1. Single Sign-On
Single Sign-On (SSO) is the ability to log into an app (cloud-based, on premises, or mobile app)
every time using a single/federated identity. For consumers this identity can be their social
media identity, such as Facebook or Google, while an enterprise identity is typically the user’s
Active Directory ID. Without SSO, users need to remember complex passwords for each app.
Or worse, they use common or easily remembered (i.e. weak) passwords. For users, the result
is a frustratingly fragmented workflow, which can include signing into dozens of different apps
during the workday. For IT, the problems of too many passwords, or insecure passwords, are
obvious—with a costly data breach ranking at the top among concerns. A properly architected
SSO increases both user productivity and corporate app security.
So what should you look for when deploying SSO? At the simplest, a solution should enable
you to improve end-user satisfaction and streamline workflows by providing a single identity
to access all business apps — whether the apps reside in the cloud, or on-premises behind
your firewall. It also needs to unify and deliver access to apps from all end-user platforms—
desktops, laptops and mobile devices.
In a properly architected system, once users authenticate by logging in with their enterprise ID
(e.g., Active Directory) they should enjoy one-click access to cloud, on-premises or mobile apps.
Remote access to on-premises apps should be just as simple as accessing cloud apps: without
requiring VPN hardware or client software. This type of SSO — using standards like SAML — will
not only reduce user frustration and improve productivity but also enhance security. Federated
SSO is better because it does not transmit the user name and password to the app over the
network, but instead sends a time-limited and secured token verifying that the user who
is attempting access is known and trusted. In addition, by eliminating the use of passwords
and their transmission across networks, you can reduce the likelihood of users locking their
accounts and calling the helpdesk, eliminate password risks such as non-compliant and usermanaged passwords, and make it possible to instantly revoke or change a user’s access to apps
without an admin having to reach out to each and every app.