Single sign-on (SSO) was popularized in the early 2000’s as a way to make it easier for users to log into applications. User portals, where once they logged in, would grant users access to many applications. Today, security concerns and increased user mobility, that so many workers do their work outside company facilities and firewalls, has demanded a new approach. Identity and access management systems seem to be providing answers.
In this article, we feature three leaders in this space: Ping Identity, Okta and OneLogin. Pacific Timesheet is certified and integrates with all three vendors using the SAML 2.0 interface.
SSO is the main user-facing feature within identity and access management systems. SSO can connect users, when it provides greatest access, to multiple software applications at once. In short, users complete a single log in to access all available applications, rather than logging in to each system individually. Although the benefits of SSO are well known, there are several additional benefits of identity and access management systems that are not well understood.
1. Improving User Experiences
While this may seem the most obvious benefit, it deserves to be said: SSO eliminates the need for users to remember and input multiple passwords to access different areas of your system. Gone are the days of trying to keep dozens of password variations straight; with SSO, users can enjoy automatic logins every time they move to a different connected system. All three vendors offer a variety of user authentication schemes ranging from more strict multi-factor authentication to federated solutions that leverage existing user security profiles.
2. Enhancing Security Profiles
Just because SSO can grant users automatic access to all applications does not mean it has to. More advanced IAM systems, most commonly using Security Assertion Markup Language (SAML) 2.0 can use SSO with additional levels of security. IAM systems can authenticate and authorize users based on the access level indicated in their directory profiles. IAM system can also automaetically control user access using other factors. to specific functions of your system. For example, Okta allows you to create identity management policies restricting access to applications based on time of day, or adding additional authentication factors such as physical location. PingFederate can extend a user security profile integrating with existing identity stores, directories or other social identity providers. Additional rules can automate access decisions by identity attribute, group membership or authentication method.
3. Simplifies Auditing and Reporting
Consolidating user identities and passwords with SSO makes it easier for IT departments to audit where and how these user credentials are used. In the event that user credentials are compromised, IAM systems make it easier for IT departments to identify which user was compromised and which data was accessed during the breach. PingFederate allows you to monitor sign on performance metrics, traffic, and compliance centrally. Detailed audit trails allow systems to record user provisioning and de-provisioning as employees are on-boarded or teminated. OneLogin allows you to run detailed analytical reports on users, apps, logins other events.
4. Allows Easy Access No Matter Where You Are
IAM/SSO allows users to access to all interconnected systems, regardless of where the user is physically located. This can be especially useful for large companies doing business globally, providing ease of access to employees, parnters and clients alike. OneLogin offers apps that allow users to access any enterprise web-based application anywhere on any device. OneLogin Mobile identity management provides users one-click access to all enterprise apps on smartphones and tablets.
Some vendors offer suites of identity management solutions that require additional setup and configuration. Okta claims to provide the only truly comprehensive mobile solution to securely and efficiently enable new mobile initiatives, with enterprise mobility management completely integrated with its identity management solutions.
5. Increases Productivity and Reduces IT Costs
The original benefit of SSO for IT departments was to eliminate the cost of internal help desks helping users locked out of their application accounts. IAM is purporting to do much more. By leveraging already existing identity stores such as Active Director or LDAP, IAM allows you to extend what you have into the future. Cloud-based and mobile-based IAM tools not only allow users to authenticate from anywhere anytime, they also provide the extensive audit trails, analytics, access rules and policies to truly automate identity access and management across the enterprise.
Employee time, work, asset and field documentation systems touch more users than perhaps any single application in the enterprise. To ensure that its customers can gain all the benefits of IAM and SSO, Pacific Timesheet integrates with Ping Identity, PingFederate, OneLogin, Okta, Azure AD and many other SAML 2.0 compliant IAM and SS0 systems, as well as Active Directory and LDAP. Pacific Timesheet is one of the few time management software companies to offer a free trial of its SAML 2.0 IAM/SSO integrations.