Lots of web based apps are used within organisations today and it’s a great way to introduce some smarts into your organisation. But how do you control all the staff logins/password that go along with it?
SSO or Single Sign On can help with this. SSO simply put is a concept of having a third-party do the authentication, authorisation and access control when accessing a resource. Sounds complicated but you probably already use it: a good example is if you’ve ever logged into a website using your Facebook account, this is using SSO.
The key to this is an Identify Provider and if you already use Microsoft cloud services you may already have one, known as Microsoft Azure AD.
Having your own Identity Provider in your organisation means you can push out SSO to apps that support it. Some of the benefits of doing this are:
Its more secure
Its more secure for lots of reasons, some examples are:
- Having SSO means fewer passwords which is a good thing. No more sticky notes around your computer screen or re-using the same password across different sites. One common problem we come across is when staff use their work credentials to access third-party sites and those sites get compromised. This issue is avoided with SSO.
- Access becomes auditable. It’s great to understand exactly who is accessing what in a central place.
- All the reasons listed below.
Single password for multiple apps
Gone are the days of having to try and remember passwords for all these different sites. SSO allows you to use a single credential such as your work email and password.
Change this password and it’s changed across any sites that are SSO based.
Staff on-boarding is easier
Setting staff up for SSO based services is easier than using traditional logins. It can be as straightforward as adding a user to a group and then they have access to the third-party app.
Also, you don’t have to hand over a set of passwords for any websites, staff just need to know their work login.
Staff off-boarding is safer
Staff move on and often their access to certain resources can be overlooked and not shut down properly. Using SSO, if their main account is locked, disabled, or deleted then their access to any SSO related sites is also removed also.
Enforcing Multi-Factor Authentication (MFA)
Your organisation may have a requirement for staff to use MFA and sometimes this isn’t available on third-party apps or is cumbersome to setup/enforce.
With SSO, enforcing MFA on your main work account then introduces this same requirement in a consistent way to all these third-party app.
If you’re not sure if SSO is for your organisation or if any of the third-party apps you use support it, talk to us and we can give you a clear picture of what’s possible.