Star letter
Whilst I agreed with many of the points in “The identity mystery: single sign-on and your business” ( see issue 282, p102), I was surprised there was virtually no mention of single sign-on (SSO) itself. Although there is an overlap in functionality, the article also seemed to blur the distinction between web password managers and SSO.
Password managers, including LastPass, Dashlane, RoboForm and 1Password, let users manage multiple identities through a single tool. SSO or identity management solutions use standardsbased approaches such as Security Assertion Markup Language (SAML) to provide a single identity across multiple web-based services. Examples of companies with SSO products include Okta, Microsoft, Centrify and SecureAuth.
Organisations with an existing on-site directory service, such as Active Directory (AD), will typically use a single sign-on solution so that users can authenticate to web-based services with their AD credentials. Their AD account becomes a single, federated identity that can be used across multiple online applications. Some SSO products even have their own directories, removing the requirement to integrate with an on-site directory service and allowing identity management to be moved completely to the cloud.
Most SSO solutions support features including password reset, two-step verification (2SV) or multi-factor authentication (MFA). They also provide advanced security functionality – for example, allowing you to block users from logging in from two different geographic locations simultaneously. Finally, many will also do password management for those applications that can’t be integrated via SAML, or which organisations may choose not to integrate.
Implementing an SSO solution is arguably more likely to provide a solid basis for security than isolating computers on a network with softwaredefined networking (SDN). As the article points out, most office-based employees are anything but, accessing services from a variety of different locations and devices. Enforcing segmentation on the office network via SDN will do little to help with that.