{"id":12545,"date":"2021-11-17T09:00:39","date_gmt":"2021-11-17T14:00:39","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=12545"},"modified":"2024-01-29T14:33:18","modified_gmt":"2024-01-29T19:33:18","slug":"sso-isnt-identity-management","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/sso-isnt-identity-management","title":{"rendered":"SSO Isn’t Identity Management"},"content":{"rendered":"\n

In the world of identity and access management (IAM), single sign-on (SSO)<\/a> continues to be one of the most popular tools used by organizations all over the world. There are approximately 15,000 SaaS companies in the United States alone \u2014 with thousands more in other countries (Statista)<\/a>. Based on this, it\u2019s safe to say there are more web-based applications available than IT admins and users know what to do with. It also explains the interest in SSO and identity management.<\/p>\n\n\n\n

However, it\u2019s important to know the differences between SSO and IAM. SSO is one important subset of IAM, but it does not make for a complete IAM strategy on its own. Yet, many organizations only use single sign-on to connect end users to web applications in their IT environment and call it an identity management strategy, which is incorrect. If anything, it\u2019s a fragmented identity management strategy, and every resource aside from web applications is left unmanaged (or managed with different, unconnected solutions). Whereas, a complete IAM strategy involves understanding, controlling, and managing user identities and access to all IT resources holistically.<\/p>\n\n\n\n

In this article, we\u2019ll discuss what SSO and identity management are and how SSO became a part of IAM. We\u2019ll also dive into what questions to pose to make an informed decision on whether your organization only needs SSO or if a more comprehensive IAM solution is needed, as well as what a modern, cloud-based IAM solution looks like.<\/p>\n\n\n

\n
\"single<\/figure><\/div>\n\n\n

What is SSO, Really?<\/h2>\n\n\n\n

Single sign-on is popular, and for good reason, but it doesn\u2019t quite live up to its name. Single sign-on sounds like<\/em> a tool that enables a user to access every resource they need via a single (successful) sign-on attempt. But this isn\u2019t actually the case \u2014 the first generation of single sign-on providers created SSO solutions that simply extended identities from a separate directory (typically Active Directory (AD), but could be any core directory service) to web applications. Therefore, we more aptly refer to these tools specifically as web app SSO<\/strong> tools, which describes exactly what they are. <\/p>\n\n\n\n

Web app SSO is also seen as the equivalent of first generation Identity-as-a-Service (IDaaS)<\/a> solutions, which is another misnomer because these solutions don\u2019t own identities. Rather, the core directory that the web app SSO solution is layered on top of is what actually houses and manages identities. And, since web app SSO tools are typically layered on top of a directory, it means you\u2019ll need to purchase and manage multiple tools to make a solution like this work.<\/p>\n\n\n\n

What is Identity Management?<\/h2>\n\n\n\n

Identity management, or the more comprehensive term identity and access management<\/a>, ensures that users have access to only the IT resources that they need, and only after first being verified and authorized to do so. <\/p>\n\n\n\n

It is too easy for bad actors to breach a user\u2019s identity, especially when it isn\u2019t managed well. Proper identity and access management is the key here, because it builds in security, oversight, and management of both identities and access.<\/p>\n\n\n\n

You essentially have two options when it comes to IAM solutions:<\/p>\n\n\n\n

Option 1: <\/strong>Manage a variety of tools that are layered on top of one another to handle each aspect of IAM. Keep in mind that this traditional approach often gets costly and out of hand if too many tools are added into the mix. These disparate tools can include:<\/p>\n\n\n\n