Single sign on (SSO) makes logging in to a platform, application or website quicker and easier, and so offers considerable benefits but there are also some disadvantages and costs to weigh up if you are considering implementing it for your organisation.
Enterprise SSO Advantages
1. Easier B2B Collaboration
For partner companies to work together effectively, being able to interconnect technology for swift and easy collaboration and exchange of information can be essential. One way to do this is to allow access to data and applications through extranets. Authentication and authorisation can be particularly complex in situations such as this, where a variety of users need to access a mix of platforms, applications, and information, so SSO can be a good option here.
Using SSO means that users can log in just once to access all portals, while the businesses involved have the benefit of centralised authentication management, both of which should enhance and quicken the collaboration process.
2. Boost to Productivity
It may sound like a stretch, but for every instance you can reduce the amount of time people spend trying to remember (and sometimes recover or reset) a laundry list of passwords, reducing the accompanying frustration while you are at it, you gain extra productive time that will quickly add up.
3. Improved Auditing
Single sign-on can improve the ease of tracking application usage, instances of credential sharing and shared workstation usage.
4. Improved Ease in Account Disabling
SSO can improve the effectiveness and speed of disabling or removing network and hardware accounts for leavers.
Commercial SSO Advantages
5. Good for CX
A log-in screen isn’t sexy, but it is a key touch-point in your customer experience – it is the gateway to the inner sanctum of your site and both the first interaction many customers will have when they visit your site and an experience they will repeat many times. SSO can make the log-in experience far more satisfactory for customers because it is speedy and simple.
6. Good for Conversions
An awkward log-in experience can create a point of frustration right before a visitor converts. For many companies, even a minute increase in conversion rates can make a big difference, and by reducing user frustration and time sink at this crucial point, you may see more visitors convert into customers. Customer journey mapping may help you understand how customers experience your log-in screen.
Commercial and Enterprise SSO Advantages
7. Reduction in Help Desk Costs
Gartner suggests that, on average, 20-30% of helpdesk calls are password related (usually forgotten passwords or reset requests). Add to that the fact that, according to Forrester Research, the average cost of a password reset comes in at around $70, and it’s clear that improving password accessibility for users can represent a significant business saving.
As companies work to resist the rising threats to information security, more and more are implementing rules demanding ever-increasing password strength. Of course, while this is good practice, the more complex the password, the less likely someone is to easily recall it.
By giving your users fewer passwords to remember, single sign-on can help reduce the strain on your help desk and bring costs down.
8. Potential Boost to Compliance and Security
This can seem counter-intuitive since SSO reduces the barrier to entrance for any given user’s information assets in numerous places to a single password. However, the counter to this is that with only one to remember, users may feel less put off creating a strong password. They are also far less likely to write their password down.
And of course, though best practice warns against this, when logging in without SSO, many people will use the same password for multiple application or website access anyway – this is arguably far worse since it leads to the user’s credentials being stored in multiple places.
If you design your own solution then you can have a good deal of control over the security and can impose strong authentication, authentication attempt thresholds, and explore options such as automatic desktop locking to boost desktop protection.
Potential SSO Flaws
1. Password Security
Though the need to remember fewer passwords may encourage many users to choose stronger passwords or phrases, this will not always be the case. Of course you can impose strict rules, but if users can find a way around these, many will take them. And when they do follow the rules, the risk of passwords being written down rises again.
One way to solve the “one password to compromise them all” issue is with two factor authentication (“2FA” – whereby you combine a password with biometrics, such as a fingerprint scan, or more commonly, information from a physical token such as code sent to a mobile phone or a PIN generating dongle for banking) for initial access.
2. User Data Protection
Unless it is implemented in-house, sites that use single sign-on are handing their user data over to an opaque third party. For some organisations this will be an unacceptable compromise, but others may find it a better and more secure option than having to deal with authentication in-house.
3. Single Point of Failure and Single High Value Target
If the SSO provider suffers an outage then users may be unable to authenticate at numerous applications. Likewise, if a self-implemented solution uses only one SSO server, this also creates the single point of failure issue.
Further to this, SSO providers present a very appealing target to hackers and cyber criminals and any data loss they experience could prove disastrous for their users. Luckily SSO providers tend to have excellent and comprehensive security measures in place.
Is SSO Right for Me?
Many of the flaws listed above depend on quality of implementation and can be mitigated or eliminated if you are designing your own system. Though SSO self-implementation naturally comes with a number of associated costs and issues, such as infrastructure, interface development, training need, licensing, application enablement, 2FA implementation, plus ongoing administration, support and maintenance.
When designed and implemented properly and securely, the benefits of SSO should outweigh the drawbacks.
If you are looking to implement SSO, don’t take a “big bang” approach and connect all apps into SSO immediately. Go one at a time, perhaps beginning by adding those that are easily integrated (by out of box adapters) and following up with custom SSO integrations later.
If you are a CIO considering how best to use technology to improve your business, download our e-book on Performing Digital Tech Evaluations.