July 13, 2021

    Single Sign-On (SSO): What Is It and How Does It Work?

    In recent years, Sharetru has received many questions from our customer base regarding Single Sign-On, otherwise known as SSO. This blog is meant to educate the reader on definitions and use cases as the technology has become widely adopted across organizations of all sizes for administration and security purposes.

    What is Single Sign-On (SSO)?

    Single Sign-On is a user authentication service that permits a user to utilize a single set of login credentials, and then have the ability to access any related – yet independent – software applications. 

    Example: A user might login using an SSO platform such as Azure AD, Okta, One Login or Ping. Then that user gains access simultaneously to a list of cloud-based applications required to perform their duties such as Sharetru, Microsoft O365, Salesforce and others.  

     

    How SSO Works

    There are 2 main types of SSO technology used by organizations today, Open Authorization (OAuth) and Security Assertion Markup Language (SAML).  

    OAuth

    OAuth (with the OpenID Connect extension) works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials.

    There are 2 different versions of OAuth:

      • OAuth 1.0a
      • OAuth 2.0 (Used Most)

    Before OAuth, a user would go to a site, enter a username and password, and login to access their data. With OAuth, the user communicates with an identity service that then provides a cryptographic token which is communicated to the application to authenticate a user.  

    SAML

    The second (and older) authentication method is SAML 2.0. It was introduced in 2005 and can be described as a session cookie in your browser that gives a user access to specific web applications as defined by an administrator. SAML is considered "limited" outside of a web browser seeing as internet/web behaviors have changed a lot in the last 16 years. Regardless, some government compliance requirements still have SAML 2.0 as the standard (e.g. IL4). 

    Benefits of Single Sign-On (SSO)

    With the increase of cloud-based, off-premise, subscription software used by organizations today, SSO benefits your organization's security posture in several ways:

    1. SSO is convenient for users because they do not have to login to multiple applications. They can login once and gain access to a full application set decided on by your organization’s systems administration team for a specific user group.
    2. SSO is convenient for administrators because it removes a significant load of managing the same user list across multiple applications. If John Doe has access to 5 applications, an administrator no longer manages 5 sets of credentials for John Doe. He’s now managing a single set of credentials for this user. This allows for an administrator to quickly remove access to all applications in case of a security threat from the individual, or quickly provide access to new employees, or individuals moving to new roles.
    3. The usernames and passwords no longer being stored in third-party sites, an administrator can mitigate risk by not managing the usernames and passwords externally. 
    4. “Password fatigue,” otherwise known as “password chaos,” is alleviated. Password fatigue is the feeling experienced by members of organizations with multiple systems requiring separate usernames, passwords, and password strength requirements. On top of this, a good security posture asks their organization members to change their passwords typically every 90 days. This affects your users’ routines and can lead to employee frustrations when they forget passwords.  
    5. Beyond reducing the time spent by your employees to re-enter passwords or pick new passwords, SSO has the added benefit of reducing IT costs due to the lower number of help desk tickets and calls about passwords. This is because of the decrease in usernames and passwords managed through external applications. 
    6. End to end user audit sessions improve an organization’s reporting and auditing when that time of the year comes along. 

    Downsides of Using Single Sign-On (SS0)

    1. Since SSO provides a user access to multiple applications with a single login method, the negative impact of a bad actor gaining the credentials of a single user is amplified.
      • To overcome this potentially high impact situation, organizations should still integrate a multi-factor authentication (MFA) system with their SSO platform.
    2. SSO can be a single point of enterprise failure since it creates a critical application for access to all systems.
      • If your organization’s SSO platform were to go offline, your users might be denied access to systems they need to perform their job duties. If access to specific systems must be always guaranteed, SSO might create a less than desirable situation during a downtime event. To combat this, your organization should ensure it has a good (and well tested!) failover/disaster recovery design.
    3. Some organizations have low visibility into the changes required to employees’ SSO requirements.
      • An organization must require good identity governance. Pain points may arise from security threats by outgoing employees, and time spent waiting for systems access by incoming employees. An organization must have high visibility processes in place so if an employee leaves, is hired, changes roles, or otherwise should be removed from your systems, this can be accomplished quickly and easily.

    While there are both positive benefits and negatives to using SSO, the negatives can be corrected with a well-planned internal security process. For all these reasons, organizations across every industry have continued to adopt SSO.  

    Sharetru’s Single Sign-On (SSO) Integration

    Sharetru has allowed for SSO provider integrations for our top-tier plans on both the FTP Cloud and GOVFTP Cloud in a way that’s adoptable for an organization’s internal users and external users. If you have questions about Sharetru’s SSO or any other features, please contact Sharetru sales.

    Trial Info: Try out a full-featured Sharetru plan and your first 14 days are free

    As you try out the different file sharing options available to your company, keep in mind that the security and flexibility of Sharetru can’t be beat. It’s the perfect file sharing solution for companies who are looking for both usability and data protection.

    Brendon Ainsworth

    Brendon, Sharetru's CRO & VP of Sales, brings diverse industry experience, excelling in GCP & AWS infrastructure certifications.

    Other posts you might be interested in

    View All Posts