Makerere University

Enter a keyword or two into the search box above and click search..

Single Sign-On (SSO)

You are here

By Nsanzimana Gilbert

 

SSO can be defined as an authentication scheme in which a single set of log in credentials can be used to access multiple applications without having to log in to each one separately.

Why SSO?

According to the recent research that NordPass carried out, an average person has about 100 passwords to use across multiple platforms. This number is usually higher for employees working in companies where ICT is the backbone. 
Besides memorizing, updating and keeping track of such several accounts, people have a lot more to keep in mind and thus can often forget their account credentials for some systems. It also takes quite some time to log out of one system to log in to another.
In large institutions, there are usually several applications that users have to login daily for services. Let us take an example of an academic institution; there can be several systems that handle academic records, payment record, learning platforms, human resource management systems and several others. Each time the institution develops a new application, the users must create a new set of credentials to remember. End-users who in most cases are not good at ICT basics often face challenges in navigating through the systems for specific services, and besides it can be the same user with different accounts for the same institutions’ systems. In one survey entitled the passwordless future conducted by Okta, it was found out that:

an average user has to remember at least 10 passwords every day but forgets up to three of them at the end of every month. 

The question is; can there be a way through which a user can login to one account, and be able to navigate through to the other systems without being required to login again? This is exactly what Single Sign-On (SSO) does. With SSO, you can sign in once and access all organization-approved applications and websites without having to log in on each one.

How Secure is SSO?

There are usually two stakeholders and either side has a major concern. The end-users look at the ease and speed of access, System administrators are more concerned with the reliability and security of the systems.  With Single Sign-On, surely the users’ needs are readily satisfied and thus remains the work for administrators to ensure that they play their part faithfully—the security. Statistics show that 81% of data breaches are directly related to passwords which were either stolen, weak, or simply default passwords which organizations failed to change to more secure ones. With SSO in existence, a malicious user can have access to all the company’s linked applications which renders them more harmful. On this point so far, one may think that the best solution is to get rid of SSO, but this wouldn’t be the idea of a professional IT personnel. Several mechanics are combined with SSO to achieve the desired productivity and Security. Some of these are; combining SSO with Multi-Factor Authentication (MFA), implementation of Context Aware Security and many other technologies.

Advantages of Using SSO

Implementing an SSO Solution has several advantages to both parties; System administrators and System users. The major are highlighted below.
1. Enhanced User Experience. Employees are able to quickly move from one application to another without having to waste time logging in to each system separately.
2. Enhanced data security. Developers know that every login is a point of vulnerability and so they emphasizes security at the point.
3. Reduces the support team overloads. The number of log in credentials becomes small and users can easily remember them, without having to call the help desk every now and then for account recovery.
4. Easier for administrators to relinquish login privileges across the board when a certain user is no longer part of the company.

Single Sign-On and Federated Identity

SSO usually deals with applications in the same domain while Federated Identity combines two or more domains. SSO is therefore a part of a large concept called Federated Identity Management (FIM).