You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

What is federated SSO?


Posted on 07 Sep, 2020 @ 08:02 PM by Zane Paulo Zane Paulo


SSO solutions that use federation enable true single sign-on by taking advantage of the organisation’s identity provider (IP), such as Microsoft Active Directory (AD) or Azure Active Directory (Azure AD).

The identity provider usually acts as the authentication server and stores the user’s identity and information, such as the username, password, domains the user has access to, and even which activities the user is allowed to do on each site or within each app. (Verifying the activities that the user is allowed to do is called authorisation. For example, a user may have access to Salesforce reports but may not be permitted to edit customer records.) For true SSO, either the SSO solution is built into the identity provider or the SSO solution uses one or more identity providers to authenticate the user. Authentication requests and information are passed using standard, secure protocols, such as SAML or OAuth. The websites requesting authentication have a trust relationship with the SSO solution, and trust relationships exist between the SSO solution and the identity providers. A trust relationship means that one domain trusts another’s information about user identities, devices, and access privileges.

 
Security and compliance benefits of SSO

Usernames and passwords are the main target of cybercriminals. Every time a user logs in to a new application, it’s an opportunity for hackers. SSO reduces the number of attack surfaces because users only log in once each day and only use one set of credentials. Reducing login to one set of credentials improves enterprise security. When employees have to use separate passwords for each app, they usually don’t. In fact, 59% use the same or similar passwords on multiple accounts. Thus, if a hacker gets access through one poorly secured website, they are likely to be able to access other corporate systems. SSO helps with regulatory compliance, too. Regulations, such as Sarbanes-Oxley, require that IT controls are documented and that organisations prove that adequate methods are in place to protect data. SSO is a way to meet requirements around data access and antivirus protection. SSO can also help with regulations, like HIPAA, that require effective authentication of users who are accessing electronic records or who require audit controls to track activity and access. Regulations, like HIPAA, also require automatic logoff of users, which most SSO solutions enable. When SSO is part of an identity and access management (IAM) solution, it utilises a central directory that controls user access to resources at a more granular level. This allows organisations to comply with regulations that require provisioning users with appropriate permissions. UAM systems enable SSO with role-based access control (RBAC) and security policies. This type of SSO solution also deprovisions users quickly—or even automatically—another common compliance requirement meant to ensure that former employees, partners, or others can’t access sensitive data.

This disclaimer informs readers that the views, thoughts, and opinions expressed in the text belong solely to the author, and not necessarily to the author's employer, organisation, committee or other group or individual. As technology advances swiftly some information displayed maybe out of date. Please refer to official product technical websites for up to date information.

Leave a Comment:
Commenter Name
Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis. Fusce condimentum nunc ac nisi vulputate fringilla. Donec lacinia congue felis in faucibus.
Commenter Name
Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis. Fusce condimentum nunc ac nisi vulputate fringilla. Donec lacinia congue felis in faucibus.
Commenter Name
Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis. Fusce condimentum nunc ac nisi vulputate fringilla. Donec lacinia congue felis in faucibus.
Commenter Name
Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis. Fusce condimentum nunc ac nisi vulputate fringilla. Donec lacinia congue felis in faucibus.
Free Migration Assessment
For a free assessment of your current Exchange configuration prior to an Office 365 migration please contact us.