Many of our customers implement our Identity and Access Management (IAM) platform for its identity lifecycle management capabilities. And with good reason—automating these tasks means IT no longer has to waste valuable time and resources creating and managing accounts or provisioning and deprovisioning systems and target applications.
However, many overlook the benefits that can be gained by combining IAM with secure single sign-on (SSO). SSO portals help organizations address important access challenges and offer clear productivity and user experience benefits by enabling users to access all of their applications from one location, with a single set of credentials.
In this post, we’ll delve deeper into the benefits and limitations of SSO, as well as how combining SSO with a full IAM solution can overcome many of the latter.
So, What Are the Benefits of Single Sign-On?
SSO has a clear, positive impact on productivity. All of a user’s applications are in one convenient portal, which expedites access to needed systems and resources. Users log in once and get one-click access to all the resources they need to do their jobs.
The amount of time saved might seem quite small, but all of the time normally spent finding and logging into individual applications adds up. With SSO, users spend more time working.
SSO also minimizes the time users spend dealing with password-related frustrations, since users only need to remember and enter a single set of credentials (more on this below). This is a huge benefit when you consider that most users have to remember an average of 40 passwords.
Reduces Risk by Minimizing Bad Password Habits
Passwords are a double-edged sword; while they can protect resources and systems, they are also easy to forget and time-consuming to type into each application you need to access. Scheduled password changes add another wrinkle to this process.
With SSO, users are less likely to write passwords down, repeat passwords, create simple or commonly used passwords, or revert to other poor password practices. As a result, the enterprise has greater success in enforcing strong password policies.
Reduces Help Desk Costs
Because SSO reduces the number of passwords users have to remember, users are less likely to submit a ticket to the IT department for password resets. While password resets might seem simple, they are highly inefficient and take up both employees’ and the help desk’s valuable time.
Unfortunately, such tickets are quite common—Gartner estimates that 20-50% of all help desk calls are for password resets. These tickets are very expensive, too. In fact, Forrester has calculated the cost of a single password reset to be $70. Thanks to SSO, IT can use its resources more efficiently.
Accelerates User Adoption of Company-Promoted Apps
Another benefit of SSO is that it improves the user adoption rate of company-promoted applications.
Because these resources are readily available in one location, employees are more likely to use them—and have a more positive experience doing so. This, in turn, reduces the risk of shadow IT, where users acquire and use applications outside of the IT department’s ownership or control.
SSO Drawbacks—and How IAM and MFA Can Help
While SSO offers a number of benefits, there are a few drawbacks that should be taken into consideration. However, implementing SSO in conjunction with IAM and multi-factor authentication (MFA) can overcome many of these limitations. Read on to learn more.
One of the main disadvantages to SSO is decreased security, especially if it isn’t implemented properly.
For starters, there’s a single sign-on, but there’s no single logout. The logout process will vary across applications. Just because a user logs out of one application doesn’t mean that the rest also shut down. In fact, user sessions stay active long after a user logs out of a single application.
Because SSO only requires one set of credentials to access all of a user’s resources, a hacker could quite easily utilize all of them. This is especially dangerous if that user has access to privileged information or mission-critical data.
However, SSO doesn’t have to pose a security risk. Multi-factor authentication makes it safer. MFA adds layers of protection by requiring additional verification when logging into the SSO portal, which can augment or completely replace the use of usernames and passwords.
Additionally, if a user has access to a sensitive system, MFA can be applied to that system for added protection.
Risk-based authentication can also be applied to tailor the level of authentication to the risk the user presents. Adaptable MFA means that users aren’t unnecessarily burdened with more stringent authentication and are still largely able to benefit from the productivity and efficiency benefits associated with SSO.
Another drawback of SSO has an impact on user experience. When an application times out, it often breaks the SSO. Then, to access timed-out applications, the user has to sign back in, wasting valuable time.
Additionally, there are applications that do not support SSO (federation or otherwise), so many organizations still have apps they have to manage out of band. Reduced sign-on is a more realistic state, in which users have to log in again using the same credentials.
Furthermore, not all SSO solutions can integrate with on-premise and legacy applications. SSO solutions must integrate with hybrid and heterogeneous environments to be effective. It’s critical that the SSO solution you choose is able to integrate with all of your applications; otherwise, it’s not really SSO.
SSO Lacks Full IAM Capabilities
While SSO portals and full identity and access management solutions offer some of the same capabilities, SSO is really just a component of a larger IAM solution and doesn’t offer all of the functionality your organization likely requires.
For example, SSO portals lack identity lifecycle management capabilities. Lifecycle management goes well beyond offering easy access to an application catalog. Without automated provisioning and deprovisioning or dynamic role and group management, IT resources are wasted on manual, mundane tasks.
Additional capabilities, such as multi-factor authentication and privileged access management, are critical to protecting your organization from cybersecurity threats.
Moreover, SSO portals alone might not meet compliance requirements. Many regulations require advanced authentication, deprovisioning, access certification, and reporting requirements. Adding this functionality could require adding point solutions and an expensive integration effort that necessitates staff resources to manage it.
Meeting Your Organization’s Needs with IAM & SSO
As you can see, single sign-on offers clear user experience, productivity, and cost-saving benefits that shouldn’t be overlooked. By implementing IAM, SSO, and MFA as a unified solution, your organization can increase business agility and security while offering users a convenient, streamlined experience that overcomes many of the downsides of SSO portals alone.
To learn more about MFA and IAM, download our eBook on SSO portals versus full-featured IAM solutions.