Enterprise Single Sign On(SSO)

In any organization working with confidential data, it is a foregone conclusion about the data being secure and the even employees need to authenticate themselves, to access the data. While this seems to be in perfect harmony with the current security standards, it however feels tedious for the employees providing their credentials every single time to access data.

The middle ground, can be achieved by using Enterprise Single Sign On(SSO). SSO covers the best of both worlds, ensuring data security while improving the ease of data access, for the users.

Before we can delve deep into Single Sign On(SSO), here are the disadvantages of not using one:

  • Passcode remembrance

    First and foremost, each user needs to remember the passcode created in accordance with the organizational security standards. However, all of us at some point of time have forgot the passcode, primarily because it was made to complex, to adhere to the security compliance. Additionally, employees are forced to change their passcodes periodically, which makes remembrance a bigger issue.

  • Passcode fatigue

    Another disadvantage is the password fatigue experienced by employees, which is the need to remember multiple user name/passcode combinations to access several different services.

  • Multiple credentials-based support tickets

    This is the outcome of the previous two disadvantages, with IT administrators inundated with tickets on a frequent basis, requesting the passcodes to be reset.

  • Repeated requests to provide credentials

    Users are forced to re-enter their passcodes every time, even if accessing the same service.

All of the above disadvantages can be overcome by using Single Sign On(SSO). We'll see what are the other benefits of using a Single Sign On(SSO):

  • Supports conventional authentication methods such as AD-based authentication.
  • Encrypts the passcode to ensure the password cannot be identified. In case you're using app accessing corporate data on a daily basis, SSO ensures the passcode doesn't get transmitted over the network every time.
  • Additional security as the passcode is not provided directly to the actual service. Instead it is provided to the SSO server, implying the actual service cannot cache the passcode ensuring zero chance of phishing attacks.
  • Enhanced user experience, as the employees can switch between various services without having to provide credentials every single time.

MDM supports Single Sign On using Kerberos, a network authentication protocol which secures the passcodes by encrypting them using DES(Data Encryption Standard).

So, any apps and/or internal websites supporting Kerberos authentication in your organization can support Single Sign On(SSO).

The No Sign On method

Improving on the ease and security of Single Sign On, is the No Sign On or Zero Sign On method, whereby the employees needn't enter their passcode even once to access services. This can be achieved if the authentication is certificate-based. MDM supports Certificate-based authentication(CBA) using Simple Certificate Enrollment Protocol(SCEP)