What is SSO?
SSO properly stands for Single Sign-On, though it is sometimes used to mean Same Sign-On. These should not be confused, though they often are, and sometimes deliberately!
What’s SSO for?
Typically, in any organization of size, users will need access to many IT systems, for example, AD, SAP, Microsoft Entra ID, an HR system, SalesForce, legacy systems, and so on. Without SSO of any kind, users may have to remember a different username and password (different credentials) in each system. This is at best annoying for users. At worst, it can lead to poor password hygiene, such as short/simple passwords, or passwords being written down on a ‘post-it’ note.
A degree of alignment can be enforced manually such as the same username, and even the same password. This improves the user experience. Whether it is more or less secure is a matter for debate: we may have removed the ‘post-it’ note problem but added others. For example, if someone can ‘crack’ the least secure system, they might gain credentials that allow access to other, more important systems.
Using a product like MIM (or FIM) usernames can readily be synchronized between on-premises systems (and even some cloud systems), and this can be extended to passwords too (though the mechanism is a little different). This is really ‘Same Sign-On’.
Proper Single Sign-On (that is, you sign on once, and then you get access to everything you need for a period or the duration of your session) comes in many forms. In some legacy situations, it can be very clunky (working at the level of ‘screen-scraping’ – software detecting what you type as you log in to a system, remembering that, and then “playing it back” next time).
If you use Microsoft 365 (which means you are using Microsoft Entra ID), and your MyApps portal includes links to SalesForce, Box, Yammer, X (formerly known as Twitter), etc. – it’s pretty slick. Although even here the way it handles each app can vary – SalesForce is ‘aware’ of Microsoft Entra ID as an authentication mechanism, while for some other applications, Microsoft Entra ID remembers the username and password used to access it (password-based SSO).
An important piece of SSO is that between (on-premises) AD and (cloud) Microsoft Entra ID – important because so many organizations are ‘hybrid’ (using both) and want the user experience to be as friction-free as possible – Microsoft’s link between them is Microsoft Entra Connect, which offers several possibilities for SSO (same sign-on) and what they call SSSO (Seamless Single Sign-On).
Find out more about single sign-on on our Microsoft Entra Connect Masterclass.
You will learn what It can do beyond its ‘out-of-the-box’ form as well as learn how to configure and maintain it. The 3-day course includes lectures, demos, discussions, and hands-on labs.
Need help with SSO in your organization? Our team of consultants is ready to advise. Contact us.