View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
November 20, 2019

What is Single Sign-On?

Token systems can be targeted...

By CBR Staff Writer

Single Sign-On (SSO) creates a single point of authentication that can be instrumental in reducing the complexity of securing and maintain access credentials for multiple platforms. One of the key benefits of this approach is that SSO can be used across numerous applications, platforms or technologies.

Single Sign-On users typically sign in once to an account that can access domain-connected devices or operated platforms and applications.

Once signed in, enterprise users can access all approved technologies without having to continually re-enter their password credentials.

Operating in this manner helps to centralise user account management in a world of increased use of cloud applications and bring-your-own-device (BYOD), making it easier for system administrators to add or remove access to particular applications as employee clearances evolve.

Okta, Ping Identity and Microsoft are among the sector’s leaders.

As Microsoft notes in one blog: “Without Single Sign-On, users must remember application-specific passwords and sign in to each application.

“IT staff needs to create and update user accounts for each application such as Office 365, Box, and Salesforce. Users need to remember their passwords, plus spend the time to sign in to each application.”

Content from our partners
Resilience: The power of automating cloud disaster recovery
Are we witnessing a new 'Kodak moment'?

While an SSO approach can be seen by those unfamiliar with the approach as a weakening of security due to the fact that employees now only have one access credential, it can actually have the opposite affect: employees that have to remember an array of passwords or constantly have to change them will tend to favour simplified easy to recall credentials.

If they only have to create and remember one access code then they are more likely to select a complicated and harder to break password. This also increases productivity as employees no longer have to take time to login into different platforms or request IT support because they have forgotten password number three. SSO can also make it easier for IT teams to monitor what applications users are engaging with as they move through the companies’ infrastructure with one login.

Single Sign-On Tokens

Obviously having just one login credential for a host of applications creates the viable risk that a threat actor can simply get the SSO details and gain access to all of the companies systems. Bad actors have targeted  SSO in the past to move vertically through a system to access user accounts.

In some cases the SSO mechanism creates a unique SSO token to authenticate a user’s password or access credentials when they want to sign into a platform such as Facebook or an enterprise’s staff facing systems. This token is part of a trust handshake that is created when a user, for example, uses their Facebook account to login into other web applications.

Recently the popular online game Fortnite was targeted by hackers who abused the game publisher Epic’s SSO mechanism via a malicious JavaScript payload; hackers where able to force a request to a SSO provider that could then be used to access accounts of Fortnite players.

Cybersecurity firm Checkpoint detail how a hacker can send: “A request to the SSO providers contains a “state” parameter which is used later on by the “accounts.epicgames.com” in order to complete the authentication process. The JavaScript payload contains a crafted “state” parameter. The “state” parameter value contained a Base64 encoded JSON and the JSON contained three keys, “redirectUrl”, “client_id” and “prodectName”. The “redirectedUrl” parameter is used for redirection as the SSO login completes.”

Yet a well managed SSO approach can create a centralised security environment where IT has complete oversight of who is accessing what, when and in many case from where. Increasingly, organisations without regulatory requirements for on-premises IAM software are deciding to outsource their SSO capabilities. Gartner predicts that, by 2022, IDaaS (Identity-as-a-Service) will be the chosen delivery model for more than 80 percent of new access management purchases globally, up from 50 percent in 2018.

See Also: A Games Vulnerability Could Leave 300m Open to Account Hijacking

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU