Home  ›  Which of the Following Advantages Can Single Sign on Provide

Which of the Following Advantages Can Single Sign on Provide

Written By Wednesday, 16 February 2022 Add Comment Edit

Single sign-on (SSO) is a session and user authentication service that permits a user to use i set of login credentials -- for instance, a name and password -- to admission multiple applications. SSO can be used by enterprises, smaller organizations and individuals to ease the management of various usernames and passwords.

In a bones web SSO service, an agent module on the awarding server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server, while authenticating the user against a user repository, such every bit a Lightweight Directory Access Protocol (LDAP) directory. The service authenticates the end user for all the applications the user has been given rights to and eliminates hereafter countersign prompts for individual applications during the aforementioned session.

How single sign-on works

Single sign-on is a federated identity management (FIM) arrangement, and the use of such a system is sometimes calledidentity federation. OAuth, which stands for Open Authorisation and is pronounced "oh-auth," is the framework that enables an terminate user's account information to exist used past third-party services, such as Facebook, without exposing the user'due south password.

A visualization of how SSO works
This graphic provides a visualization of how single sign-on works

OAuth acts equally an intermediary on behalf of the end user by providing the service with an access token that authorizes specific account information to be shared. When a user attempts to access an awarding from the service provider, the service provider will send a asking to the identity provider for authentication. The service provider will then verify the hallmark and log the user in.

Types of SSO configurations

Some SSO services use protocols, such as Kerberos, and Security Exclamation Markup Language (SAML).

  • SAML is an extensible markup language (XML) standard that facilitates the exchange of user authentication and authorization data across secure domains. SAML-based SSO services involve communications among the user, an identity provider that maintains a user directory and a service provider.
  • In a Kerberos-based setup, once the user credentials are provided, a ticket-granting ticket (TGT) is issued. The TGT fetches service tickets for other applications the user wishes to access, without request the user to reenter credentials.
  • Smart card-based SSO will ask an end user to apply a menu holding the sign-in credentials for the kickoff log in. In one case the bill of fare is used, the user will not have to reenter usernames or passwords. SSO smart cards will store either certificates or passwords.

Security risks and SSO

Although single sign-on is a convenience to users, it presents risks to enterprise security. An attacker who gains control over a user's SSO credentials will be granted access to every application the user has rights to, increasing the corporeality of potential damage. In gild to avoid malicious access, information technology's essential that every attribute of SSO implementation be coupled with identity governance. Organizations tin too utilise ii-factor authentication (2FA) or multifactor authentication (MFA) with SSO to meliorate security.

Social SSO

Google, LinkedIn, Twitter and Facebook offer popular SSO services that enable an finish user to log in to a tertiary-party awarding with their social media authentication credentials. Although social single sign-on is a convenience to users, it can present security risks because it creates a single point of failure that can be exploited past attackers.

Many security professionals recommend that end users refrain from using social SSO services altogether because, once an assaulter gains control over a user's SSO credentials, they will exist able to access all other applications that use the same credentials.

Apple recently unveiled its own single sign-on service and is positioning it as a more than private alternative to the SSO options provided by Google, Facebook, LinkedIn and Twitter. The new offering, which will exist called Sign in with Apple, is expected to limit what data 3rd-party services can access. Apple'due south SSO will also enhance security by requiring users to use 2FA on all Apple ID accounts to support integration with Face up ID and Touch ID on iOS devices.

Enterprise SSO

Enterprise single sign-on (eSSO) software products and services are countersign managers with client and server components that log the user on to target applications by replaying user credentials. These credentials are almost always a username and password; target applications do non demand to be modified to work with the eSSO system.

Advantages and disadvantages of SSO

Advantages of SSO include the following:

  • It enables users to call back and manage fewer passwords and usernames for each awarding.
  • It streamlines the process of signing on and using applications -- no need to reenter passwords.
  • It lessens the hazard of phishing.
  • It leads to fewer complaints or trouble well-nigh passwords for It help desks.

Disadvantages of SSO include the following:

  • It does not address certain levels of security each application sign-on may demand.
  • If availability is lost, then users are locked out of the multiple systems connected to the SSO.
  • If unauthorized users proceeds access, then they could gain access to more one application.

SSO vendors

In that location are multiple SSO vendors that are well known. Some provide other services, and SSO is an additional feature. SSO vendors include the following:

  • Rippling enables users to sign in to cloud applications from multiple devices.
  • Avatier Identity Anywhere is an SSO for Docker container-based platforms.
  • OneLogin is a deject-based identity and access management (IAM) platform that supports SSO.
  • Okta is a tool with an SSO functionality. Okta also supports 2FA and is primarily utilized by enterprise users.

This was last updated in April 2020

Keep Reading Almost single sign-on (SSO)

  • Utilise unmarried sign-on technology to integrate mobile app admission
  • Benefits of single sign-on in healthcare
  • When single sign-on fails, is a second SSO implementation worthwhile?
  • Cloud single sign-on adds convenience, only does it sacrifice security?
  • Mitigating remote run a risk in identity management: The capabilities you need

Dig Deeper on Identity and access management

  • Utilise these six user authentication types to secure networks

    By: Kyle Johnson

  • 6 persistent enterprise authentication security problems
  • How to get passwordless if non all your apps support modern authentication standards

    By: Kyle Johnson

  • OneLogin Desktop Pro for Windows reduces password load

    By: Sabrina Polin

cooperocapan.blogspot.com

Source: https://www.techtarget.com/searchsecurity/definition/single-sign-on

0 Response to "Which of the Following Advantages Can Single Sign on Provide"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel