With the continued increase of applications hosted in the cloud, organizations in all industries struggle with providing simple and secure access to their employees. This includes from within the organization’s network on company-owned computers as well as from device including laptops, tablets and smartphones employees use to log in from home or on the go.
Web SSO (single sign-on) simplifies user access and increase security, while allowing users to log in from any device, anywhere and at any time.
So how does Web SSO work? A Web portal is created that contains icons or shortcuts to all of the organizations authorized Web applications. Users log into this portal with their standard network credentials and are easily and securely validated for all of these applications. The portal is dynamic insofar as it will only display applications that a user is authorized to utilize. Web SSO solutions are relative newcomers and provide the greatest benefit for an organization where the majority of applications are cloud based and the user’s access data from personal devices.
One of the downsides to Web SSO, however, is that it only works with cloud-based applications and those that comply with one of the industry standards, such as SAML, OAuth or OpenID. Communicating with legacy apps, or those that have not adopted one of these standards, requires a more traditional or enterprise-level solution.
This is when an enterprise SSO would generally be utilized. Enterprise SSO compared to Web SSO products typically require a plugin to authenticate back to a directory service, such as Active Directory, to capture the credentials of a user in a secure database rather than using an identity provider. These types of solutions have been available for many years and are widely implemented in locations where the vast majority of user’s access on-premises applications from a computer attached to the company network.
So which solution should your organization implement? Obviously the best approach for many organizations is a hybrid model. Any apps that are cloud-based or standards compliant should make use of the Web portal; when apps cannot be accessed via these methods, a client-based solution should be available to provide a more complete SSO solution for end users.