One of the best ways to manage your password collection is to use a single sign-on (SSO) tool. These tools centralize the administration of user authentication services by having one login credential that can be used for multiple applications.
You might think this creates a security loophole. We all have been drilled into not sharing the same login across multiple apps, right? The way that SSO works is somewhat different. Yes, you have a single login to gain overall access to an SSO tool. But once that is accomplished, the tool then automatically sends out separate credentials to sign in so you can use each of your apps. In many cases, you don’t even know the details of each credential — they could be using very complex passwords that are created at random by the tool. The good news is that you don’t need to remember each one, because the SSO does it for you. The bad news is that implementing SSO can be confounding, costly and complex.
Over the years, SSO has taken on more sophistication and widened its functionality. Many of the tools have more flexible and powerful risk-based authentication policies, support a wider collection of multi-factor authentication (MFA) methods to further secure your credentials and integrate full-blown identity management solutions. Why go with this last approach? You add the ability to manage how users are on- and off-boarded, allow for federated identity (if you have multiple organizations that you need to coordinate) and have better integration with your cloud apps.
Many of the SSO vendors offer attractively-priced packages for the SMB world, which is helpful if you want to get started using one of them. Here are some of the leading SSO vendors, along with approximate price ranges and major features:
SSO Vendors Comparison Table
|Duo/Cisco SSO||Free to $108/User/Year||Wide support for adaptive authentication and apps.|
|Idaptive (formerly Centrify)||$20-$40/User/Year||Wide support for authenticator apps, full line of identity governance tools.|
|MicroFocus/NetIQ Access Manager||$47 Initially Plus $12/User/Year||Wide support for various security protocols.|
|Okta SSO MFA||$8000 or $16,000 Initially Plus $36-$72/User/Year||Identity governance tools, many preconfigured apps.|
|OneLogin SSO||$24-$96/User/Year||Many preconfigured apps, SIEM and VPN integration.|
|Ping Identity Ping One||$36/User/Year||Federated identity, many preconfigured apps, variety of MFA methods.|
|RSA SecurID Access Suite||$1830/mo. for 500 Users||Full identity governance tools, many identity providers, adaptive authentication.|
A baby step towards better password security might be to start with an enterprise password manager which just remembers passwords for you. These tools, such as 1Password and Lastpass, keep centralized vaults of all your credentials and insert them into the login process, either from your browser or from your laptop or smartphone. Another less-costly alternative is to deploy the open-source Authy.com service, which is available on a wide range of devices, including desktops and smartphones.
Speaking of Authy, another free alternative to a full-blown SSO is to make use of a smartphone authenticator app and just individually apply this as an additional authentication factor, whether you login from your phone or your laptop. The way this works is that when you try to login to your app (say Gmail), you are asked to type in the one-time password that is being shown at that moment on your smartphone authenticator.
There are any number of free smartphone authenticator apps (besides Authy there are ones from Google, Microsoft and Cisco/Duo, among many others). The downside here is that you depend on each of your individual users to install and maintain their passwords individually. And not all apps work with all of the smartphone authenticators.
If the password manager or authentication app aren’t rigorous enough, you probably should consider an SSO. Here are some questions to address to find the right product that meets your needs:
Single Sign-On Makes Your Life Easier
The right SSO tool will help you manage your password collection, while also providing secure authentication. By answering the questions above while choosing your SSO option, you’ll feel much more confident in your selection.