A single sign-on service reduces the headache of remembering passwords, letting your employees or users log in to all their apps simultaneously. Here's what to look for.
With the increasingly cloud-based way of doing business, it's getting more complex to manage security. The average small business uses 15 different software-as-a-service applications, each with its own passwords and authentication rules. Add in-house apps that need their own logins, and employees could have to remember dozens of passwords. This can lead to security issues like employees using a single password for everything from Twitter to your POS software, leaving written passwords where someone can easily find them, or frequently calling IT for help resetting a password.
Single sign-on (SSO) services alleviate this problem by collecting all the apps to a single access site governed by one password. The SSO synchronizes with a directory of passwords so that once an employee (or client) logs in to the SSO, it can log them into the other programs. Users only need to remember one password, and administrators can set rules for that password, control access and plug vulnerabilities more easily.
Several SSO services cater to enterprise-level businesses and small businesses. They usually charge a couple of dollars a user per month, although LastPass offers a simplified free program. In addition to providing a simpler way for employees to access apps, it can be used for businesses who need their customers to access apps.
Editor's Note: Looking for a single sign-on solution? We can help you choose the one that’s right for you. Use the questionnaire below to have our sister site, BuyerZone, provide you with information from a variety of vendors for free:
SSOs usually use two different authentication protocols, OpenID and SAML, each with its own advantages and vulnerabilities. In general, SAML is considered superior, but the best services may use both. Called federated identities, these protocols link a user's identities across multiple platforms so that the SSO can authenticate for the individual app.
Since you are looking at a company to handle all your passwords, including those for in-house use, be sure to ask about security policies and encryption protocols. Look for programs that offer multi-factor authentication and session time-out capability.
Most SSO services can link with just about any cloud-based app. The best have APIs that let you interface your own in-house or custom apps with the SSO platform.
Ease of use
IT staff should be able to add new users with just a few steps and easily navigate the controls to change passwords, set rules and monitor security issues. Users, in the meantime, ought to be able to organize app icons so their most important apps are at the top, change passwords, and access apps. When testing ease of use, try it on a mobile app; users increasingly want mobile capability.
Your admins should be able to set specific rules for passwords, such as number of characters and special characters. The best SSO programs also allow you to set different rules for different groups so that those people working with more sensitive information have a more secure sign-in procedure.
Some SSO applications let the person sign in with a social media account. This is especially useful if you are using the SSO for clients rather than employees.
Sometimes, a person has more than one account on an application – multiple WordPress sites, for example. Your SSO software should let the user register each account with its unique information.
Deep links are those that go to a specific page on a website as opposed to the home page. An SSO that provides password support for deep links makes it easier for users to log in when clicking on a direct link, such as accessing a document on Office 365 from an email.
The SSO detects apps in its network and automatically logs the user in when they open it in their browser. This saves the user the step of opening the SSO program itself while still keeping the passwords off the computer.
The options to brand the login site and translate the page into other languages are great features for businesses using the program for customers. Reports that show who logged in to what app and from where can help your business track employee activity or gain insight into customer use of your products.
A secure, reliable SSO program can greatly simplify the lives of your employees, customers and technical support. In fact, SSO service Okta claims that its users see a 50 percent reduction in helpdesk calls for login issues and log in to apps in half the time they had previously. When seeking the best SSO service for you, look for the features that best address your needs, demand excellent security, and check for a good reputation. Password security, after all, is serious business.
Image from JMiks/Shutterstock