Over the years, the term single sign-on has come to mean a number of different things. Lately, the definition of SSO has gravitated to be the one set of credentials you use to login to your cloud-based applications.
That’s not really single sign-on. Your on-premises devices, applications, and network access have one method to sign-in while your cloud applications have another. Your cloud-based server infrastructure, yet another.
We got to that definition, because we couldn’t actually build a True Single Sign-On™ solution that works with everything that a user within an organization needs. From the user’s perspective, this version of “single sign-on” is actually single sign-on to each silo. Generally each of these silos translates to not only different sets of credentials, but different policies as well – specifically password complexity, rotation, and multi-factor requirements.
Single Sign-On Starts and Ends with the Directory
Unfortunately, the reason we have a narrower view of SSO than what was previously envisioned many years ago is because the identity management market dynamics could never let us get there.
Microsoft’s on-premises Active Directory solution has been the core directory for millions of organization and primarily has served Windows-based networks. As organizations started to add multiple operating systems into their network, expanded to Google Apps, and leveraged cloud infrastructure, AD started to manage less and less of the environment. And, many of the new IT resources didn’t connect back to AD in an easy or seamless manner.
So, IT started creating multiple IT silos and that’s how single sign-on got its new definition, which really translates to web application single sign-on.
‘True Single Sign-On™’ and the Future of Single Sign-On
The last few years in the identity management space have been ones of significant innovation. One of the most important ones has been to create the concept of ‘True SSO’.
In this approach, there is only one set of credentials that are needed to access virtually anything that a user might need. Devices. Applications. Networks. Located anywhere and on any platform. That’s a tall order, but it’s worth it. True Single Sign-On™ is the holy grail for IT organizations. It simplifies an end users’ life and allows them be more productive. The end user spends far less time worrying about how to access IT resources and more on just using whatever tools they need to do their job.
For IT admins, the concept of True SSO is massively beneficial too. It centralizes control, increases security, and reduces support time. The only reason IT organizations haven’t pursued it is because they thought that it was impossible (mainly due to the heterogeneous nature of IT today). There are just so many different platforms and protocols that need to be supported, how could one identity management platform do it all?
The key to achieving True Single Sign-On™ is to have a cloud-based directory, built from the ground up to authenticate and manage the plethora of resources in play at the modern office.
JumpCloud’s Directory-as-a-Service is just that. DaaS is focused on integrating a variety of different platforms and protocols into a cloud-based directory service. The result is a True SSO solution that centralizes a user’s access to devices, applications, and networks with one set of credentials.