9.4.5
SINGLE SIGN-ON
Users normally require access to a number of resources during the course of their daily routine
Multiple resources > multiple passwords > difficult to remember each one
SSO is defined as the process for consolidating all organization platform-based and
This function would provide the appropriate interfaces to the organization’s information resources, which may include:
• Client-server and distributed systems
• Mainframe systems
• Network security including remote access mechanisms
SSO process
begins with the first instance where the user credentials are introduced into the organization’s IT computing environment.
Domain
Primary
information resource or SSO server handling this function is referred to as the primary domain. #
secondary domain
Every other information resource, application or platform
that uses those credentials
To effectively integrate into the SSO process, SSO administrators 💁need to obtain an understanding of
how each system manages credentialing information,
access control list (ACL)
authorization rules,
and audit logs and reports
Requirements developed in this regard should be based on security domain policies and procedure
Advantages
• Multiple passwords are no longer required; therefore,
• It improves an administrator’s ability to manage users’ accounts and authorizations to all associated systems.
• It reduces administrative overhead in resetting forgotten passwords over multiple platforms and applications.
• It reduces the time taken by users to log into multiple applications and platforms.
disadvantages
• Support for all major OS environments is difficult.
• The costs associated with SSO development can be significant when considering the nature and extent of interface development and maintenance that may be necessary.
• The centralized nature of SSO presents the possibility of a single point of failure and total compromise of an organization’s information assets
SSO implementations will often require a number of solutions integrated into a total solution for an enterprise’s IT architecture.
this reason, strong authentication in the form of complex password requirements and the use of biometrics is frequently implemented.
administration,
authentication
authorization functions
into a single centralized administrative function.
a user may be more inclined and motivated to select a stronger password.