Product
Kenisha Liu
Aug 11, 2023
According to a recent Verizon Data Breach investigation, 70% of employees will reuse their passwords at work. And a staggering, 81% of data breaches are caused by weak passwords. Single Sign On reduces the risk of data breaches by making it easier to enforce strong password policies and lowering the number of passwords users need to remember.
In this article, we will explore the history of Single Sign On to understand why it’s so important, common concerns of SSO and how to address them, and the many benefits of SSO.
A Brief History of Single Sign-On
In the early days of computing, each system had its own authentication method. However this was a huge inconvenience to users and increased the risk of breaches. As computer networks expanded, it became obvious that there was a need for a solution.
The beginnings of SSO appeared in the 1990s with the concept of federated identity management. Other technologies developed along the way to enable seamless authentication across systems like SAML or OAuth.
Single Sign-On was first significantly used in enterprises as they had employees who needed access to multiple internal systems or third party applications. Commercial vendors then began offering SSO products as demand grew.
Other developments exacerbated the rise of SSO and its wide application today. This includes the growth of cloud-computing and web based applications, the demand for social SSO as mobile devices became ubiquitous, and Covid and the rise of remote work increasing security risks and breaches.
Why Don’t People Use Single Sign-On?
Single Sign On offers numerous benefits, but there are a few reasons why some individuals or organizations may choose to not use it. Let’s identify and address some of the most common worries people have around SSO:
“SSO is complex requires a large implementation effort”: Implementing SSO can require some upfront effort or technical expertise which can deter organizations from adopting SSO.
Solution: Modern SSO solutions have user-friendly interfaces and provide comprehensive documentation and support. It is quick and simple to deploy and many of today’s SSO tools have built-in integrations to thousands of popular apps. This means that IT teams no longer have to worry about configuring or installing SSO.
“I don’t want to depend on an SSO provider”: Adopting SSO means relying on a third-party SSO provider. Some organizations may hesitate to entrust their authentication and access management process.
Solution: When choosing an SSO provider, as with working with any third party, organizations should thoroughly assess their security practices and compliance. There are many well-established providers like Google, Microsoft, and Okta, that reputable companies rely on that have a proven track record to alleviate concerns.
“SSO introduces a single point of failure”: If the SSO system experiences a technical issue, users can lose access to multiple applications or services. This potential disruption can be enough to make organizations more cautious about relying on SSO.
Solution: The reality is that users already are a single point of failure. Having one user juggle multiple credentials is far more dangerous to security than implementing an SSO. That is because users often resort to recycling passwords or not following good password practices. SSO eliminates this, making it easier for users and companies to be secure.
“It's the same as a password manager”: Password managers are a cheap and easy way to protect passwords and they also enable users to access many platforms with a single log-in.
Solution: It is true that both allow users to log in from multiple platforms from one log-in but Single-Sign On is a much more powerful, secure solution. Password managers are like safes that keep credentials for many apps and websites with one password. This still requires a password to protect other passwords and offers a potential entry point for a hacker. And as such, many password managers will use Single Sign-On to verify when logging in anyways.
In contrast, SSO solutions use user verification and authentication to protect passwords. This makes it safer and easier when logging into mobile apps as well.
“I don’t trust SSO”: While SSO enhances security, some people have concerns around the security of the SSO infrastructure itself. Organizations may believe that potential risks of a compromised identity provider outweigh the benefits.
Solution: To mitigate concerns, organizations should encourage and provide user education and training. Communicating the benefits of SSO to users, addressing concerns, and providing clear instructions on how to use Single Sign-On can increase user acceptance and adoption. Single Sign On education programs will demonstrate the convenience and improved security of SSO.
“SSO has no compatibility to my systems”: Organizations that rely on legacy systems will face challenges integrating them to modern SSO solutions. Legacy systems might not support the SSO implementations.
Solution: Organizations can consider the feasibility of integrating their legacy systems with SSO solutions with custom connectors or adaptors. Perhaps this could also be a sign to upgrade or replace legacy systems with a modem alternative. This is a larger investment and effort but provides long-term benefits.
In cases where it is not feasible to integrate SSO or upgrade legacy systems, organizations can consider maintaining a dual authentication process. Users can utilize SSO for modern applications while continuing to use traditional login methods with legacy systems. Although organizations wouldn’t experience the full benefits of SSO, it allows them to continue to use legacy systems, while leveraging SSO wherever they can.
“There will be friction in the user adoption and experience”: Introducing SSO can require users to adapt to a new login process and potentially re-authenticate themselves across various systems. This transition can cause some confusion, resistance, or slow down practices.
Solution: Organizations that foresee an issue in the user adoption should adopt a gradual approach to Single SIgn On implementation. This can begin with non-critical systems and expand usage to more and more sensitive areas. This allows for testing, addressing any challenges, and gaining user confidence along the way.
SSO Tax
Additionally, for small/medium sized businesses, there is a perceived frustration around Single Sign On called the "SSO tax". For a lot of SMB businesses, if they want to use a cloud app cheaply, the vendor of that cloud app might not allow basic users to integrate with SSO unless they upgrade to their enterprise tier of the cloud app.
Thus, many small/medium sized businesses want the benefits of SSO but they don't want to pay exorbitant fees for the "privilege" of using SSO. This is why many security operators refer to it as the "SSO tax"
If you are experiencing any of these, you can consider other options to workaround “SSO Tax”. This can include requesting negotiations from the vendor, using proxy-based solutions to intercept and manage user authentication requests, exploring third party integration solutions, or evaluating alternative cloud apps that won’t charge.
The Benefits of Using Single Sign On
Single Sign On offers several benefits for both users and organizations. They include:
Improved user experience
Increased cyber security
Simplified access management
Increased visibility
Cost savings
Improved productivity