Feb 09, 2015

Should I think about using a single sign-on tool for my enterprise?

Best answer
02/09/2015
Single sign-on (SSO) isn’t a new concept: products have been around for more than a decade, and there are dozens of vendors in that space too. What is happening though is that SSO vendors are become more cloud-oriented these days and branching out into the space that was traditionally occupied by multi-factor authentication (MFA) vendors that just sold tokens and access methods.

The concept is simple to explain: you set up your various cloud services to go through the SSO tool so your users don’t have to remember their login credentials and as a bonus you can use very strong passwords too. This makes access to these cloud resources a lot more secure. However, the implementation of SSO in the cloud is more complex.

Why would you use SSO rather than a pure-play MFA tool? A few reasons: First, you use a lot of cloud-based services and want a better mechanism for your users to connect to them. Many of the more popular cloud services support SAML v2.0 standards, which is what most SSO tools use to create their connection. If your set of cloud services doesn’t yet support SAML, you probably won’t be happy with either SSO or MFA tools.

However, if most of your apps are inside your data center, you probably want to make use of the straight MFA tools that offer dedicated hardware or software appliances that be deployed to protect these resources.

Second, you are less concerned about the additional authentication factors than about overall identity preservation and integrity. If you have one or two internal apps that you must protect with the multiple factors, you might be better off with going the MFA route.

You can read a review of SSO tools that I wrote for Network World in 2012 here:
http://www.networkworld.com/reviews/2012/121712-single-signon-cloud-test-264821.html
Best answer
02/09/2015
Single sign-on (SSO) isn’t a new concept: products have been around for more than a decade, and there are dozens of vendors in that space too. What is happening though is that SSO vendors are become more cloud-oriented these days and branching out into the space that was traditionally occupied by multi-factor authentication (MFA) vendors that just sold tokens and access methods.

The concept is simple to explain: you set up your various cloud services to go through the SSO tool so your users don’t have to remember their login credentials and as a bonus you can use very strong passwords too. This makes access to these cloud resources a lot more secure. However, the implementation of SSO in the cloud is more complex.

Why would you use SSO rather than a pure-play MFA tool? A few reasons: First, you use a lot of cloud-based services and want a better mechanism for your users to connect to them. Many of the more popular cloud services support SAML v2.0 standards, which is what most SSO tools use to create their connection. If your set of cloud services doesn’t yet support SAML, you probably won’t be happy with either SSO or MFA tools.

However, if most of your apps are inside your data center, you probably want to make use of the straight MFA tools that offer dedicated hardware or software appliances that be deployed to protect these resources.

Second, you are less concerned about the additional authentication factors than about overall identity preservation and integrity. If you have one or two internal apps that you must protect with the multiple factors, you might be better off with going the MFA route.

You can read a review of SSO tools that I wrote for Network World in 2012 here:
http://www.networkworld.com/reviews/2012/121712-single-signon-cloud-test-264821.html
Answer this