What Is Single Sign-On?

By Kayla Matthews
November 12, 2019

Many of the login portals you've visited lately might have had a single sign-on (SSO) option. SSO simplifies gaining access to the interfaces and applications you use to get things done. 

Let's take a closer look at what single sign-on is and why it's increasingly relevant.

Single Sign-On Definition

Single sign-on involves using one set of credentials, such as a username and password, to access multiple applications.

You've likely swiped an identification card at designated card readers around a workplace or a college campus. It let you access various buildings, elevators and floors. The single sign-on approach works the same way in the digital realm. 

For example, you may have encountered a smartphone app like a game and or news site that let you log in via your Facebook or Google account. This approach is a form of single sign-on, which simplifies the login process across applications.

Businesses use SSO as a form of access control, and it prevents people at a company from using internal resources for verification. Instead, the entities using SSO rely on trusted companies to verify users for certain trusted apps. The associated framework within which third parties handle verification is called OAuth.

SSO access is not the same thing as someone purposefully setting one email/password combination for every site they use. That's a poor internet security practice. In contrast, using one email and password as a single sign-on approach could make users and their organizations much more secure. 

How Does SSO Work?

Once a person enters their SSO credentials, a system checks them against a database of all authorized users. If they match, the person receives access privileges. SSO also uses browser cookies to store session information. Cross-domain single sign-on controls user access across multiple domains, such as those existing outside of one particular company. 

After an individual successfully logs into a site, the system tracks them with a token or an item on the server. Then, as a person moves between various applications or interfaces, the system checks to ensure the tracker and its associated credentials are up to date.

An SSO tracker comes from an approved site that verifies a person's credentials. You've probably seen an example when attempting to register for a new service. Instead of filling out the entire registration form, you might get the option to use your Facebook or Google data to speed up the process. Then, those companies handle the verification aspect.

The example above covers what's called delegated access. In that case, you'll see a breakdown of which information the verifying company provided to the new site during registration. However, the true single sign-on approach allows seamless switching from site to site as long as your access privileges exist.

Managed Google accounts, like those associated with G Suite, have SSO options. Also, the help documentation for other enterprise applications often has step-by-step guides for enabling SSO or covering the basics like the definition of SSO and its benefits.

5d0b7f41e260b979ba51f23c
template-1
container

How Does Single Sign-On Authentication Extend to the Physical Realm?

This identity management method helps people log into websites and online portals — and it also applies to material objects. Convenience is one of the main advantages of SSO, including its flexibility in securing physical items.

For example, homes and businesses around the world use Internet of Things (IoT) devices. However, those gadgets are often left unsecured, leaving them vulnerable to hackers' exploits. Identity management can have some significant privacy gaps, especially when it comes to IoT devices. One smart way to address them is to enable a single sign-on option. 

Whenever a person uses a connected gadget with SSO, the system must first verify their credentials. SSO can also make things easier for smartphone users. In 2018, some of the major U.S. telecom companies joined forces to bring SSO to smartphones. That setup, known as Project Verify, examines some digital credentials such as an IP address, as well as a physical component — the SIM card.

SSO access can also apply when an employee brings a device from home they want to use at work. SSO systems usually have cloud-based interfaces, where an authorized user can log-in and grant or deny access to a person on a particular device. Such options also make it convenient if a workplace wants to restrict the access of certain devices but not others, such as smartphones that are too old to work with the latest security upgrades. 

Outside of the workplace, SSO makes things easier for people who use tech gadgets at home. For example, Amazon's Fire TV set-top box has SSO. Through this approach, people can sign in with their cable TV provider logins once to access all the network apps included in their package. 

What Advantages Does the Single Sign-On Approach Give to IT Departments?

SSO for identity verification saves time and headaches for the people who work in IT departments and may spend significant amounts of time every day responding to password reset requests from frustrated employees. SSO makes the verifying entity takes care of all password resets instead of someone in a particular workplace having to do it. 

It's easy to see how this streamlines things during someone's onboarding process or when they leave the company, too. Instructing a new hire to create one set of login credentials is undoubtedly more straightforward than requiring them to go to every tool a business may need them to use and making usernames and passwords for each one.

Then, if a person leaves a company, the IT department can go into the respective cloud interface and disable the person's access from everywhere at once. Having that capability eliminates an IT staff member from forgetting to revoke access privileges in at least one place, enabling the former employee to keep getting into platforms without authorization. 

Are There Downsides to SSO Access?

Despite SSO's many perks, no system is perfect. Security researchers say SSO's growing popularity caused an increase in cybercriminals creating fake versions of login screens. 

One way to avoid that kind of phishing is to also set up two-factor authentication (2FA). Then, even if a hacker gets the login and password, they still can't enter the system because they won't have the other piece of information — such as a text message code — that completes a person's login process. 

Also, if a person loses their SSO combination, they're locked out of all applications instead of one. This downfall could be especially inconvenient if they work remotely or otherwise can't seek immediate help to restore their access. 

The Single Sign-On Approach Makes Sense for Today's World

After learning more about SSO and the reasons for using it, you can see why the method is so popular. With SSO, you no longer need to remember a humongous list of passwords, and your accounts will remain secure.

Kayla Matthews

Tech Journalist and writer

Access Control Basics