Cloud SSO: What Is It and Why You Need It

A Single Sign-On (SSO) environment consists of two major components, namely, the Authentication Server (also known as the Identity Provider) and the Cloud Apps. Most IT departments are responsible for activating or deploying the Identity Provider (IDP or IdP or SSO) service for their entire organization. The Identity Provider is essentially an Application Service that leverages an existing enterprise Identity and Authentication (IAM) infrastructure for the authentication of existing Users (typically, staff, employees, students). These Users and their credentials (including multi-factor MFA credentials) are typically provisioned in a directory or a database, such as, Microsoft Active Directory, LDAP directory or an SQL database, which constitutes the enterprise IAM infrastructure.

In a SSO workflow, once the user is authenticated against the IdP/SSO service (which in turn leverages the pre-configured enterprise IAM infrastructure), the IdP service generates a unique secure token for the user as an encrypted browser cookie. Now, when the user visits a trusted Cloud App, the App decrypts the token and gives the user appropriate level of access based on the user attributes. These user attributes are part of the secure encrypted cookie (token) that is presented to the Cloud App by the browser. If the SSO solution follows open-standards protocol such as SAML, CAS, WS-Fed or OIDC, then the user-attributes never include the user credentials, and so the user credentials never leave the enterprise IAM infrastructure, and therefore never shared with anyone. Trust between the Cloud App and the SSO service is pre-configured via strong security mechanisms such as PKI and HTTPS/SSL.

As a result of the SSO workflow, when the user visits any of the other trusted Cloud Apps, then they are not required to input their user credentials again during the same browser session. Each trusted Cloud App simply parses the secure encrypted cookie (token) to give authorized access to the user. This gives the user a seamless single sign on user experience.

cloud-sso

Cloud Single Sign On – How Does it Work?

Cloud Single Sign-On or Cloud SSO means that the Identity Provider functionality is available as a Cloud-hosted and managed Service by a Cloud SSO provider. The SSO service still requires integration with an existing enterprise identity authentication system (such as Microsoft Active Directory, LDAP, SQL, Cisco Duo, and others), as well as authorized Cloud Apps used by the organization. The Cloud SSO provider may host the service in the Cloud in the Customer’s local region or in a remote region. The location (region) of the hosted SSO service may be important to the Customer organization since location/region affects the laws applicable to the user data in terms of governance and compliance.

Popular Cloud SSO Solutions

IBM/Citrix, Microsoft, Okta, OneLogin, and Others

Just like the Big Box stores, these providers provide large and expensive solutions that may contain proprietary implementations. Their solutions are not usually tested and reviewed by independent security experts. So, compatibility and security may be an issue here. 

LastPass, 1Password,and Others

These are consumer-grade software products designed for retail individual customers for storing multiple passwords for each user. These are not enterprise-grade single sign-on solutions. Most enterprise IT managers do not allow such products on their network and devices.

ElasticSSO Shibboleth Cloud

A truly unique, low-cost, open source technology solution. Shibboleth open source is a widely adopted, tested and reviewed single sign-on (SSO) authentication middleware. It has been in the market for over 20+ years, and has been tested and reviewed by independent security experts worldwide. It has been deployed in multiple vertical markets such as Education, Public Sector, and Medium to Large multinational corporations worldwide.

Conclusion

Cloud SSO gives you the flexibility and freedom to deploy the service for your Enterprise without the hassle of managing hardware, software and IT infrastructure. An open source based Cloud SSO solution remains the best choice and gives you the peace of mind that it has been tested by independent experts, and therefore is more reliable and transparent than proprietary implementations. It is time to ditch the on-premise SSO installations and adopt Cloud SSO based on the Shibboleth platform. More information on Elastic Shibboleth SSO is available at 9starinc.com/cloud-sso/.

, , ,
Contact

Get Connected.

We welcome you to contact us for more information
about any of our products or services.

CALL: +1.888.999.8934

Contact