For a long time the “Holy Grail” of identity and access management has been single sign-on (SSO) – at least when you ask end users and executives that’s what they would say. After all, nothing makes regular folks happier than easy access to everything they need, with only one password to remember, and no need to call IT – ever – to fix your mistakes, because you don’t make them anymore. It all sounds good, but as any of us who have tried to achieve SSO know, it’s not quite that simple.
Maybe “less” sign-on, or “reduced” sign-on, or “close to single” sign-on would be more accurate….and that’s fine. Anything is better than the mess of not streamlining access.
Let’s take a quick look at SSO through the ages.
So you can get single sign-on for everything but it will take a combination of tools and technologies and may not be worth the effort. Many people these days are taking advantage of SSO in pockets – maybe federation for SaaS apps and AD-based SSO for Unix and Linux, but often there are other critical systems that don’t fit the deployment.
But you can get awfully close if you choose the right solutions.
I’ve recorded a short “white board” video that details the options for Web single sign-on and provides alternatives to limited, siloed solutions that only address one of the needs detailed above.
And if you want a more detailed discussion about SSO, how to ensure your project is successful, and how to “sell” the benefits of doing it right read this white paper: Moving SSO beyond convenience