Definition

single sign-on (SSO)

Contributor(s): Chris Waynforth

Single sign-on (SSO) is a session/user authentication process that permits an user to enter one name and password in order to access multiple applications. Credentials for authorization are stored on a dedicated SSO policy server, which passes along the specific authentication credential it has stored for an individual user. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when the user switches applications during the same session. SSO is helpful for documenting logging and monitoring user accounts, which not only improves organizational security, but also meets the requirements of the Sarbanes-Oxley Act (SOX).

Although single sign-on is a convenience to users, it present risks to enterprise security. If an attacker gains control over a user's SSO credentials, he will be granted access to every application the user has rights to, which increases the amount of potential damage. In order to avoid malicious access, it's essential that every aspect of SSO implementation is coupled with identity governance.

This was first published in July 2010

Next Steps

Read about the top multifactor authentication products currently on the market and find reviews of Okta Verify and SecureAuth IdP MFA and SSO products.

Check out this buyer's guide for healthcare organizations considering an SSO technology purchase and explore the various options available, including federated SSO.

Continue Reading About single sign-on (SSO)

Dig Deeper on Enterprise Single Sign-On (SSO)

PRO+

Content

Find more PRO+ content and other member only offers, here.

2 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close