Misconception Perception: Single Sign-On Myths Debunked

Single sign-on (SSO) allows end users to log in to accounts once with their credentials and thereafter enjoy immediate access to all of their applications and systems without being asked to log in again. This is extremely beneficial in reducing help desk calls since users only have to remember one password instead of many.

Though SSO can be beneficial to any company, many IT managers and security officers are skeptical about the implementation of an SSO solution. Their skepticism is the result of a number of preconceptions, which in many cases are misconceptions, about these identity and access management tools.

The following are the many incorrect common beliefs about SSO.

Implementing SSO Imposes Greater Pressure on Security

IT managers and security officers often believe that with one-time logging in to accounts security of information is immediately placed at risk. They assume that if an unauthorized person gets hold of that single log-in credential, that person will have access to all the account’s associated applications.

When using SSO, all the various access entries to applications are replaced by one access point. For example, the software allows users to use just one password for multiple accounts. Once the password is entered, all accounts are accessed. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the user will scribble passwords on a piece of paper and place them under their keyboard (as is often the case) like they might if they have to remember 12 password and username combinations (the average number per user) that most users have without SSO.

This was often the case at Community Bank and Trust of Florida. Since the bank uses hundreds of different systems and applications that require complex passwords, users understandably had a difficult time remembering all of their user credentials. By implementing SSO at the bank, end users no longer have to use unsecure methods, such as writing down their passwords to remember them.

It is also possible to add extra security to the primary SSO log-in with a user card and pin code or an extra-strong password. Logging in with a card and pin code is an extremely secure authentication, and users also consider it to be very user-friendly.

An SSO Implementation is a Long, Drawn Out Project

This is often wrongly assumed because SSO implementation is part of a broader security policy. Other components might include introducing more complicated passwords, taking more care with authorizations and complying with standards imposed by the government.

Because SSO affects almost all end users and runs throughout the organization, some see implementation as taking a great deal of time to notify and prepare end users for the change. SSO brings with it a number of questions, such as:
“How do I deal with people who have multiple log-ins on one application?”
“What do I do if an application offered through SSO gets a new version?”
“What happens if the application itself asks for a password to be reset?”

All of these questions often cause SSO implementation to be shifted to the background. However, any potential complexity faced at implementation is no reason to postpone adding a SSO solution because it has long-lasting benefits once up and running. By starting small, say by making the top five applications available through SSO, a considerable time saving on the number of log-in actions can be achieved, justifying buying the solution.

For example, at Community Bank and Trust of Florida, an SSO solution was easily and quickly implemented to solve its password issues. It was even possible for the bank’s IT leaders to roll into production exactly what they did during their trial phase, which made their implementation process extremely convenient.

It’s Not Possible to Make Cloud Applications Accessible via SSO

Just as with all other applications, it is certainly possible to log in to cloud applications with SSO.

An SSO Implementation is Expensive

The nice thing about an SSO solution is that it’s often not necessary to set it up for all the people in an organization. SSO may be needed only for a select group of people who need to access many different applications, such as tellers. The advice here is to restrict implementations to the most critical applications and the employees who have to log in to a variety of different applications. This will control the implementation in terms of price and complexity, and offers an excellent springboard for any further growth and expansion in accordance with changing future needs.

An SSO Solution is Not Needed Because We Use Extremely Complex Passwords

Insisting on extremely complex passwords is one way to secure the network, but at the same time, it’s also one of the causes of insecure situations. This is because many end users have difficulty remembering their mandated passwords, certainly when they have to recall more than a dozen username and password combinations. Often, requiring the use of complex passwords leads to frequent help desk calls because employees tend to forget them more readily. A highly insecure and undesirable situation arises when end users write their passwords on notes and leave them lying around their computer.

Using SSO means employees only have to remember one password for all of their applications, meaning a simple solution to a complex problem, easier access to multiple accounts for all who need access to them, and fewer calls the help desk, ensuring IT staff are able to focus on more important priorities than password resets. For example, All Star Automotive in Louisiana was able to see a major reduction in time dealing with password issues by implementing an SSO solution. The IT manager at the automotive group said, “Users can now concentrate on their jobs rather than managing their own passwords.”

For more information, please visit our website.