Word of the Day: single sign-on (SSO).

Word of the Day Daily updates on the latest technology terms |June 8, 2017

single sign-on (SSO) Single sign-on (SSO) is a session and user authentication service that allows an end user to provide one set of login credentials (such as name and password) and be able to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. Although single sign-on is a convenience to users, it can present risks to enterprise security because once an attacker gains control over a user's SSO credentials, they can access every application the user has rights to. A major challenge for enterprise SSO today is not only to integrate a user's network logon with local applications, but also to integrate it with mobile and software as a service (SaaS) cloud offerings.   In order to prevent malicious access, each aspect of an SSO implementation should be coupled with multifactor authentication (MFA) and identity governance services, such as Identity as a service (IDaaS). IDaaS can be thought of as single sign-on (SSO) for the cloud, bridging which the gap between traditional enterprise SSO and cloud offerings.   How single sign-on works   Typically, an agent module on the application server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server, while authenticating the user against a user repository such as a lightweight directory access protocol (LDAP) directory. Some SSO services use protocols such as Kerberos and the security assertion markup language (SAML). SAML is an XML standard that facilitates the exchange of user authentication and authorization data across secure domains. SAML-based SSO services involve communications between the user, an identity provider that maintains a user directory, and a service provider. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in. The user will not have to log in again for the rest of the session. In a Kerberos-based setup, once the user credentials are provided, a ticket-granting ticket (TGT) is issued. The TGT fetches service tickets for other applications the user wishes to access, without asking the user to re-enter credentials. Quote of the Day "With the centralized identity management systems included in many of today's SSO platforms, IT departments can enforce security policies, manage users and oversee any subscriptions users have associated with their specific cloud accounts, all from one place." - Reda Chouffani   Trending Terms Kerberos SAML two-factor authentication OpenID social login IDaaS   Learning Center Users' SSO information at risk after OneLogin security breach Following a OneLogin security breach, customers were alerted that their data was affected, but the company was stingy with the details of what happened. Use single sign-on technology to integrate mobile app access Single sign-on technology can help IT provide access to third-party apps for employees and to internal apps for customers or partners. And identity federation takes things one step further. Benefits of single sign-on in healthcare Medical professionals troubled by remembering passwords for different systems and applications would appreciate the benefits of single sign-on platforms. Enterprise SSO: The promise and the challenges ahead Enterprise SSO must now adapt to cloud-related services plus mobile employees. This technical tip explains what's changed and how infosec pros can cope. The best SSO for enterprises must be cloud and mobile capable The best SSO for enterprise use must tackle the complexities that mobility and cloud services like identity as a service present. Writing for Business The credit union website uses two-factor authentication to protect _____ members. a. their b. its Answer       Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.