How SSO is Used in Different Use-Cases

Learn about the different use cases of SSO technology for businesses

Reading Time: 6 min

Share this lesson

With the major role the internet plays in many jobs today, the struggle to remember a password or 20 has become all too common. While we continue to implement technology to make our jobs more manageable, at the same time, we accumulate a dizzying number of passwords to create and consequently remember. That’s where SSO saves the day.

SSO, or single sign-on, is a user authentication service that allows you to use the same set of credentials to access multiple applications, eschewing the frustrating challenge of remembering various complicated passwords. Through SSO, the user has access to all the applications they’ve been granted rights to, and consequent password prompts are eliminated when the user switches applications. The days of keeping track of your convoluted passwords that you’ve been required to change 10 times each on a well-hidden post-it note — or ironically, in another application that requires a password — are over.

Within the greater SSO umbrella, there are two main software types: enterprise SSO and web SSO. While both serve the purpose of simplifying authentication processes, there are a few key differences to note.

Enterprise SSO

The main difference between enterprise and web SSO has to do with the kind of applications they are used for. While web SSO is implemented for cloud-based software accessible through web servers, enterprise SSO is used for authenticating access to on-premise software, which is installed locally on a company’s individual computer or servers. With enterprise SSO, the office administrator uses a desktop client to capture credentials during the first log-in and apply them automatically to subsequent log-in prompts. Enterprise SSO systems don’t require the application to make any changes on their end either, but it does require a system administrator to distribute, install, and maintain the ESSO software on each desktop.

The development of new ESSO systems is aimed at centralizing usernames and passwords so that administrators can focus on developing systems and improving performance instead of password management tasks. To the same degree, employees no longer have to worry about remembering complicated passwords or frequently changing them to include symbols, numbers, and capital letters. Furthermore, users can grant access to an application to a colleague for a certain amount of time without contacting the help desk or sharing their password, which allows users to better anticipate their absences at work. The system administrator still controls which applications and under what circumstances these credentials can be shared.

Web SSO

Web SSO simplifies authentication processes for web-based applications, a process that becomes increasingly important as more applications become cloud-based. Web SSO relies on an enforcement agent to intercept web traffic and authenticate the user against a repository and manage access to the server. While the kind of software that Web SSO manages and protects is fundamentally different than enterprise SSO, it serves the same function of simplifying sign-ins so users don’t have to worry about recalling and changing passwords.

When it comes to setting up Web SSO, there are two principal techniques: the first is SSO management within the web application or through agents in protected applications. While the simplicity of this approach is appealing, this method requires the applications to be modified for the SSO agent, which is often impossible with proprietary applications, and it requires that the application be directly visible from the user’s web browser.

The slightly more complicated but more effective web SSO management approach uses a reverse proxy to control authentication information within the application. The reverse proxy acts as an intermediate server between the user’s web browser and the web server that requires protection, masking the protected web server by presenting different external URLs to the internal URLs. The reverse proxy becomes the second contact point, controlling access and carrying out the SSO process. This technology functions completely independently of web servers, making it more reliable, and provides more protection to web servers, balancing the various access points to the server when multiple reverse proxies are in use.

Conclusion

Our jobs are demanding enough already, and keeping track of several passwords adds unnecessary stress. Single-sign-on software provides an immensely helpful and efficient service to workers who frequently use the internet, allowing them to focus on doing their jobs well. While there are a variety of SSO options available, a combination of enterprise single-sign on, for on-premise software, and web SSO, for authenticating access to cloud-based web servers, is perhaps the best way to go when it comes to implementing this software.

Save time. Enhance security.


Modernize your access control with remote management and useful integrations.

Academy is powered by Kisi, the world’s most advanced access control system