Single sign-on is a handy access control feature offered by a lot of services and websites. It certainly provides convenience and has benefits for both users and administrators, but there are some drawbacks to consider too.
Let's take a look at what single sign-on is and some reasons for and against using it.
What Is Single Sign-On?
As you might expect, single sign-on (SSO) is just about what its name sounds like. It's an access control system that allows you to sign into multiple enterprise-level services using one set of credentials.
For example, let's say that every employee at your company regularly uses Microsoft Office 365, Dropbox, and Evernote for business use. Because these are three different services, everyone has to remember a unique password for each of them.
It's difficult to create and remember secure passwords for a lot of accounts (which is why we recommend using a password manager). Faced with so many accounts, an employee might be tempted to use weak passwords for each service to make them easier to remember. Worse yet, they might use the same password for every website.
Single sign-on provides a secure alternative to this issue. Your system admins set up an account with a trusted identify provider, which does the work of authenticating the user accounts. Then they can link all your business services (like Office 365, Dropbox, and many others) together.
As a result, your employees only need to remember one set of credentials to sign into many services. So long as they're signed into the identity provider, they can log into any other app connected to it with ease.
Advantages of Single Sign-On
Next, let's examine some of the major advantages of a system like this.
Reduced Password Burden
As mentioned, most people don't like keeping track of dozens of account credentials. The more passwords people have to remember, the higher the likelihood that they'll start using poor passwords.
With single sign-on, users only need to remember one password to sign into their work apps. They're much more likely to crate and remember one strong password instead of many. And they won't have to spend as much time entering credentials regularly.
Streamlined Management for IT
Single sign-on isn't just beneficial for the end users; it also benefits IT staff.
Users having fewer passwords results in reduced help desk workload for forgotten passwords. This frees up your helpdesk employees' time to work on other tasks.
Additionally, SSO makes onboarding and separation of employees easier. IT staff can remove the user's access to one system instead of doing it for every app individually.
The more sites that you have to enter a password on, the higher the chance that it could be stolen thanks to a hacked site, misconfigured security, or similar. Even if a site uses proper security measures, user passwords could be exposed after a data breach. Single sign-on reduces your area of attack to one entity.
Plus, SSO makes it easier to apply increased security measures to multiple services at once. If your SSO provider supports two-factor authentication (2FA), enabling it will protect your users' accounts everywhere. This is much simpler than having everyone set up 2FA for each app on its own.
Drawbacks of Single Sign-On
Not everything about single sign-on is a plus, though. Here are a few important disadvantages to consider.
A Single Point of Failure
Limiting your login to one service can lead to some major issues. If someone breaks into an employee's SSO account, they'll have access to every account contained inside.
But this single weak point doesn't just apply to compromised passwords. If the SSO provider goes down, you won't be able to access any connected sites. It's thus vital to make sure you've chosen a reliable SSO provider so you don't end up getting locked out of critical services.
Multi-User Computer Risks
SSO is a great way to reduce repetitive password entry for a user who works on the same computer every day. But what about shared machines on open environments like factory floors?
If someone else needs to use the computer, the current user will need to take extra care to make sure they don't provide access to all their accounts to that other person.
Potential Data Leaks
Additional Setup Work
While SSO is convenient for users, it does require extra initial work to implement. In complex environments, this can become a fairly intensive project for IT staff.
Potential Lack of Support
It's possible that not every service your business uses will support single sign-on. This could result in employees needing several additional sets of credentials, which defeats the point of SSO's simplicity.
Single Sign-On: Helpful, but Not Perfect
We've looked at both the positives and negatives of a single sign-on system. In summary, SSO makes life easier for users since they don't have to remember as many passwords. It reduces the repetitive work of resetting passwords for IT staff, and provides incentive to have one strong set of credentials instead of many weak ones.
However, SSO involves trusting a lot of information to one entity. It's not the best choice for every company, so you'll need to weigh these factors for your specific setup.