Increasingly organizations have turned to single sign-on (SSO) tools as they transition their cybersecurity strategies to meet the challenge of increasingly sophisticated cyberattacks, remote
workforces and the diverse needs of the business.
SSO is easy to sell to end users. Simply point out the frustrating and time-wasting steps required to log into various apps without it and compare that to SSO’s streamlined process of using one link, one credential and one authentication to access
every application.
This piece provides key benefits to drive SSO adoption along with guidance to help end users see the value of SSO as part of your IAM solution.
Understand Authentication Challenges
Information security teams ask a lot from the workforce as part of their IAM strategy. Consider the path workers must take to complete their tasks, including the number of steps, the familiarity of each step and the friction of going from one step to
the next. When it comes to passwords and authenticating, individuals must:
- Find the required web app’s link.
- Remember if the app is accessed over a virtual private network (VPN) or needs additional steps to connect.
- Navigate to the app’s page to the login prompt.
- Recall and enter the login credentials.
- Complete any MFA workflows.
That’s all before they even start on the actual task at hand. Their familiarity with each step is often low, because every site is different. Some sites require VPNs and some don’t; some sites have login prompts with a username/password on
the same dialog, while others have these on separate pages, and the secondary factors are similarly varied.
How big a problem is this? Typical organizations continue to use multiple passwords and for a multitude of cloud service apps. Confusing and slow password authentication wastes the time and
cognitive abilities of end users every day. Passwords continue to be the weak link in organizational security, with attacks targeting remote workers spiking significantly in the last few years.
READ: Centralized IAM Best Practices
Benefits of SSO for End Users
SSO removes all that friction. It lets users access their web apps using modern authentication protocols such as Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). From the end-user perspective, the workflow becomes much simpler:
- Log on once to the computer’s desktop.
- Go to the SSO website.
- Authenticate once with a username and password.
- Complete the authentication with MFA.
- Browse (or search for) the web app required for the task.
- Launch the web app from the SSO website.
- Get to work.
SSO enhances the user experience and enables the employee to get to work faster, because:
- Using one link to reach all web apps reduces the effort to open apps: Users have fewer bookmarks to maintain and wade through to get to the right web app.
- Using one credential (username and password) for all web apps reduces cognitive load: Users have fewer credentials to remember, change and maintain.
- Using one authentication (credentials plus second factor) for all web apps saves time: Users spend less time entering the code from the token, clicking approve on the phone or tapping on a Universal 2nd Factor (U2F) key.
- The SSO site offers easier discovery for new or infrequently used web apps: Users have a better experience when searching for apps or adding new apps.
- SSO eliminates the need to recover or reset passwords on web apps: Users have fewer credentials to forget and change.
READ: Password Policy Best Practices for Your Business
Persuasive SSO Metrics to Track
When making the case for SSO, consider sharing the following metrics:
- Web apps
- Total number of apps for the user population
- Average number of apps per person
- Credentials
- Total number of passwords for the user population
- Average number of passwords per person
- Authentication
- Total time spent authenticating (daily, monthly)
- Total time spent authenticating per person (daily, monthly)
- Discovery
- Time to find and register with new (to the user) apps
- Frequency of adding new apps to the workflow
- Total time spent discovering new apps (monthly)
- Average time spent discovering per person (monthly)
These metrics can help you quantify the benefits end users experience with a transition to SSO.
How to Deploy SSO
Research from LastPass finds that most people (91 percent) know they should use separate passwords for every app, but most people (66 percent)
use the same password anyway. Most people also know they should use MFA, but most still (66 percent) don’t. The problem isn’t one of awareness. The problem is one of making the secure choice the easy choice. SSO is the means for
doing this. SSO significantly reduces the number of credentials the workforce must maintain, as well as time and confusion when authenticating. To ensure end users are on-board with your SSO deployment:
- Quantify the authentication load on the workforce today to build the business case.
- Evaluate SSO to determine the best solution for the problem.
- Deploy SSO to reduce time, complexity and friction.
Spend time with the workforce to understand their specific workflows, pain points and openness to change. The above metrics and process provides a high-level overview. However, as with any change, success comes when security professionals approach end
users with empathy and understanding.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.