IAM Bitesize - Identity & Access Management Weekly Guides

Share this post

10: What is SSO?

iambitesize.thecyberhut.com

Discover more from IAM Bitesize - Identity & Access Management Weekly Guides

Weekly bitesize explanations and discussion on the key topics, acronyms and themes in the global identity and access management industry, in 5 mins or less.
Continue reading
Sign in

10: What is SSO?

The Cyber Hut
Nov 2, 2023
Share this post

10: What is SSO?

iambitesize.thecyberhut.com
Share

Audio Cast:

1×
0:00
-6:29
Audio playback is not supported on your browser. Please upgrade.

Takeaway Points:

  • SSO stands for single sign on

  • It primarily emerged from the employee workforce identity ecosystem

  • The idea was to improve usability and security by reducing the number of times an employee would log in to different systems needed to perform job role

  • Historically employee systems often had their own “local” usernames, passwords and access control lists

  • This would result in the end user having to remember different usernames - but often re-used a “good” password - a security anti-pattern

  • Help-desk and security administration costs were high as a result - often due to password and account reset requests

  • The management of account setup and access was also complex, often manual and extremely effort intensive

  • Whilst provisioning systems helped reduce account creation and management, access management systems introduced SSO capabilities

  • The idea being the end user would “authenticate” once to a single system called an identity provider (IDP)

  • Applications would then integrate against this IDP and reuse the authentication event - often by the use of cookies, access tokens and assertions

  • Integration took the form of policy and web agents (that sat in front off or alongside applications), gateways and federation standards such as SAML - and later OAuth2 and OIDC. SDK’s could also be used.

  • Downstream systems now didn’t have to manage local passwords any more and instead would redirect unauthenticated users to the IDP for a login

  • The IDP would authenticate the user with a range of options - typically a directory for usernames and passwords, followed by multi-factor authentication options such as one time passwords

  • The IDP would then create a session - an amount of time the user could stay logged in for before having to re-authenticate

  • As long as the session was active and valid, other systems would allow the end user to gain access seamlessly

  • Use cases:

    • employee’s accessing workforce systems by logging in once each day or week - then seamlessly accessing relying systems

    • customers logging in once and accessing different brands without re-logging in

IAM Bitesize - Identity & Access Management Weekly Guides is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.

Share this post

10: What is SSO?

iambitesize.thecyberhut.com
Share
Comments
Top
New

No posts

Ready for more?

© 2023 The Cyber Hut
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing