{"id":12742,"date":"2021-09-27T11:00:38","date_gmt":"2021-09-27T15:00:38","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=12742"},"modified":"2024-01-29T13:37:19","modified_gmt":"2024-01-29T18:37:19","slug":"open-source-single-sign-sso","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/open-source-single-sign-sso","title":{"rendered":"Your Guide to Open-Source Single Sign-On (SSO)"},"content":{"rendered":"\n

Single sign-on (SSO) solutions are a popular category within the identity and access management (IAM) sector. <\/p>\n\n\n\n

With that, interest in two categories of SSO is rising above the rest: cloud-based single sign-on<\/em> and open-source single sign-on<\/em>. <\/p>\n\n\n\n

Up to 93% of CIOs<\/a> in the SaaS industry report that they are planning to adopt cloud SaaS.  On top of that, average small and medium businesses use 102 and 137 different apps, respectively, and spending growth is outpacing the number of unique apps in use<\/a>.<\/p>\n\n\n\n

These stats lead to two conclusions:<\/strong><\/p>\n\n\n\n

1. Whether they know it or not, IT admins need cloud-based SSO solutions to help securely manage user access to all of these applications.<\/p>\n\n\n\n

2. Single sign-on solutions can get extremely pricey, so it\u2019s no wonder IT organizations are searching for open-source single sign-on alternatives.<\/p>\n\n\n\n

\"man<\/figure>\n\n\n\n

Is Open-Source Single Sign-On (SSO) Worth It? <\/h2>\n\n\n\n

The overall concept of SSO has been extremely valuable to IT admins over the years. Many single sign-on solutions have hit the market and evolved to fit in with today\u2019s modern IT environment. <\/a><\/p>\n\n\n\n

Single sign-on<\/a> provides organizations with improved security, increased room for productivity among end-users, and less login friction and frustration. <\/p>\n\n\n\n

One popular SSO solution on the market is web application SSO. While it does its job well, web app SSO only helps IT centralize user access to one pocket of resources: web applications. Single sign-on platforms out there have been built around this notion of web app SSO, meaning that standalone or open-source SSO solutions might not be the best for an IT environment that houses networks, file servers, systems, legacy apps, or anything else that\u2019s not a web app. <\/p>\n\n\n\n

After all, IT admins want to connect their users to everything that they need with one set of credentials, not just web apps. To understand this further, we need to step back and take a look at the problem the web-app SSO was created to solve. <\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

The Emergence of Web App SSO<\/h2>\n\n\n\n

Before web-based applications surfaced, IT organizations were able to centralize user management solely using Microsoft Active Directory (AD). This was possible because their networks were largely Windows-based and on-prem. But IT lost some of this capability when web-based applications exploded onto the market. <\/p>\n\n\n\n

Users needed to access them, but AD didn\u2019t let you connect to them with the same credentials. Due to this, security at many organizations took a hit, admins had less control over the IT ecosystem, and end-users experienced more login friction than necessary.<\/p>\n\n\n\n

Because of this, a generation of web app SSO providers \u2013 often called IDaaS solutions<\/a> \u2013 emerged to fill this unwanted gap. As they gained popularity, friction emerged in terms of cost, capability, and integration, and thus, the interest in opensource single sign-on solutions developed.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Issues with Creating an OpenSource SSO Solution<\/h2>\n\n\n\n

Unfortunately, web-app SSO doesn\u2019t lend itself well to open source. OpenLDAP<\/a>, FreeIPA, Samba, and other solutions in the IAM world are popular open source alternatives to Microsoft Active Directory<\/a> as an identity provider, but these are not web-app SSO alternatives. <\/p>\n\n\n\n

The challenge with SSO is that there are \u2018connectors\u2019 or plug-ins for each web application and somebody needs to write and manage those connectors. With some SSO providers<\/a> having over 10,000 of them, you can see why the open source category isn\u2019t easily solving this need. <\/p>\n\n\n\n

Even if there is minimal development with an open source implementation, testing of the integration is required. And, what that ultimately translates to is a significant amount of work that can prove detrimental in your efforts to build a viable open source SSO implementation.<\/p>\n\n\n\n

Plus, there is another issue with the more traditional web app SSO category that needs to be considered. Web-based applications aren\u2019t the only \u201cnew\u201d, modern resource to cause trouble for Active Directory. Between the rise of Mac and Linux and cloud infrastructure, most IT admins are looking beyond the typical AD and SSO<\/a> setup altogether. <\/p>\n\n\n\n

Instead, they want a solution that can provide their users with a central identity that they can use to access far more IT resources than just Windows-based resources and web apps \u2014 including systems, legacy apps, file servers, and networks. <\/p>\n\n\n\n

This approach is much broader than traditional IDaaS\/SSO platforms and the solution turns into a core cloud identity management platform.<\/p>\n\n\n\n

\n
\n \"JumpCloud\"\n <\/div>\n
\n

\n Pricing Options for Every Organization <\/p>\n

\n Packages and A La Carte Pricing <\/p>\n <\/div>\n

\n Explore JumpCloud Pricing<\/a>\n <\/div>\n<\/div>\n\n\n\n\n

Open Source SSO Options<\/h2>\n\n\n\n

If you do only want SSO across your organization\u2019s web apps and you want to add another one-off solution to your IT environment, there are now some open source single sign-on point solutions available on the market. A few of these options are: IdentityServer, KeyCloak, CAS, Authelia, and WSO2. <\/p>\n\n\n\n

Generally, these open source SSO platforms utilize protocols such as SAML, OAuth, OpenID, or similar.<\/p>\n\n\n\n

The issues with these solutions are:<\/strong><\/p>\n\n\n\n