SSO & IdP Management
Traditional Passwords Are Terrible. There’s a Better Way.
SO & IdP Management: Keeping your business’s data and systems secure is of the utmost importance. Of course, so is giving your employees, vendors, and other contacts the access they need — without creating frustrating hoops to jump through or glaring security concerns in the process.Get In Touch
The legacy method of internet authentication relies on two pieces of information: a username and a password. This system caught on early and became ubiquitous, but that doesn’t mean it’s a good system.
The truth is, the traditional username-and-password system is riddled with flaws. End users typically have over a hundred unique accounts to keep track of, and they’re told they should use unique, complex passwords for each one. But doing this is extremely difficult: most people can’t keep track of more than a handful of relatively simple passwords before they start getting confused.
So what do they do? They reuse their passwords across multiple sites, and they create too-simple, easily compromised passwords. Or they store all those passwords in an unprotected file, or even on a sheet of paper next to their computers.
The traditional password system is hard for users to use properly and easy for attackers to exploit — either by physically gaining possession of unsecured credentials or by breaking passwords using black hat tools.
New Technologies Aim to Fix the Problem
Given the frequency and scale of data breaches and other business attacks perpetuated through stolen or cracked credentials, it’s no surprise that numerous technologies are targeting the traditional username + password system.
Some, like two-factor or multi-factor authentication (2FA or MFA), aren’t exactly new. MFA has been in place at enterprise businesses for multiple decades, but only in the last decade or so have these methods gone mainstream.
Now, a new generation of identity protection security tools and strategies is taking hold, including single sign-on (SSO) and passwordless.
Here at Advisory, we recommend an SSO approach for many of our clients. It’s not the perfect solution for every environment, but it’s a smart choice for many office environments (including virtual and hybrid workplaces).
Single Sign-On (SSO) Explained
So what’s the user experience like with single sign-on (SSO)? How does SSO work, technically speaking? And how does it keep your business secure?
The specifics are complex and deeply nerdy, but here’s a high-level overview.
When your business implements SSO, users will gain the ability to access multiple applications and secure websites by using a single set of credentials. And in most cases, the user won’t have to log in every single time on every single app or site. A single sign-on will be sufficient for a particular period of time on a specific device.
SSO will generally create a faster login experience with less friction, letting your team members focus on their work rather than their account credentials. This is the case even in higher-security SSO implementations that may require an especially complex password or another factor of authentication (like a one-time code or one-time password).
By eliminating the need for frequent, repeated logins with a random assortment of credentials, SSO will improve the user experience for your team members.
How SSO Works
[[please check for accuracy]] SSO relies on certificates to create trust relationships between an application or website and a user (through a partner like Okta or Google). Once a user does what’s necessary to prove identity, the user’s device is awarded a certificate. Then, when the user navigates to an included site or app, the site or app looks first for that certificate rather than a traditional login credential.
If the service finds an appropriate certificate, access is granted, since identity has already been established. If it doesn’t find that certificate, the service will prompt the user to log in and authenticate. Once the user does so, trust is established, and the certificate gets created.
So, on a very high level, the difference is this: Traditional credential systems ask the user, “Do you know the right pieces of information?” and either grant or deny access based on the answer. With SSO, the system asks the user’s device, “Can I trust you?” If it finds the right certificate (trust), it grants access. If it doesn’t, it requires the user to establish that trust.
How SSO Keeps Your Business Secure
Some implementations of SSO continue to require a password. But because your team members will only need to remember a single credential (rather than unique ones for a variety of locations), you can insist on much more complex passwords. SSO systems can also require another form or form of authentication for the initial sign-on, making them technically 2FA or MFA systems, and adding another layer of security.
Beyond these methods, SSO enhances security by forming trust relationships. By better-establishing user identities upfront, SSO increases the likelihood that the right people are accessing the right systems — not just whoever gained access to a set of credentials.
Increased Security, Increased Ease of Use
The end goals of an SSO implementation are twofold: increased security and increased ease of use. You want to encourage, not discourage, your users to practice good identity and password hygiene, and you want your systems more secure, not less.
A proper SSO implementation can help you achieve both of these goals.
Our Top SSO Partners
At Advisory, we partner with some of the top providers of SSO. Depending on your company’s needs, we’ll configure you with one or more of the following solutions: