What to Do When SSO Is Having Trouble With The "Single" Part

Single sign-on (SSO) is like the holy grail of identity and access management (IAM). When Microsoft built SSO into the operating system with Active Directory and Windows XP, we all rejoiced. But that rejoicing was short-lived. Sure AD made logging onto Windows stuff a lot easier and truly a SINGLE sign-on, it didn’t extend to all of the non-Windows resources that were just as critical. But at least it was better than the XP days of a password and logon for every Windows server. The same pattern continues with the advent of SAML for federated applications, and then OAuth and OpenID Connect for social login and mobile login respectively.

It seems with the introduction of each new SSO technology, we get simpler … but we get simpler in more places. The result is an unfortunate trend of doing SSO over and over again, and with different solutions for each new type of authentication. So we get MSSO (what I call multiple single sign-ons). It’s better than nothing, but still makes management and access more difficult than any of us would want.

Others have noticed this trend as well.

One of those is Windows security guru Randy Franklin Smith. He’s joined forces with Joe Campbell, one our Principal Architects, to put together a webcast on the topic of securing OAuth and OpenID Connect applications in the same SSO scenario you use for your SAML, WSFed, and other web-based authentication needs.

The webcast is called: Understanding OpenID Connect and OAuth v2.0: How They Work and How to be Secure and happening on March 31st at 11:00 am EDT.

If you have any type of diversity in your web application mix, I encourage you to watch the webcast and learn how to streamline, unify, and simplify your MSSO to true SSO.

Anonymous