Single sign-on (SSO), is an authentication method that requires a user to only log on once, with a single user ID and password, to multiple applications, systems or Web sites. Prior to single sign-on, a user had to enter both a user ID and password, each usually different, every time they logged on to different applications or systems in the same session. This obviously can be time-consuming, especially in business environments, where time is money yet time is wasted because employees have to keep logging on each time they access a new system from their desktop.
SSO is usually implemented through a separate software authentication module that acts as a gateway to all the applications that require logging on. The module authenticates the user and then does all the heavy lifting -- managing access to the other applications. It acts as a master data store for all the required logon credentials.
An example of an SSO module is Microsoft's Passport, which allows a user to register once and then acts as a gateway to multiple Web sites, each of which normally requires its own logon. There are other commercial SSO modules available, such as Computer Associates' eTrust and there are other modules in Java and PAM for Linux.
While SSO is a great convenience, some see it as a security issue in itself. If the SSO system is compromised, an attacker, in essence, has unlimited access to all applications authenticated by the SSO module.
SSO usually is a big project that needs careful planning before implementation.
This was first published in September 2005