humanID
  • Products
    • Single Sign-On
    • WP/Discord Plug-Ins
    • CAPTCHA
  • Partner With Us
  • About Us
    • Our Vision
    • FAQ
    • Our Team
    • Jobs
    • Contact Us
  • Blog
  • Support Us
    • Membership
    • Donate
Select Page

SSO: A Scope of Solutions

By David Olukoju

November 19, 2021

Single Sign-On (SSO) is an authentication service that permits a user to use one set of login credentials instead of using multiple certificates. Multiple credentials, such as passwords, can be cumbersome to login to various accounts. Other features of logins such as anonymous logins or alternative logins act as safeguards for when these passwords become forgotten, but SSO resolves the conflicting nature of multiple login implementations while being bot-resistant. Within single sign-on, there are many different solutions that rely on varying methods to provide modern standards of privacy.

Common Configurations for SSO

Smart-Card Based

This device allows users to input information such as a username and password from a physical card, which gives the user access to a host of applications. Smart cards can include printed information such as the username mentioned above/password, but they can also use certificates and chips and the required software.

Kerberos-Based

After inputting the user’s credentials, applications generate ticket-granting tickets (TGTs). The TGT provides tickets to applications that request them so the users are granted access without having to re-enter their credentials.

Mobile Device-Based

Either a user password/PIN can be sent to the provided phone number via SMS, or the phone itself can act as a unique identifier, which would allow the user to log on to multiple accounts automatically.

SSO Solutions

Okta

Okta relies on a network of pre-built integrations to provide SSO to cloud applications. These integrations consist of passing authorization credentials, password vaulting, client-server protocols that depend on the user to provide the correct information, and more. The stored identities can be connected to/synced to Okta’s SSO, which, along with Okta’s security policies,  block malicious login attempts on networks.

OneLogin

OneLogin uses a security policy requiring users to provide their username, password, and an additional form of authentication. Once the user provides the correct information, they gain access to all the applications designated by an administrator. The administrators have the authority to establish access to certain applications for users depending on variables such as their department or their location.

Auth0

Auth0 authenticates users through usernames and passwords, and the software deals with issues such as duplicate accounts through account linking. It uses a database and set of services to connect users with network resources upon entering the correct usernames/passwords; a protocol called Active Directory Federation Services (ADFS) does this. A key facet of this process is communication between applications, servers, and databases to ensure a seamless user experience.

Keycloak

Keycloak uses the Kerberos mentioned above configuration for its SSO solution.  Communication between user databases, such as the Keycloak authenticator and a workstation, forwards the tickets from the TGT. An Administrator console is also a crucial part of Keycloak’s solution since the granting of access to users can be adjusted depending on a set of criteria the administrator would prefer (i.e., access to a specific app depends on an employee’s role or an employee’s current project).

JumpCloud

After authentication through JumpCloud’s User Portal, apps within JumpCloud’s SSO relay this information to any applications that require it, giving the user access to whichever apps are designated for said user. JumpCloud operates under the premise of each user having a single identity to access their resources. The software also uses multi-factor authentication (MFA) as a means of providing built-in security.

humanID

humanID‘s SSO works when the user enters their phone number. This information, paired with a valid sim card is used to authenticate the user. Upon authentication, this information is deleted, and each user is assigned a unique online identity known as a hashed identifier. In terms of what a user would see, they would input their phone number, and receive a code through SMS; upon entry, the user is granted access to a service.

Single sign-on is a developing means of improving the user experience by simplifying how users access multiple accounts. The furthering of methods such as mobile device authentication will continue this trend of growth and advancement within SSOs, and by extension, the internet. SSOs must also tackle security challenges due to how they internally store the user’s credentials for the initial authentication, so at least 2-3 pieces of information (username, password, fingerprint, etc.) is recommended. There are many options regarding SSO methods, so you should research copiously and make a well-informed decision depending on your needs and your convenience.

Submit a Comment Cancel reply

Optional: Notify me of follow-up comments by email. Requires for your email to be stored by the site admin

Thanks for your message

To finish submitting your message,
please take a few seconds to anonymously
verify that you're not a bot.
Verifying your humanity..
An error occurred. Please try again
Learn more about the Foundation for a Human Internet's humanID
and the mission to restore privacy online
Cancel
Support our volunteers fighting for a better internet!
Donate