Web SSO vs Enterprise SSO

Currently, the number of applications and software solutions in use by businesses is increasing rapidly. It is not uncommon that one business may utilize dozens of applications, each with their own set of credentials for each user. Many of these applications (both on premise and cloud-based) have become a standard for businesses and schools such as Outlook and Skype. Cloud-based applications like Google Apps, Salesforce, and Office 365 are also among the norm.

With multiple accounts and different credentials for each, it can be difficult for users to remember all of the usernames and passwords, as well as any other fields that may be required for authentication such as domain, company or school. In some cases, users begin to re-use passwords or start picking weaker passwords for convenience. This increases the risk of data breach and defeats the purpose of having credentials; which is to ensure the identity of the user. Single Sign-On (SSO) addresses this challenge by allowing a user to access multiple applications on premise, in the cloud, and from multiple devices with just one secure login. This benefits the user by simplifying access to their critical business applications. With SSO, the risk of losing usernames and forgetting passwords is significantly reduced and has the added benefit of decreasing the number of helpdesk calls with SSO.

For on premise applications, Enterprise SSO is typically used. The administrator implements Enterprise SSO as a desktop client that manages user credentials. It is non-intrusive by capturing a user’s credentials then detecting those same credentials the next time the user attempts to authenticate and automatically logging them into the application. It does not require the application to make any changes on their end as well. Enterprise SSO however, is not without its downsides. In most cases, a system administrator needs to distribute, install, and maintain the SSO software on each desktop.

Authenticating to Web Servers can also be done with Enterprise SSO but more often than not, it is better accomplished with Web SSO. Web SSO is different from Enterprise SSO in that it focuses on web-based applications. More and more applications are becoming cloud-based so being able to authenticate to these services becomes increasingly important. It works by having an enforcement agent intercepting web traffic. The agent authenticates the user against a repository and then manages access. The downside to Web SSO is, as the name implies, that it only works with cloud-based applications using SAML, OAUTH1/2 and other standards. Web-SSO often offers the option of adding additional factors of authentication on a per user, per group or per application basis. This greatly increases security and aids organizations in achieving compliance for regulations such as HIPAA, SOX, PCI-DSS and FERPA, to name a few. Many organizations now offer employees the option to work remotely or at off-peak hours. This makes the use of cloud-based business applications more popular and thus, cloud-based single sign on more popular. To read more about the migration of the workforce outside of the traditional office environment, you can read our blog post ‘SSO on the go!’.