Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Increasingly organizations have turned to single sign-on (SSO) tools as they transition their cybersecurity strategies to meet the challenge of increasingly sophisticated cyberattacks, remote
workforces and the diverse needs of the business.
SSO is easy to sell to end users. Simply point out the frustrating and time-wasting steps required to log into various apps without it and compare that to SSO’s streamlined process of using one link, one credential and one authentication to access
This piece provides key benefits to drive SSO adoption along with guidance to help end users see the value of SSO as part of your IAM solution.
Information security teams ask a lot from the workforce as part of their IAM strategy. Consider the path workers must take to complete their tasks, including the number of steps, the familiarity of each step and the friction of going from one step to
the next. When it comes to passwords and authenticating, individuals must:
That’s all before they even start on the actual task at hand. Their familiarity with each step is often low, because every site is different. Some sites require VPNs and some don’t; some sites have login prompts with a username/password on
the same dialog, while others have these on separate pages, and the secondary factors are similarly varied.
How big a problem is this? Typical organizations continue to use multiple passwords and for a multitude of cloud service apps. Confusing and slow password authentication wastes the time and
cognitive abilities of end users every day. Passwords continue to be the weak link in organizational security, with attacks targeting remote workers spiking significantly in the last few years.
READ: Centralized IAM Best Practices
SSO removes all that friction. It lets users access their web apps using modern authentication protocols such as Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). From the end-user perspective, the workflow becomes much simpler:
SSO enhances the user experience and enables the employee to get to work faster, because:
READ: Password Policy Best Practices for Your Business
When making the case for SSO, consider sharing the following metrics:
These metrics can help you quantify the benefits end users experience with a transition to SSO.
Research from LastPass finds that most people (91 percent) know they should use separate passwords for every app, but most people (66 percent)
use the same password anyway. Most people also know they should use MFA, but most still (66 percent) don’t. The problem isn’t one of awareness. The problem is one of making the secure choice the easy choice. SSO is the means for
doing this. SSO significantly reduces the number of credentials the workforce must maintain, as well as time and confusion when authenticating. To ensure end users are on-board with your SSO deployment:
Spend time with the workforce to understand their specific workflows, pain points and openness to change. The above metrics and process provides a high-level overview. However, as with any change, success comes when security professionals approach end
users with empathy and understanding.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 21, 2024
By IANS Research
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.
February 15, 2024
By Alex Sharpe, IANS Faculty
IANS Faculty member Alex Sharpe discusses the risks around AI adoption and provides governance guidance to make your AI launch safe and mitigate risk.
February 13, 2024
By IANS Faculty
Learn how to how to use NIST to modify secure baseline configurations to account for risk and improve security posture.