Skip Links

Single sign-on moves to the cloud

Okta and OneLogin score high in test of eight SSO solutions that cut help desk calls and boost password security

By David Strom, Network World
December 17, 2012 12:00 AM ET

Network World - We are awash in passwords, and as the number of Web services increases, things are only going to get worse. Trying to manage all these individual passwords is a major problem for enterprise security. Many end users cope by re-using their passwords, which exposes all sorts of security holes.

One solution is a single sign-on (SSO) tool to automate the logins of enterprise applications and also beef up password complexity, without taxing end users to try to remember dozens of different logins.

SSO isn't new: we have had various products for more than a decade. What is new is that several products now combine both cloud-based SaaS logins with local desktop Windows logins, and add improved two-factor authentication and smoother federated identity integration.

Also helping is a wider adoption of the open standard Security Assertion Markup Language (SAML), which allows for automated sign-ons via exchanging XML information between websites.

Cloud-based single sign-on: A business perk for customers?

The SSO market includes more than a dozen products from boutique shops to large software vendors. We tested eight products: SecureAuth, OneLogin, Okta, Symplified, Intel's McAfee Cloud Identity Manager, Numina Application Framework, SmartSignin and Radiant Logic. Several other SSO vendors were contacted but decided not to participate, including IBM, CA, Oracle and Ping Identity. (Watch a slideshow version of this story.)

The products all work in a similar fashion. First, they connect to one or more directory services, such as Active Directory, or an identity provider with an existing collection of users, such as Google Apps. They grab the user lists from these sources and then apply various rules in terms of what applications each user can access and whether they make use of advanced passwords, such as multifactor or one-time tokens to login to each app.

Users typically sign in to a Web-based portal, or the products grab their Windows desktop login credentials and use that as the basis for the authentication of the SSO app portfolio. This means that users don't have to remember or even in some cases need to know what their Google or Box passwords are to gain access to these apps.

It sounds simple but there is a great deal of behind-the-scenes software magic to make all the logins operate seamlessly and to connect the dots among the different pieces. And all of the user data "grabbing" should happen over encrypted connections to prevent man-in-the-middle and other attacks.

Trials and Pricing

Most of the vendors we tested offer free trial accounts with certain limitations beyond the two weeks' time frame, so you can get a feel for how they operate. And vendors are very willing to work with your own collection of apps to ensure that their products cover the ones you want to automate the sign-ons for. Some offer enticements such as unlimited number of users for a single app to deploy across your organization and get your end users used to the SSO apparatus, and then they start charging when you add new apps to the portal.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News