Although the need for multiple passwords to log in to professional applications is very often the leading cause of irritation for users of the information system, it also presents many other security risks: use of weak or commonplace passwords, shared between colleagues or written on post-it notes, incoherent security strategies and password policies specific to each application, complex traceability, etc. It also incurs numerous costs for the company, in particular for operations relating to lost and reset passwords.
By allowing users to access all of their applications with a single sign-on, Enterprise SSO (Single Sign-On) provides a response to this dual issue of security and user convenience.
SSO, or single sign-on, makes it easier for users of the information system to access their applications, reducing the number of authentication requests during a specified period, while controlling and tracing this access to check that users are indeed authorised.
Although a “global” IAM strategy is essential, given the range of applications, user usage scenarios, authentication methods, access procedures, work environments, etc., SSO will generally be addressed through different approaches: Enterprise SSO (or eSSO) for the protection of workstations and fat client and web applications, Web SSO (or Web Access Management) and identity federation if using only the web, and mobile SSO for mobile environments.
Enterprise Single Sign-On
Enterprise SSO, or eSSO, is generally used internally for users’ convenience, providing a single sign-on to access all professional applications. Combined with multi-factor and adaptive authentication mechanisms, it improves the security and traceability of application access.
eSSO requires the deployment of software components on the workstations connected to the information system:
- The standard Windows screen will be overwritten in order to offer more secure and ergonomic authentication methods than those offered by Microsoft, along with a password reset self-service, a feature sure to provide a return on investment for the company.
- An “SSO agent” will be responsible – in place of the users – for inserting “secondary credentials” (username/password combinations for users of the target applications) in application windows which will have been previously enrolled in the SSO solution by administrators.
This SSO category easily covers all types of applications (fat client, web browser, virtualised application, mainframe, etc.) and all types of workstation (dedicated, shared, virtualised, etc.).
Discover our Sign&go Global SSO solution, covering all types of applications in all types of architecture.
The challenges of Enterprise SSO:
how to balance security with ergonomics?
There are many challenges involved in the implementation of an Enterprise SSO solution, which can be broken down into several areas based on the priorities we wish to consider. For example:
- Protect workstations through strong authentication mechanisms
- Adapt the level of security to the work context
- Strengthen the security policies of your applications
- Check and trace access to applications
- Eliminate the use of commonplace passwords
User experience and satisfaction
- Implement a single and ergonomic authentication for all applications
- Give users the freedom to reset their own passwords or their authentication methods
- Make life easier for users by simplifying access to IS applications
- Put an end to passwords and reduce the daily workload on your users and administrators
ROI and Administration costs
- Streamline password management and renewal
- Protect all of your workstations and applications with a single SSO platform
- Simplify the integration of new applications and make the IS flexible and agile
- Standardise and pool authentication and authorisation infrastructures
Our successful experience
in the deployment
of Enterprise SSO projects
in structures of all sizes
Our successful experience in the deployment of Enterprise SSO projects in structures of all sizes
Single Sign-On (SSO) and access control: a necessarily global approach to single authentication
How to protect business data without imposing onerous authentication processes on employees is a challenge that most businesses have or...