SSO works its magic by using a variety of mechanisms to automate the applications sign-on process so that users don’t have to remember the variety of passwords to gain access to their applications. SSO can help avoid the common situation where many of us reuse the same password for multiple circumstances, making our authentications prone to exploits once a hacker figures out the common login credentials.
These products all work in a similar fashion. First, they connect to one or more directory services, such as Active Directory, or an identity provider with an existing collection of users, such as Google Apps. They grab the user lists from these sources and then apply various rules in terms of what applications each user can access and whether they make use of advanced passwords such as multifactor or one-time tokens to login to each app. Users typically sign in to a Web-based portal, or the products grab their Windows desktop login credentials and use that as the basis of the authentication of the SSO app portfolio. This means that users don't have to remember or even in some cases need to know what their Google or Box passwords are to gain access to these apps.
Finally, the SSO tool can be used to automatically provision a collection of users at once for their app sign-ons. This makes it easier to onboard a group of entering freshman students at a university or when a corporation merges with another and wants to bring everyone up on a new system.
The SSO market is a chaotic one with more than a dozen different products from boutique shops to the largest of software vendors. In the past many of these tools were difficult to implement by the IT department and to operate under daily use; fortunately that has improved and today there are now more applications and Web-based services that are more SSO friendly.
What is new to the SSO marketplace is a hybrid collection of software that has both cloud-based pieces and code that is installed on-premises. Most of the vendors offer additional tools that combine SSO with workflow automation, risk-based and multi-factor authentication, and mobile device management.