Single Sign On (SSO)

http://www.ifour-consultancy.com

Benefits, challenges and case study

Definition

• Single sign-on (SSO)is a session/user authentication process that permits a user to enter one username and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Types of SSO

• Holy Grail• Enterprise SSO• Synchronization SSO• Web SSO

HOLY GRAIL

ACTIVE DIR

UNIX

LINUX

MAC

JAVA

SAP

• One identity gives you a single login. • That single login to single directory gives you seamless access to all the applications.• It is the most efficient ,secure and compliant way to do SSO.

ENTERPRISE

ACTIVE DIR LOGIN AUTOMATION

DB2

ORACLE

• Often also called as login automation.• The end users login once, but behind the scenes the automation tool logs in to all the applications they

need• The user has convenience but the IT staff still has to manage all the systems login, cause actual login still

happens to all the systems.

SYNC

UNIX

LINUX

MAC

JAVA

SAP

ACTIVE DIR Sync Tool

ok

• A Sync Tool synchronizes all the directories and all the passwords across the system.

WEB SSO

ACTIVE DIR

UNIX

LINUX

MAC

JAVA

SAP

INTERNET

• Allows the users which are coming remotely ,in a single login ,instead of multiple logins in multiple sessions.

Components of SSO process

ACTIVE DIR

UNIX

LINUX

MAC

JAVA

SAP

DB2

ORACLE

INTERNET

LOGIN AUTOMATION

HOLY GRAIL

ENTERPRISE

SYNC

WEB SSO

Benefits

• Saves Time and Efforts

Benefits

• Fewer Passwords to Remember

Benefits

• Reduced Phishing

Benefits

• Reduced Operational Cost

Benefits

• Fine Grained Auditing

Benefits

• Effective Compliance

• Speeds Up Development

• Easier to Secure

• Resource Savings

Benefits

• Rich User Experience

Benefits

• Reduced headache of assisting users with password recovery

Who Uses Single Sign On ?

All trademarks, product names, and company names and logos appearing on this presentation are the property of their respective owners.

Drawbacks

• “Keys to the Castle”: As single sign-on provides access to many resources once the user is initially authenticated it increases the negative impact in case the credentials are available to other persons and misused.

• Single point of failure

• Therefore, single sign-on requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods• Advance + Combined Methods

• smart cards• one-time password tokens• Fingerprint Scanner and Keystroke Dynamics

• Strict policies and standards• Added cost

Drawbacks

SomethingYou Are

SomethingYou Have

SomethingYou Know

Drawbacks

• Single sign-on also makes the authentication systems highly critical; a loss of their availability can result in denial of access to all systems unified under the SSO. SSO can thus be undesirable for systems to which access must be guaranteed at all times, such as security or plant-floor systems.

SSO

References• https://security.buffalo.edu/node/899

• https://www.uoguelph.ca/ccs/security/internet/single-sign-sso/benefits

• http://en.wikipedia.org/wiki/Single_sign-on

• http://www.ifour-consultancy.com

• Custom software development company India