SSO vs Federated Identity? Intro identity providers | Difference between SSO and federated identity?

 

SSO vs Federated Identity | identity providers | Difference between sso and federated identity There are many SSO solutions in the market. Active Directory (AD) is an example of a SSO because all domain resources joined to AD can be accessed without the need for additional authentication. SAP, Oracle, IBM and others offer SSO solutions for enterprise use. Okta, OneLogin and others specialize in single sign on for web applications. What are the Advantages of Single Sign On (SSO) ? To name a few of the many advantages provides an organization Access logs – an SSO portal provides detail reporting on who accessed what Session time – by eliminating credential reauthentication users spend less time on the authentication process leading to improved productivity. Centralized database – one database that includes logs for authentication and authorization to support compliance and administration. Fewer credentials means a lower chance of phishing – phishing emails and social engineering are nearly impossible Reduce help desk costs – reducing the amount of credentials (passwords) translates to fewer help desk calls which are estimated at 20 – 50% of all help desk calls. What are the Disadvantages of Single Sign On (SSO) ? The main disadvantage of SSO is in its use of one set of credentials, if those credentials are not protected correctly and are stolen the thief has access to your entire kingdom. Companies should always use a 2nd factor to login to SSO (at the very less), companies who take security seriously will use multi factor authentication (MFA). The second less talked about disadvantage to SSO is the fact that while it provides single sign on it does not provide single sign off, the logoff process varies from application to application and depends on the settings of the application, user sessions usually stay active long after the user has completed his/hers use which can easily lead to session hijacking. Federated Identity Vs. SSO While the advent of SSO brought great convenience to users it left some holes unfilled. For one, users have to rely on any given application to support multi-factor authentication (MFA) for additional protection. The user still has to remember all the different passwords for each site they’re using or resort to a password manager. SSO also creates potential security liabilities. For example, any user with login credentials for a specific service will continue to have access until their account is manually deactivated. This inevitably creates the scenario in which employees maintain access to company services long after they leave the company. It also results in the company still paying for licenses that are assigned to former employees. These factors can make SSO both costly and insecure.


Comments