What is Single Sign-On (SSO for enterprise)?

What is SSO (Single-Sign On)?

SSO (Single-Sign On) is the functionality that allows users to sign-in (authenticate) only once during a whole session, no matter how many applications are being accessed. They can then access their data transparently, without the constraint of retyping a new user name/password couple. Evidian Enterprise SSO performs the SSO functionality. The video shows a single sign-on that allows access to different applications with strong passwords for each application.

Why do enterprises invest in SSO?

Reinforce security and satisfy regulatory constraints

By creating an obligatory passage point between a user and its applications, an organization can effectively control the accesses. Moreover, a log of these accesses and administration operations is kept centrally, which facilitates audit. This facilitates compliance with confidentiality, integrity and availability requirements.

Reduce operating costs

Multiplying passwords, often for excellent reasons, reduces users’ productivity and the quality of work. But these "hidden costs" often have a visible side: up to 30% of helpdesk costs are due to lost passwords. This will be considerably alleviated through an SSO solution, with a return on investment that is easy to evaluate.

Open up an information system without risk to the outside world

This demand is getting increasingly frequent: access to the web has become easy, yet employees still have problems accessing intranet applications from outside. Doctors who must consult some medical records, engineers on a work site, sales reps in their hotel: SSO allows transparent and secure access to web applications, even from outside.

The three architectures of single sign-on

SSO server

The information is stored on a server, for instance a Windows or Unix server, that is generally dedicated to this task. The client on the PC queries the server whenever necessary. This server is often duplicated for high availability, although cache mechanisms on the PC can compensate for temporary unavailability. Therefore, start-up costs must be taken into account: servers (but you can dedicate an existing server) and software installation. In a distributed architecture, the number of these servers may be high.

SSO appliance

It is just a variation of the SSO server solution: software and hardware are packaged together. Software-deployment costs are thus reduced. On the other hand, it is not possible to install the software on an existing server, which may increase the deployment costs. Finally, it is often impossible to add memory and disk on an appliance, unlike a server.

Enterprise directory

SSO data is simply stored, in encrypted form, in the directory that already exists in most companies. For instance, the Active Directory base through which users’ access Windows. Therefore, you do not need to install any server or appliance. Your PCs are already configured to access the information, since they already access the directory. Deployment costs are reduced significantly.

Evidian Enterprise SSO uses an enterprise-directory-based architecture. Experience has shown that this simpler solution is quicker to deploy, while maintaining the highest security level.

If you want to learn more about SSO, we recommend this white paper: "Enterprise SSO for all applications".