The joys of the Cloud and Software-as-a-service (SaaS) have significantly reduced the amount of clunky software applications that need to be physically installed on your server environment. The move to internet based applications has freed up valuable IT time, lowered costs when it comes to on-premises resources, and allowed employees to roam freely around the world without losing that critical connection to the office that they so desperately need. However, despite the plethora of benefits, Cloud based applications have introduced one problem to the “user-friendly first” business world…an abundance of passwords. When it comes to tackling the horror story that is dozens of passwords for each employee, the answer lies in a secure, single sign-on service.
What is Single Sign-On?
Single sign-on, or SSO, is the process of making multiple, separate services available by using the same username and password. Single sign-on services were built to eliminate multiple passwords and usernames for all of your business applications, thus allowing for a seamless experience while at work.
Today, many business services are delivered through online, software-as-a-service based applications, such as Office 365 for productivity apps, Google Drive for file storage, Salesforce.com for CRM purposes, and Citrix for remote desktop connectivity, which on their own all require separate passwords and usernames.
With separate credentials for each app that all have varying password requirements (length, required characters, numbers, etc.), employees often struggle to keep track of each password, resulting in frustration and a loss of productivity. Single sign-on eliminates that concern by merging your Cloud application credentials with your Active Directory credentials that you use to login into work each day.
Other Benefits of Single Sign-On
Limiting passwords isn’t the only tangible benefit for Single Sign-On services. Below are a few other key benefits brought on by implementing a single sign-on service within your business:
Security – Implementing a single sign-on service is good for your overall security practices, as it forces all passwords and usernames that employees may use to mimic the policies you already have in place for Active Directory credentials. This can eliminate weak passwords for your Cloud applications, which is often an easy path in for hackers and data thieves. In addition, Cloud application often don’t have password refresh policies that force employees to change their passwords ever so often. With single sign-on, the Cloud application password will change when the Active Directory password does, which is a significant security boost.
Agility – Single sign-on services make it easier for individual departments and teams to adopt their own software without worrying how it might play with their current IT infrastructure. For example, a sales and marketing team can deploy a service that fits their needs like Salesforce or HubSpot with greater ease.
Lessened Burden on IT – Single Sign-on services also reduce the amount of Help Desk calls IT receives when it comes to login related calls, with some companies seeing as much as a 50% reduction in password reset tickets.
Enhanced Mobility – This process also makes it easier for employees to access applications on the go or from other devices. Often, when using Cloud applications, people let their browser remember their password, which can be troublesome when trying to access the application from another device or browser, since they likely don’t remember that specific password.
What are my Options?
When people talk about Single Sign-on, there are actually three options that should be considered:
Single-Sign-On – This is the standard option when the same credentials are used for both Active Directory and third party Cloud applications. With standard single sign-on, employees still have to login into their Cloud applications, but only have one set of credentials for all applications.
Seamless Single Sign-On – This is the more ideal version, as users only have to login once, instead of having to re-enter credentials for other applications. This is ideal for Office 365 and other online productivity applications, as it is a significant time saver and less burdensome on employees.
Multifactor Authentication (MFA) – Multifactor authentication is primarily for security purposes, and requires more than one method of authentication to access a system or application. A common example of MFA is using an ATM, as you must present an ATM card and a correct PIN number to access your account. In modern technology, MFA often involves entering a password, and then entering a second PIN code that was sent to you email or your mobile phone. MFA reduces the risk of identity theft or damage caused by a stolen password, as the password alone would not be enough to breach the system.
All of these options require a third-party provider, and can take some time and knowledge to implement. Services like Okta, Azure AD Connect, and Duo all offer single sign-on, seamless single sign-on, and multifactor authentication services.
Is it Worth It?
In today’s business world, user satisfaction is king. Application and services need to be very easy for employees to use, or they will find a way around it. Single sign-on simplifies the process of introducing new application to your workforce, and also makes it much easier from a management standpoint, as it will also be much easier to onboard and offboard employees. Implementing an easy to use SSO process for employees can limit shadow IT, increase productivity, and most importantly, keep the troops happy.