What is single sign-on? Understanding the authentication method that lets you log into different websites and apps with a single username and password

• Single sign-on (SSO) allows users to access multiple applications with a single set of login credentials.
• While convenient, SSO can present security risks, as one set of credentials could grant bad actors a wide swath of access.
• Implementing SSO can be a lengthy and expensive process for organizations but is often more user-friendly and easier for administrators to manage.

When using multiple applications or sites owned by the same organization, it can be time-consuming and more than a little frustrating to have to enter several different usernames and passwords. That’s where single sign-on comes in.

What is single sign-on?

Single sign-on (SSO) is a popular authentication method designed to simplify the login experience by allowing users to enter a single set of credentials for access to multiple applications.

The process works by relying on a relationship between a service provider (a website or application) and an identity provider (the SSO system). The two exchange certificates containing identity information. This ID, which comes in the form of login tokens, contains information about the user, such as a username or email and password, to allow the service provider to know the connection is from a trusted source.

How does single sign-on work?

While a SSO login is simple for the user, the technical process behind it is quite complex. Here’s a breakdown of how SSO works.

1. The user opens the website or application they wish to use, at which point the service provider sends a token to the SSO system in a request to authenticate the user.

2. If the user has already been identified – that is, they’ve logged in on a previous visit or on another application or website under the same SSO umbrella – access is granted. If the user hasn’t logged in, they’ll be asked to do so.

3. When the identity provider validates the credentials entered by the user, it will send a token to the service provider to signify authentication.

4. The service provider grants access to the user.

While SSO may not be right for every organization, for those with multiple applications or websites under their umbrella, it can be a good choice not only from an administrative standpoint and in terms of user satisfaction.

Advantages of single sign-on

• SSO allows users to access applications and accounts much more quickly and with less hassle.
• Users only need to remember one set of credentials, such as a username and a single password.
• Services that utilize SSO may spend much less time helping users with lost passwords.
• Administrators can centralize control over user access to platforms and easily grant permissions for or remove permissions from users.
• Administrators can better enforce strong passwords and security standards across applications.

Disadvantages of single sign-on

• SSO can present security risks, as it only requires one set of credentials for access to multiple applications. Organizations can help mitigate this by requiring strong passwords from users.
• Implementing SSO can be a complex and costly project since a detailed discovery phase is necessary to ensure the right processes and technologies are implemented.
• If the SSO system goes down, users would lose access to all the applications that come under its umbrella rather than just a single site or service.
• If an SSO account is hacked, that bad actor would have access to all applications, thereby exposing a large amount of private data.