What is Single Sign-On (SSO for enterprise)?
Understand the need for Single Sign-On (SSO) in the Enterprise
What is SSO (Single-Sign On)?
SSO (Single-Sign On) is the functionality that allows users to sign-in (authenticate) only once during a whole session, no matter how many applications are being accessed. They can then access their data transparently, without the constraint of retyping a new user name/password couple. Evidian Enterprise SSO performs the SSO functionality. The video shows a single sign-on that allows access to different applications with strong passwords for each application.
Why do enterprises invest in SSO?
Reinforce security and satisfy regulatory constraints with the Evidian SSO
By creating an obligatory passage point between a user and its applications, an organization can effectively control the accesses. Moreover, a log of these accesses and administration operations is kept centrally, which facilitates audit. Evidian SSO facilitates compliance with confidentiality, integrity and availability requirements.
Reduce operating costs with the Evidian SSO
Multiplying passwords, often for excellent reasons, reduces users’ productivity and the quality of work. But these "hidden costs" often have a visible side: up to 30% of helpdesk costs are due to lost passwords. This will be considerably alleviated through an Evidian SSO solution, with a return on investment that is easy to evaluate.
Open up an information system without risk to the outside world with the Evidian SSO
This demand is getting increasingly frequent: access to the web has become easy, yet employees still have problems accessing intranet applications from outside. Doctors who must consult some medical records, engineers on a work site, sales reps in their hotel: Evidian SSO allows transparent and secure access to web applications, even from outside.
The three architectures of Single Sign-On
SSO data is simply stored, in encrypted form, in the directory that already exists in most companies. For instance, the Active Directory base through which users’ access Windows. Therefore, you do not need to install any server or appliance. Your PCs are already configured to access the information, since they already access the directory. Deployment costs are reduced significantly.
The information is stored on a server, for instance a Windows or Unix server, that is generally dedicated to this task. The client on the PC queries the server whenever necessary. This server is often duplicated for high availability, although cache mechanisms on the PC can compensate for temporary unavailability. Therefore, start-up costs must be taken into account: servers (but you can dedicate an existing server) and software installation. In a distributed architecture, the number of these servers may be high.
It is just a variation of the SSO server solution: software and hardware are packaged together. Software-deployment costs are thus reduced. On the other hand, it is not possible to install the software on an existing server, which may increase the deployment costs. Finally, it is often impossible to add memory and disk on an appliance, unlike a server.
Evidian Enterprise SSO uses an enterprise-directory-based architecture. Experience has shown that this simpler solution is quicker to deploy, while maintaining the highest security level.