their SSO service to their organization.
- Multi-use computers present a problem: In an instance where there is a shared computer (i.e. conference rooms), the use of an SSO solution can open unnecessary attack vectors in the case that a user forgets to log out.
It is apparent that an SSO solution can bring both benefit and risk to an IT organization. Thankfully, JumpCloud® Directory-as-a-Service® can help avoid many of these cons. JumpCloud is a cloud directory service with SSO services baked directly in, alongside multi-factor authentication, system management, user access management beyond solely apps, and more included as well. JumpCloud provides a True Single Sign-On™ experience to organizations, where one password can provide a user access to virtually all of their IT resources.
With JumpCloud, IT admins can forego much of the work and costs involved with implementing SSO on top of a directory service while still reaping all the benefits. If you are interested in seeing how JumpCloud SSO works, you can schedule a demo to see Directory-as-a-Service in the hands of an expert. You can also sign up for JumpCloud to start using the product for yourself, absolutely free. Please contact us to learn more.