Article – Single-Sign-On (SSO) July 08

Single-Sign-On (SSO): Described in Plain English by Peter D. Wallace

These days organizations are using various software packages in the course of business, and not all of them reside within the corporate intranet. Instead of having to remember umpteen user names and passwords, companies and software vendors are opting to deploy and support a single-sign-on, or SSO, solution.

How it Works
SSO is a software solution that is provided by a few vendors. The technology is still emerging and it looks like even Windows 2008 Server may have something baked in for SSO.

The SSO software hooks into a corporate address book so it has knowledge of who is allowed to gain access to the applications. It also hooks into pre-defined domains external to the corporation. These domains are authorized to use SSO for the benefit of the company’s users.

When a user logs into his windows computer in the morning, the SSO software is aware of this and establishes some coding on the user’s PC.

When the user then accesses a website on the internet that requires a login & password, instead of displaying a login page the website redirects to the SSO software. The SSO software then returns with the user’s unique identifier which can be used by the website to establish connection.

That’s all there is to it! Of course, there’s much more going on behind the scenes with security and such, but to the end user, all that happens is they are automatically logged into the external website without having to provide a login and password all over again.

Keeping the Address Books in Sync
SSO depends on the external website having knowledge of the unique identifiers for each user.

For example, lets say that a given user has logged into his/her computer in the morning and then attempts to access an external website. The SSO software would return the unique identifier for the user to the external website. The website would then look up that person in its own address book or table based on that ID.

If the ID is not found, then the website has no choice but to deny access. It isn’t that the user gave an incorrect password or login, its just that the website doesn’t know who they are and therefore cannot allow the connection. The user would be forced to make a support phone call in order to have their account set up on the external website.

Therefore, it is important that the authorized address book from the corporation be replicated or updated at all of the external websites where SSO has been implemented. This will prevent most of the support calls stemming from denied access.

Summary
SSO provides many advantages for corporations that are seeking to eliminate the myriad of passwords that are used to gain access to websites across the internet and even within the corporate intranet. The cost of the SSO software makes it prohibitive to smaller organizations.

However, for hosted providers of software like our ASP model for CrossForm, it is important that an SSO option be offered to customers in order to make the lives of the users much, much easier. All they have to do is log in once in the morning and they have immediate access to all of the external websites they use during the course of business.

Contact us with questions or to find out more about our CrossForm ASP solution.