Not so long ago, applications were always managed on-site. The IT department dominated the company network and kept it safe against the outside world by means of firewalls and virus scanners.
This meant that implementing a Single Sign On (SSO) solution in the network used to be relatively easy. After all, each employee’s workstation formed part of the network, as did the applications to which employees needed access. Users authenticated themselves by having their user names and passwords checked against Active Directory, and thanks to the LDAP standard they could benefit from the advantages of Single Sign On.
As technology has evolved SSO has become a little more difficult to implement, due to changes such as the cloud. Lets look at the issue in more detail and options on how to solve the problems:
SSO and the cloud
With the advent of cloud applications, the implementation of Single Sign On in the company network has become a lot more complex. Many applications are now hosted in another technical domain, namely the cloud. Besides the advent of cloud applications, organizations are faced with another trend that complicates the implementation of Single Sign On even more; Bring Your Own Device (BYOD). End users now have the freedom to use their own devices to login to the company network. This makes the implementation of Single Sign-On Products much less straightforward for the IT organization
Single Sign On basically means that users authenticate themselves against a trusted source. When applications are hosted in the cloud though, there is no longer a trusted source against which users can authenticate themselves to gain access to business applications.
OpenID and SAML Solution
Organizations attempt to solve this problem using decentralized authentication mechanisms such as OpenID and SAML. However, the problem is that, as an organization, you are dependent on cloud application vendors. Let’s say that your organization has selected OpenID as an authentication mechanism to enable Single Sign On. This means you will run into problems if the required cloud application only supports SAML.
Enterprise SSO Solutions
Selecting a model that does not make your organizations dependent on interfaces and vendors is a simple solution. There are various suppliers of Enterprise Single Sign On solutions, where the SSO client is hosted on any random device belonging to the employee, thus supporting BYOD. When an employee launches an application hosted on site or in the cloud, the software will recognize the application’s login screen and automatically enter the right credentials. These login details are stored in encrypted form in a SSO database in the network.
This model is based on the recognition of login screens rather than relying on the authentication mechanism supported by the vendor, which makes it a highly powerful solution. The main advantage is that it works for any application, independent of the type (web, java, client/server, telnet, mainframe, Unix, Windows, etc.), for any hosting location (LAN, datacenter, cloud, etc.), from any device (Windows PC, Android, tablet, smartphone, iOS, etc.) and from any user location (work, home, on the road, abroad, unconnected laptop etc.). In other words, it is possible to offer end users SSO for any scenario.