What Is Single Sign-On (SSO) & How Does It Work?

What Is Single Sign-On (SSO) and
How Does It Work?

It’s time to kill the username and password.

Or, at least, it’s time to reinvent the old username+password system.

The traditional authentication method is easy to breach and frustrating to use, leading to bad habits like password reuse and relying on simple, easily stolen passwords.

Several new technologies are taking hold now that improve the traditional username+password approach — or replace it altogether.

One of these new approaches is called single sign-on, or SSO. Here’s what you need to know about this method, plus how it helps your business.

What Is Single Sign-On (SSO)?

Single sign-on (SSO) is a new generation of authentication that uses more complex and contextual methods to establish trust relationships, greatly reducing users’ reliance on username and password combinations. SSO allows users at a business to log into multiple services using a single set of credentials and typically allows a single sign-on instance to be sufficient on a single device for a set period of time.

So, in practice, this might look like a user signing in to one website or service. But subsequent sites and services don’t require additional logins during a work session — the single sign-on at the original location is sufficient to establish identity (along with lots of behind-the-scenes tech that also helps to verify identity).

That single login could be a traditional username and password combination, or it could be a more secure login using two-factor authentication (2FA0 or multifactor authentication (MFA)).

The overarching point, though, is that users need to complete just one sign-on for a certain period of time. This reduces friction for your users and can indirectly encourage adoption of better password practices (including MFA) since users only have to input those passwords occasionally — not every time they switch services or open a new tab.

How Does SSO Work?

Without going too deep down the rabbit hole, here’s an overview of how SSO works.

Traditional username+password systems establish trust by ensuring you know the right two pieces of information. They ask the user, “Do you know these two things?” and grant or deny access based on the user’s response.

SSO is more complex. When it establishes identity the first time (the single sign-on itself), it’s still basically asking that question — though SSO often requires other identifiers beyond just the username and password.

But once the user establishes identity, SSO does something new: It awards a certificate to the device. Then, on subsequent identify challenges (i.e., attempts to access new services or apps), the system looks for that certificate. If it finds a valid one, it grants access. If not, it pops the user out to the sign-on interface.

So instead of asking, “Do you know the right information?”, SSO asks, “Can I trust this device?”

If the device can provide a sufficient answer, access is granted instantly.

Benefits SSO Delivers for Your Business

An effective single sign-on implementation can deliver many benefits for your business:

  • Increased efficiency (less time spent managing logins)
  • Less friction for end users (better quality of life)
  • Increased security (certificates are much harder to forge than credentials are to steal)
  • Lower friction encourages stronger passwords and 2FA/MFA adoption

Our SSO Providers

Here at Advisory, we strongly recommend the use of 2FA or MFA for all available services. And for many of our clients, SSO makes great sense as well.

We work with established SSO and identity management platforms to implement SSO for our clients. Our top partners include:

  • Okta
  • OneLogin
  • Google SSO

Each of these services has its own set of pros and cons, and the differences can be nuanced. We’re happy to discuss specifics with you to help determine which SSO service is right for you — and if SSO is the right authentication strategy for your business.

Advisory NYC Is Your Partner for Managed IT, Including Single Sign-On

Whatever your business looks like, you need industry-leading IT support that’s tuned to your needs. Advisory is a leading managed IT services and security firm serving greater NYC and beyond. We’re ready to serve you with top-tier managed IT, whether you need full stack support or something more targeted.

Whether you’re an existing client or you’re looking for a better partner, we’re ready to implement SSO for your business now.

Reach out today to see what we can do for you!