9.4.5

SINGLE SIGN-ON

Users normally require access to a number of resources during the course of their daily routine

Multiple resources > multiple passwords > difficult to remember each one

SSO is defined as the process for consolidating all organization platform-based and

This function would provide the appropriate interfaces to the organization’s information resources, which may include:

• Client-server and distributed systems

• Mainframe systems

• Network security including remote access mechanisms

SSO process

begins with the first instance where the user credentials are introduced into the organization’s IT computing environment.

Domain

Primary

information resource or SSO server handling this function is referred to as the primary domain. #

secondary domain

Every other information resource, application or platform
that uses those credentials

To effectively integrate into the SSO process, SSO administrators 💁need to obtain an understanding of

how each system manages credentialing information,

access control list (ACL)

authorization rules,

and audit logs and reports

Requirements developed in this regard should be based on security domain policies and procedure

Advantages

• Multiple passwords are no longer required; therefore,

• It improves an administrator’s ability to manage users’ accounts and authorizations to all associated systems.

• It reduces administrative overhead in resetting forgotten passwords over multiple platforms and applications.

• It reduces the time taken by users to log into multiple applications and platforms.

disadvantages

• Support for all major OS environments is difficult.

• The costs associated with SSO development can be significant when considering the nature and extent of interface development and maintenance that may be necessary.

• The centralized nature of SSO presents the possibility of a single point of failure and total compromise of an organization’s information assets

SSO implementations will often require a number of solutions integrated into a total solution for an enterprise’s IT architecture.

this reason, strong authentication in the form of complex password requirements and the use of biometrics is frequently implemented.

administration,

authentication

authorization functions

into a single centralized administrative function.

a user may be more inclined and motivated to select a stronger password.