For a long time the “Holy Grail” of identity and access management has been single sign-on (SSO) – at least when you ask end users and executives that’s what they would say. After all, nothing makes regular folks happier than easy access to everything they need, with only one password to remember, and no need to call IT – ever – to fix your mistakes, because you don’t make them anymore. It all sounds good, but as any of us who have tried to achieve SSO know, it’s not quite that simple.
Maybe “less” sign-on, or “reduced” sign-on, or “close to single” sign-on would be more accurate….and that’s fine. Anything is better than the mess of not streamlining access.
Let’s take a quick look at SSO through the ages.
- It started with password synchronization, but that soon became too cumbersome, too labor-intensive, and required too much integration to be a true ”enterprise” solution.
- Next we had the concept of enterprise SSO where all credentials were stored and the appropriate fields were automatically filled in when login was required. But ESSO doesn’t leverage more modern SSO concepts and is still difficult to implement and manage.
- Finally we arrived at “true” SSO for Windows with the advent of Active Directory (AD), where a single account and a single credential provides universal access without any synchronization or form-filling. The problem is it only works for Microsoft stuff or things that you can get to play nice with AD, leaving many critical systems out in the cold.
- Today we have the concept of federation, which is “true” SSO for web applications, but only if those applications talk the right standards, leaving lots of legacy web applications and all thick client apps out of the equation.
So you can get single sign-on for everything but it will take a combination of tools and technologies and may not be worth the effort. Many people these days are taking advantage of SSO in pockets – maybe federation for SaaS apps and AD-based SSO for Unix and Linux, but often there are other critical systems that don’t fit the deployment.
But you can get awfully close if you choose the right solutions.
I’ve recorded a short “white board” video that details the options for Web single sign-on and provides alternatives to limited, siloed solutions that only address one of the needs detailed above.
And if you want a more detailed discussion about SSO, how to ensure your project is successful, and how to “sell” the benefits of doing it right read this white paper: Moving SSO beyond convenience