single Sign-On is a must for any business that wants to harden security while at the same time offering users greater ease-of-use. What is Single Sign-On (SSO) If you have not implemented a Single Sign-On (SSO) solution, now is the time to consider doing so. Single Sign-On is an authentication technology that allows users to access their business applications and services with a single set of credentials. This consolidates all of your critical tools under a single, secured framework that can be managed and monitored via a unified web dashboard. With a host of security and productivity benefits, SSO will optimize the way users access business applications, as well as reduce the time it takes to provision and deprovision users. There are several excellent cloud-based options currently available, all of which are ideal for an environment with any mix of devices, whether they be macOS, iOS, Windows, Linux, or Android. Rather than users having to sign-in each time they need to access an application (like G Suite) or service, authentication is deferred to the SSO provider, which eliminates the need to login more than once. With the proper tools, a user may even access their Mac with the same password that they use to access business apps such as G Suite, Office 365, Box, Dropbox, Salesforce, Slack, or Xero. Changing passwords becomes a breeze by removing the need to update passwords for each application or service that may be out-of-date or compromised.
Configurable Security FeaturesFrom a security perspective, Single Sign-On is extremely valuable. SSO credentials are managed by a policy server, which can be configured and optimized to recognize multiple levels of security policies and permissions. Simply put, SSO strengthens the security of your environment while giving your workforce a productivity injection. Administrators can pull reports and actionable analytics, monitor or access user activity logs, and quickly remove access globally rather than on an individual basis.
Related: See how we helped Okta implement Jamf Pro, prepare for zero-touch, and meet CIS compliance.
Multifactor Authentication (MFA or 2FA)With the right SSO tool, Multifactor Authentication (MFA or 2FA) can be configured using a wide range of factors that include bio-factors (fingerprints, facial recognition), knowledge factors (like a security question), and possession factors (such as sending a code to the users’ mobile by SMS which they will need to enter in order to gain access). Enabling MFA with two or more factors will assure that only authorized users will be able to access business applications, greatly improving security of critical company data. Furthermore, MFA can be configured and managed globally, stripping an incredible amount of redundancy.
Benefits of SSOSingle Sign-On can save your company a great deal of time and money, but there are many other measurable benefits:
- It can reduce help desk calls by up to 93%
- Reduces login errors
- Protects your vital data as well as the integrity of your applications
- Eliminates the ability for users to login on any account other than their own
- Strengthens security by restricting access
- Lowers the risk of malicious attacks
- Increases ease-of-use
- Provides meaningful reports and activity logs
How We Do It: The Technical Side of Single Sign-OnOnce we have determined which SSO product is right for you, we procure licensing, provision the environment, and integrate it with your G Suite or Office 365. Your business apps are then connected using SAML (security assertion markup language), which, in simple language, exchanges authentication data between security environments – in other words, between the SSO partner and the software or services provider. Network authentication is accomplished via a service like Cisco Meraki, which is a secure, HIPAA-compliant cloud architecture that has the ability to scale to more than a million users.
Which SSO solution is right for you?Okta and OneLogin are both industry-leaders in identity management, and each has their own set of benefits and drawbacks. They both have similar features and a growing list of app integrations. Both solutions have the following capabilities:
- Cloud-based environment
- Act as universal or canonical directory
- Provide user directory support
- Enable one-click user provisioning and deprovisioning
- Broadly capable in access policy administration
- Provide support for a voluminous list of SaaS and web apps
- Reduce in-house IT costs and support tickets
- Support your mobile and/or remote workforce
- Connect a wide range of popular mobile apps