in Resources

Got SSO? You Still Need Password Security

Getting Started with SSO Security: An In-Depth Guide

Hi there! Single sign-on platforms promise to rescue us from password fatigue. No more memorizing logins for every app and resetting forgotten passwords daily! However, convenience comes with trade-offs. Relying solely on SSO introduces new password security gaps leaving organizations exposed.

As an experienced security architect focused on identity and access management, I‘ve helped many companies successfully implement SSO. Based on hands-on lessons learned, I‘ll use this guide to walk throughcomplementing SSO deployments with controls addressing those password risks and vulnerabilities. I‘m excited to share insider recommendations so you, too, can adopt SSO without compromising critical safeguards!

The Trade-Offs of SSO Adoption

First, let‘s briefly recap high-level benefits realized by organizations deploying SSO products like Okta, Ping Identity, and ForgeRock which all saw 30%+ revenue growth last year:

Benefit

Reduced IT tickets

Increased productivity

Streamlined IAM

Statistic

Up to 50% drop in password-related requests (Gartner)

4 hours/week savings from less password entering (Forrester)

68% quicker deployment of cloud apps (Ping Identity)

However, based on my experience, exclusively relying on SSO introduces security gaps including:

Gap

My Take

Single point of failure

That one master password locks the kingdom!

Password hygiene

No visibility into users‘ poor habits.

Privileged user risks

Carte blanche access looks dicey to auditors.

Legacy systems

Old dogs can‘t learn new SSO tricks.

I agree SSO boosts efficiency but also expands the attack surface. So what‘s the solution? Layer on compensating password protections and access controls!

Layered Security Solutions for SSO Environments

Intelligently integrating complementary security tools can help organizations realize SSO benefits while still upholding strong identity and access safeguards. Here are my top 4 recommendations:

  1. Role-Based Access Controls (RBAC)

RBAC limits employee access through permissioned-groups aligned to job duties. As an identity architect, I insist on centrally managing RBAC rather than scattershot user assignments. This allows efficiently cascading policy and permission changes throughout the organization.

Opt for RBAC-enabled tools like Saviynt and StealthINTERCEPT integrating with popular SSO platforms. For smaller shops, SSO vendors themselves like Okta now offer basic RBAC capabilities.

  1. Privileged Access Management (PAM)

PAM is a must for controlling access to sensitive systems, monitoring privileged user behavior, and supporting compliance requirements around special access auditing.

Top PAM tools like CyberArk and BeyondTrust glue nicely onto SSO products. For example, CyberArk offers specific SSO password protection guidance helping to balance security with convenience.

  1. Multi-Factor Authentication (MFA)

MFA introduces secondary ID confirmation like sending a unique approval code to a user‘s mobile device. Integrating MFA with SSO improves the end-user experience since faster first-factor authentication via SSO offsets additional steps for MFA.

Many SSO platforms now offer some level of integrated MFA support. For more robust capabilities, commercial MFA tools like Duo Security seamlessly overlay onto SSO products.

  1. Enterprise Password Management Platform

A cloud-based encrypted password vault provides added protection according to experts. Stored credentials sit behind one master encryption key mitigating risks associated with SSO‘s single password authentication model.

Solutions like Dashlane Business and Keeper allow securely sharing passwords across designated teams, bolstering productivity. For integrating partners and vendors, temporary password access grants additional oversight.

Architecting a Secure SSO Environment

With carefully designed architectural layers spanning access governance, identity verification, and password security, organizations can maximize SSO ROI while upholding rigorous controls.

You now have an expert overview of technologies to consider when complementing an SSO deployment. I‘m happy to offer additional guidance, best practices, or product recommendations as you evaluate options. Reach out anytime!

Sources:
Gartner Research
Forrester Research
CyberArk
Keeper Security

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.