Identity Automation Blog

Stay up to date with all of the latest news and events.

A specter is haunting your business—the specter of shadow IT. It’s circumventing your security policies, compromising your data sovereignty, and costing you money. It lurks on your networks, on your employees’ computers and devices, on your servers, and in the cloud. Ever-present and always out of sight…or, at least, that’s how it sounds.     

When we engage with a new IT team and ask how they are currently managing user identities and access, more often than not, they simply point to a single sign-on (SSO) portal. This inevitably prompts a clarifying discussion around the meaning of SSO.

What a year 2016 has been! With 2017 fast-approaching, we’ve decided to take a look back at some of our Enterprise blog highlights from the past year. From the risks of contingent workers, to upgrading legacy systems, to privileged access management, to single-sign-on – we’ve covered a wide range of identity and access management topics in 2016.

Whenever I am involved in the initial discovery phase of an Identity and Access Management (IAM) project, the term Single Sign-On (SSO) always comes up. SSO is often desired or a hard requirement of customers, which inevitably prompts a clarification discussion around just exactly what SSO means to them.

The customer’s definition of SSO is usually something along the lines of “customers have one set of login credentials for all of their web applications instead of a different set for each.” For example, a single “scarter” account and password can get me access to Salesforce and Google Apps versus having a separate “scarter1” account for Salesforce and then an “scarter2” account for Google Apps.  

However, this interpretation of what SSO means is actually only half correct.

I am excited to share our latest press release announcing that Identity Automation has acquired, 2FA, Inc., a cybersecurity company that specializes in multi-factor authentication and enterprise single sign-on (SSO).

Authentication has become an integral piece of the identity management solution set, largely driven by the need to better protect user credentials and privileged accounts. More and more, industries with a focus on strong compliance regulations are seeing guidelines put in place that require stronger authentication techniques in order to protect that data.

From the massive Target data breach in 2013 to the Wendy's, UC Berkeley, IRS, and U.S. Department of Justice breaches of 2015 and 2016, today's enterprise exists in a security minefield in which a single misstep could lead to a massive breach and public blowout. As IT departments shutter and make sure to shore up their perimeter security, unfortunately, many overlook the fact that it was actually legitimate user credentials that were used in most 2016 data breaches, with some 63% being the result of weak, default, or stolen passwords, according to the new Verizon Data Breach Investigations Report (DBIR). These results drive home the point that passwords are the weakest link in the security chain and malicious intruders know it.

There is no doubt that single sign-on (SSO) capabilities are an important part of any identity and access management (IAM) solution. SSO reduces user frustrations by eliminating the need to keep a list of separate login credentials for individual applications and lowers support costs by helping to reduce the amount of time IT spends addressing login issues and resetting forgotten passwords. Single sign-on can also be utilized for documenting user account activity.

Yet, while single sign-on does play an important part in identity and access management, there are other, equally important features that your solution should have as part of your overall effort. The three I will focus on today are: full-lifecycle management, roles and group management, and privileged access management.

When we meet with a customer, we first like to build a common ground with regards to nomenclature. In the identity management field this is especially true because terms are used differently by different people/organizations. We find this to be especially true with discussions around the topic of SSO (Single Sign-On).