It seems that single sign-on (SSO) has once again emerged as all the rage in identity and access management (IAM). Over the past few years solutions that address the SSO needs of the quickly growing cloud and SaaS application mix have pushed to the front of the IAM mindshare race. And they should. Finally with the advent of standards like SAML, OAuth, and OpenID Connect, the opportunity to give users a unified login experience has become a reality.
But, while these solutions do a good job of solving one problem, they are woefully lacking in many other critical areas. The One Identity family of IAM solutions has been at the forefront of the constantly shifting SSO landscape for years and we have some recommendations to ensure that your SSO project delivers maximum benefit.
- Solve the federation problem – make sure that you address all of your federation needs not just the needs your vendor tells you to worry about. This may include SAML as well as WS Fed/Trust along with the ability to act as a identity provider (IdP) and service provider (SP)
- Don’t forget about the legacy stuff – how many legacy (maybe home-grown) web apps do you have and what types of authentication do they require? Does your federation solution also do HTTP headers, form fill, and credential injection? It should.
- Look to the future – even though you may not be doing so now, will you at some point need to do social login or support login from mobile devices? Ensure that your solution is poised to help you get to where you will eventually end up.
- Expand beyond simple SSO – everyone has remote users and those are often some of the most difficult to deliver a seamless, positive login experience for. Make sure your SSO solution also provides that secure remote access needs that will help your users do the right thing rather than find workarounds
- Go contextual – One of the emerging trends in IAM is the concept of adaptive, risk-based security that takes into account the actual context of an access request to make security enforcement decisions on real time. This “risk engine” approach should be tightly coupled to your access control solution (did you hear SSO right there?). These solutions can be extremely complex and expensive so look for one that comes with the far-reaching SSO solution
Of course I wouldn’t be saying all this if I didn’t think that I had the perfect solution for you. It’s called One Identity Cloud Access Manager and it provides each of the benefits listed above – all in a single, easy to use and own package.
To learn more about this SSO solution watch this video where I detail what we’ve talked about here.