Single Sign-on (SSO)

Introduction

Efficiency is a vital factor for all enterprises. Whether physical work or computers, efficiency fuels productivity, which acts as a restraining force on costs. When we talk about computers and systems, single sign-on has a substantial value in ensuring security and enhancing efficiency. In a nutshell,  SSO works on trust-building with not only regular applications but also large systems and systems. It allows users to use their credentials only once when they enter the framework for the first time, like one time login.

Previously, one had to make distinct usernames and passwords to sign into different applications or websites. However, with recent developments in cybersecurity and technology, users can now use one set of login credentials (such as a password, username, etc.) to sign into multiple servers, websites, or applications at once. Thanks to Single sign-on

Definition

Single sign-on or SSO is an agent module that exists on an application server and extracts user-specific authentication credentials for that user who requested authentication, and then verifies that user against a user repository,  such as any web-based Lightweight Directory Access Protocol (LDAP). This agent module then validates that user and auto signs in all the applications for which the user needs to sign. The user has allowed the system to auto-sign in every time instead of showing login credential prompts.

Block Diagram

Single Sign On SSO
SSO service is a certificate provision and authentication mechanism that allows a user or identity to use one set of user credentials to sign into various applications. There is a group of trusted identity providers and service providers. When users use their identity credentials to sign into one particular application, it provides a certificate that authorizes them to sign in to other applications and systems that trust the identity provider.

Use case

SSO service allows the user’s credentials used in one application to be entered into another third-party application without creating or reentering new user credentials, such as Facebook, Google, which is known as Social SSO.  However, even if it is a form of development in cybersecurity, it raises security concerns. One of the main ones being:  if an attacker gains access to a user’s SSO information, they can potentially unlock a jackpot of private data as it can be used to sign in to various other websites or applications.

Kerberos

Various software like Kerberos (a network authentication protocol) can configure a single sign-on.

  • For Kerberos, users only have to provide their user credentials once while forming a ticket-granting ticket to generate service tickets. These credentials are encrypted in the ticket, which is used to access different applications on an unprotected network, which signs in for the user.
  • SSO can also be used in smart cards where the user who owns that card will only have to use the card for the first time and will not have to reenter their credentials again. It could also consist of certificates or other factors which are need for the sign-in process.

How to Set Up Single Sign-on

  1. The user chooses a website or application to sign into, which plays the role of the service provider here.
  2. The service provider collects a token of information of the user’s identifying credentials (e.g., userID, username) and relays it to the SSO system.
  3. The SSO system runs on a coalition of identity providers and system providers. The SSO system will then match the information with its database to check if the user was authenticated in the past by any other service providers or has an authentication certificate from a trusted source.
  4. For systems with another layer of security, the system asks the user to input the password again or asks to insert a one-time password(OTP) sent to their registered external devices.
  5. When the user is signed in, the service provider will send a token back to the SSO system to reassure successful authentication, and now the user becomes ‘trusted.’

Advantages

Using SSO service allows the user to avoid the hassles of remembering passwords and usernames as the service stores the credentials and makes the login process more efficient and less time-consuming. SSO can only auto-log into the clients authorized by the end-user, thus preventing phishing attacks.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.