Web and cloud single sign on in the modern world

Posted by Edward Killeen on Fri, Oct 25, 2013

The average corporate user has to access over 16 applications in the course of their jobs, that can be up to 16 sets of credentials (username and password).  Assuming 30 seconds of extra time per credential, that's about 40 minutes per week wasted on usernames and passwords.  Factor in a forgotten or locked password per week and you are up to almost an hour spent per week dealing with this wholly un-neccessary routine of passwords.

Why?  Single sign on.  It is better, it's easier, it's more secure.

Your user has to authenticate at least once, usually with their Windows credentials.  Now you know who they are.  You know what applications they have access to, both on premise and cloud.  So why are they having to continually prove their identities to each application?

Web and cloud single sign onOf those, 16 web and cloud applications, probably half of them support federation, usually SAML or OAuth.  Note: EmpowerID supports SAML, OAuth, OpenID, WS-Trust, and WS-Federation.  You can federate with those applications, knowing that it trusts that you know who you users are.  Your Identity Provider (EmpowerID) will simply send a token to that application verifying who your user is and the access they have.  No username or password typed.

For those web applications that are not federated, Web Access Management (WAM) is the way to go.  For these applications, EmpowerID either uses an agent in the application or a reverse proxy to secure the URL and pass a secure header variable with your user's credentials.  This tried and true method can usually cover a quarter of applications.

For those remaining applications that cannot federate or use WAM, secure password vaulting can keep the exact same SSO experience for your users.  Your user will claim the account, enter their username and password ONCE, and EmpowerID will encrypt and pass these credentials as your user signs in.

Your users will have a single SSO dashboard for all of these applications and never have to type another set of credentials for any web applications, on premise or the cloud.

That being said, making it too easy can be an issue sometimes as well.  Say one of those web applications stores all of the company secrets, like the Colonel's secret recipe or the location of the exhaust vent on the Death Star.  You have to secure that, right? 

That's when you add a second factor authentication to that specific application.  Incorporate an OATH token into the authentication process for that application, send it to a known device for the user and be doubly sure that they are who they say they are.  With EmpowerID, this two factor authentication can be added into any SSO workflow and even be based on the user's role.

Save your users time while increasing your security seems like a win-win situation with single sign on.  Schedule a demonstration of EmpowerID's complete SSO capabilities and/or download our whitepaper on the Top 5 Federated Single Sign On Scenarios.

Click me

Tags: Single Sign-on (SSO)