How to Drive SSO Adoption at Your Organization

August 9, 2022 | By IANS Faculty

Increasingly organizations have turned to single sign-on (SSO) tools as they transition their cybersecurity strategies to meet the challenge of increasingly sophisticated cyberattacks, remote workforces and the diverse needs of the business. 

SSO is easy to sell to end users. Simply point out the frustrating and time-wasting steps required to log into various apps without it and compare that to SSO’s streamlined process of using one link, one credential and one authentication to access every application. 

This piece provides key benefits to drive SSO adoption along with guidance to help end users see the value of SSO as part of your IAM solution. 

Understand Authentication Challenges   

Information security teams ask a lot from the workforce as part of their IAM strategy. Consider the path workers must take to complete their tasks, including the number of steps, the familiarity of each step and the friction of going from one step to the next. When it comes to passwords and authenticating, individuals must: 

  • Find the required web app’s link. 
  • Remember if the app is accessed over a virtual private network (VPN) or needs additional steps to connect. 
  • Navigate to the app’s page to the login prompt. 
  • Recall and enter the login credentials. 
  • Complete any MFA workflows. 

That’s all before they even start on the actual task at hand. Their familiarity with each step is often low, because every site is different. Some sites require VPNs and some don’t; some sites have login prompts with a username/password on the same dialog, while others have these on separate pages, and the secondary factors are similarly varied. 

How big a problem is this? Typical organizations continue to use multiple passwords and for a multitude of cloud service apps. Confusing and slow password authentication wastes the time and cognitive abilities of end users every day. Passwords continue to be the weak link in organizational security, with attacks targeting remote workers spiking significantly in the last few years.  

READ: Centralized IAM Best Practices 

Benefits of SSO for End Users    

SSO removes all that friction. It lets users access their web apps using modern authentication protocols such as Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). From the end-user perspective, the workflow becomes much simpler: 

  • Log on once to the computer’s desktop. 
  • Go to the SSO website. 
  • Authenticate once with a username and password. 
  • Complete the authentication with MFA. 
  • Browse (or search for) the web app required for the task. 
  • Launch the web app from the SSO website. 
  • Get to work. 

SSO enhances the user experience and enables the employee to get to work faster, because: 

  • Using one link to reach all web apps reduces the effort to open apps: Users have fewer bookmarks to maintain and wade through to get to the right web app. 
  • Using one credential (username and password) for all web apps reduces cognitive load: Users have fewer credentials to remember, change and maintain. 
  • Using one authentication (credentials plus second factor) for all web apps saves time: Users spend less time entering the code from the token, clicking approve on the phone or tapping on a Universal 2nd Factor (U2F) key. 
  • The SSO site offers easier discovery for new or infrequently used web apps: Users have a better experience when searching for apps or adding new apps. 
  • SSO eliminates the need to recover or reset passwords on web apps: Users have fewer credentials to forget and change.  

READ:  Password Policy Best Practices for Your Business 

Persuasive SSO Metrics to Track 

When making the case for SSO, consider sharing the following metrics: 

  • Web apps 
    • Total number of apps for the user population 
    • Average number of apps per person 
  • Credentials 
    • Total number of passwords for the user population 
    • Average number of passwords per person 
  • Authentication 
    • Total time spent authenticating (daily, monthly) 
    • Total time spent authenticating per person (daily, monthly) 
  • Discovery 
    • Time to find and register with new (to the user) apps 
    • Frequency of adding new apps to the workflow 
    • Total time spent discovering new apps (monthly) 
    • Average time spent discovering per person (monthly) 

These metrics can help you quantify the benefits end users experience with a transition to SSO. 

How to Deploy SSO  

Research from LastPass finds that most people (91 percent) know they should use separate passwords for every app, but most people (66 percent) use the same password  anyway. Most people also know they should use MFA, but most still (66 percent) don’t. The problem isn’t one of awareness. The problem is one of making the secure choice the easy choice. SSO is the means for doing this. SSO significantly reduces the number of credentials the workforce must maintain, as well as time and confusion when authenticating. To ensure end users are on-board with your SSO deployment: 

  • Quantify the authentication load on the workforce today to build the business case. 
  • Evaluate SSO to determine the best solution for the problem. 
  • Deploy SSO to reduce time, complexity and friction. 

Spend time with the workforce to understand their specific workflows, pain points and openness to change. The above metrics and process provides a high-level overview. However, as with any change, success comes when security professionals approach end users with empathy and understanding. 

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice. 

Access time-saving tools and helpful guides from our Faculty.

IANS + Artico Search

Our 2024-2025 CISO Compensation and Budget Benchmark Survey is Live!

Get New IANS Blog Content
Delivered to Your Inbox

Please provide a business email.