Single Sign-On Solutions : Interfaces, Security and Ease of Usage

Single Sign-On Solutions must maintain a standard. The three criterion for picking up a Single Sign-On Solution is 3 – Interfaces, Security and Ease of Usage. In the previous article, we talked What is Important in Single Sign-On Solutions and in the last paragraph, we clearly wrote – We will go in to the details on each criteria in separate article in future and this is the article. So, it is important to read the previous article for a comprehensive understanding about Single Sign-On Solutions. When we use a premium or free service, we only understand the problems, shortcomings only after facing a big issue – this is definitely not a great way to accumulate experience ! Prevention is far better than having the disease, frankly not all disease can have treatment !

Criterion 1 :  Interfaces

Basically, for each SSO method is it is the variety of interfaces that decides whether one can really speak of a unified, central application or if several applications are used by the company, which might not be supported. A Single Sign-On Solution (SSO) that actually integrate all applications used is hard to find. But the critical enterprise applications should be supported by the Single Sign-On Solutions (SSO) of choice.

Attention should be paid in the standards of particular Single Sign-On Solution (SSO), like support for directory services (such as Active Directory or OpenLDAP), identity services and applications in the network and in the cloud, also the support for mobile applications and social media platforms. Supported Standards and Identity Services One of the leading identity services on the Internet is OpenID. Authorization standards for web, desktop and mobile applications are OAuth, Web specification WS-Federation and SAML Framework (Security Assertion Markup Language).

Therefore important technical requirements for the standardized exchange of access are given with numerous applications. The range of supported applications is large with all Single Sign-On Solutions currently available. Various SSO platforms also consider identity services such as OpenID, small cloud, for example, use of Facebook or Google login information for sites that support this type of application.

Single Sign-On Solution (SSO) platforms that provide OpenID identity provider and registration procedures can register on all websites that have the identity management service. OpenID integrates after a single login of the user. Social media services such as Twitter offer themselves work as an identity service – Social networks like Facebook , Twitter and Google+ now serving as an identity. One also speaks of social log-in services. The solution NetIQ Social Access, for example, allows companies to offer their customers or partners to register with one of the social log-ins, to use the credentials of a particular social network for the application.

In addition to applications that run on the internal network or obtained from a cloud, it is the mobile apps that are important for the operational use. IBM Security Access Manager for Cloud and Mobile, for example, unified access to multiple cloud services and the application for specific mobile apps. Solutions such as SecureAuth IdP provide for multiple mobile platforms specific apps to the users on their smartphone or tablet to use the single sign-on mobile. SaaS SSO, Symplified, Symantec O3 or PingOne offer a single user login for numerous supported cloud services including Google Apps, Salesforce.com and SharePoint.

Criterion 3 : Security

With a single sign-on Solution, requirements for complex passwords and encrypted application procedure should be standard. If it is possible for an unauthorized person, to crack the central access, he would have access to all the connected applications. Depending on the security requirements, internal policies and applicable compliance requirements for the company should therefore also be multi-factor authentication. In Identity and management platforms (IAM) as Aveksa MyAccessLive or SecureAuth IdP, other factors such as a one-time password (OTP) can be added. Whether a simple password login for the SSO application is sufficient or not, for example, is based on the current risk score. This depends, among other things, where the user is currently located, what device is used for the application and whether the planned actions of the user activities in the past fit together.