What Is SSO? Work Simpler With This One Tool
Half the battle of getting through a workday is accessing the various project management apps and other services required by your company.
You log in to a Zoom meeting only to find your team lead is referencing a spreadsheet that you can’t find. Is it on Basecamp? Smartsheet? Once you figure out where the document lives, you have to dig for your credentials—and pray that your password hasn’t expired or that you don’t have to bug your colleague to (once again) share access with you.
Luckily, single sign-on (SSO) exists—and Dashlane's password manager has its own SSO—which means a better user experience, fewer password resets, improvement in security and less time wondering if you should just hurl your laptop out the window. (Laptops everywhere can breathe a collective sigh of relief.)
SSO is also better for businesses: With an increase in decentralized systems and networks, authentication is important. Relieving employees of the pressure to create multiple passwords and providing better ways to verify user identity mean your company’s data is far more secure.
What is SSO?
SSO stands for single sign-on, a method of user authentication that requires logging in with just one set of credentials in order to access multiple accounts. Basically, it's the secure equivalent to using the same password for everything—which is very much not a secure password strategy. Imagine signing in to an SSO app, which then uses that login to log you in to everything else. It can replace hours of frustration with time to actually get work done, or maybe…take your lunch break?
How does SSO work?
SSO implementation is less complicated than it sounds. Once a user logs in to an SSO app or organization’s login page, the SSO service creates an authentication token for that user, stored either in a browser or on the SSO application’s server. When the user goes to access another, previously authorized account, the SSO app sends the token to the other account verifying the user's identity—meaning no additional sign-on is required, but the user’s credentials are still secure.
Aside from usernames and passwords, logging in to an SSO app may also require two-factor authentication (2FA for short). This is an additional security step that requires an app on your smartphone, like Duo, or a security code sent to you via text to verify that you’re you.
Why use SSO?
SSO has a multitude of benefits for users and companies—essentially anyone who wants to save themselves some time and frustration while still protecting their data.
- It means fewer passwords to remember, and fewer password resets. Most of us are guilty of using the same passwords over and over, or picking something easy to remember—Password1234, anyone? With SSO, users can choose one strong password that will grant access to all of their accounts. This also means users are less vulnerable to cyberattacks like phishing.
- It shows when and where someone has signed on. If your credentials do get into the wrong hands, with SSO, all hope is not lost. Users or admins will be notified if a sign-in looks suspicious, and they can disable logins to a lost or stolen device.
- Users can be granted different levels of access. SSO solutions allow companies to configure different levels of access for different employees.
- It. Saves. So. Much. Time. Have we mentioned you only need to sign in once? With fewer barriers to access what you need to do your job, your workflow will be streamlined.
What's the difference between SSO and a password manager?
SSO solutions play well with password managers like Dashlane (see below!) but it's not the case that if you have one, you don't need the other.
A password manager securely stores and autofills passwords across the web and across devices. This means that you can create a strong, complex password for every account and keep them all organized and stored in a secure environment.
SSO simply makes it safer and more practical to use the same login for multiple specific, pre-approved accounts, saving time and reducing the risks associated with password reuse.
You would still want your SSO password to be long, complex, and saved in your password manager for easy autofilling everywhere you might need it.
How SSO works with Dashlane
Dashlane SSO works with any SAML-based Identity Provider (IdP), and using it means that Dashlane becomes another service that you can sign into with SSO. If you’re used to signing in to Dashlane with your Master Password, SSO takes the place of that. This works with:
- Dashlane mobile apps
- Dashlane browser extension
- IDP-initiated or SAML-initiated login
Because of Dashlane’s SSO architecture, only the user has access to the encrypted data in the Dashlane vault.
So many acronyms, so little time: 5 types of SSO
Different SSO systems are optimized for different situations. These technologies also often use Federated Identity, an extremely secure authentication method that works across enterprises. Here are the different protocols:
SAML: Security Access Markup Language
SAML allows information to be exchanged by encoding text into the language of a device. This is often used in mobile and web-based apps. (Auth0 is one security solution that supports SAML protocol.)
OAuth: Open Authorization
OAuth transfers and encrypts data between apps, allowing users to grant multiple apps access at a time, specifically native apps.
OIDC: OpenID Connect
OpenID connect takes OAuth one step further by enabling users to only log in once yet still access multiple applications. Many Google users are probably familiar with OIDC; for example, it's what happens when apps ask you to sign in using your Google account.
No, it’s not some kind of fad diet. Kerberos allows both the user and the server to verify one another, particularly if a server is not secure.
Smart card authentication
A more expensive but secure user authentication method, smart cards are physical hardware that plug into your device and require a PIN to access.
Stay ahead of SSO limits and vulnerabilities
As with any security measure, SSO is not without its challenges. Here’s what to be aware of when implementing SSO at your business or for yourself. Security vulnerabilities have been found with both SAML and OAuth. Be sure to stay up to date with the latest software versions, and work with products that have accounted for these vulnerabilities.
What’s good for the user is good for the hacker
Of course, signing in with a single set of user credentials, only once, is much easier than remembering credentials for various accounts. Yet this kind of access also means that if hackers get a hold of your credentials, they’ll also have access to the rest of your accounts. That’s why it’s so important to use multi-factor identification (MFA) in conjunction with SSO.
IAM and SSO: A match made in hackerless heaven
Identity access management (IAM) is a way to automate authentication for a group of employees across the board, including enabling SSO for multiple accounts, user provisioning, and even account set-up. SSO is one part of the IAM trifecta, the others being multifactor authentication (MFA) and user directories.
When used with password managers, IAM becomes one of the most successful enterprise password management (EPM) methods, allowing businesses to easily provision and manage employee accounts.
Want more info about combining password management with SSO?
Read about the benefits and considerations of Dashlane SSO, as well as tips for deployment here.