SSO and MFA : The Guide to Overcoming Security Limits
When talking about SSO and MFA, some may get mixed up, or perhaps don’t fully understand the added value of combining both of them. Single sign-on (SSO) is all about users gaining access to different apps with a single authentication. As for multifactor authentication (MFA), it adds a layer of security upon authentication to verify the user’s identity.
Understanding what is SSO and how it works
Single sign-on (SSO) is an authentication method allowing a user to use one set of login credentials – most of the time ID + password – to authenticate at the beginning of his/her work shift. This way, the user can enjoy access to multiple applications and websites without having to lose time login in again. A kind of “master sign-on”.
Each time a user logs into an SSO service, the service will create an authentication token that remembers that the user is verified. Any application or website that the user later visits in his work shift will check with the SSO service who will send the user’s token to confirm his identity and give him access. You can imagine this token as being the “keys to the castle”. This means that when a user logs in to another application or software after his first “master sign-on”, the SSO solution logs in on their behalf.
Beware of the security limits of SSO
Surely SSO is a gift to users: being able to access everything without additional login. But with this added value in productivity comes an increase in security concerns, with a need for a more secure environment.
Imagine if a hacker gained access to a user’s SSO credentials. This means that all other applications and resources to which the user has access are compromised. It’s like putting all your eggs in one basket.
Get the best of both worlds by combining SSO and MFA
If you are an organisation that “puts all its eggs in one basket” using SSO, then you need to be sure to protect that basket and secure it’s access. The answer is not to remove SSO, but rather to fill in the security gaps without compromising the user experience.
This makes it essential to deploy additional authentication mechanisms beyond a simple combination of ID + password. With SSO you need to ensure that access and identities (credentials) are well protected and secure, for example by combining it with a strong authentication solution (MFA).
Universal B2B / B2C multifactor authentication
TrustBuilder allows your users to access their applications securely and in a very simple way, whether they are in the office or remotely, with or without a connection, no matter which device they are using.
Not all MFA solutions will secure your SSO to the same extent
Not all MFA solutions are the same as the technologies behind them are quite different. There are several other criteria to consider when evaluating the security and user experience of the different vendors.
As Gartner points out, while some authentication solutions claiming to be “multi-factor” are really just “+1FA” tools adding a single additional factor to an existing password, there are MFA natively 2-factor and passwordless.
Single Sign-On (SSO) is a method of authentication that allows a user to access multiple applications and websites without the time-consuming task of logging in to each one. Only 1 login is required for all applications, a kind of “super login”.
Whenever a user logs into an SSO service, the service creates an authentication token that will remember that the user has been verified. Thus, any application or associated website that the user needs to log in to later will check with the SSO service, which will send the user’s token to confirm their identity and grant access.