Four essentials of a good single sign-on strategy

Four key steps and framework that user can use to appropriately scope the target solution set

A well-executed single sign-on (SSO) strategy reduces password-related support incidents and provides users with improved convenience and more-efficient authentication processes. While a sound SSO strategy is one which gives users fewer reasons to write down passwords, one password providing access to all in-scope systems can also lead to compromised access to those systems.

Therefore, organizations implementing SSO, particularly to systems that hold sensitive data, should implement risk-appropriate authentication methods with the SSO system. Solutions aren't 'one size fits all' and solutions which provide SSO to all target systems may be deemed too expensive. Therefore, a best practice is to identify the tactical and strategic approaches that reduce enough of the problem space over time and within budget.

Market research and advisory firm, Gartner has identified the four key steps and framework that user can use to appropriately scope the target solution set. According to Gartner prospective buyers should:

Assess the Current Environment and Pain Points

The first step is to scope the problem space by identifying the user population and use cases that require a solution, and to inventory the target systems, their architectures and the anticipated lifetimes.

User population: Identify whether a solution set should cover employees, contractors, external business partners or consumers/constituents.

Use cases and applications: Identify the logical location of users and the target systems that must be accessedfor example, internal users accessing internally managed applications and software as a service (SaaS) applications, or external consumers and business partners accessing internally managed applications. Identify the applications and use cases that are currently used the most and generating the most calls to the help desk for authentication-related issues.

Applications and their architectures: Determine the application architecture for each application deemed to be in scope for an SSO initiative.

Evaluate Anticipated Changes to In-Scope Applications

It's important to determine whether the applications used today will still be in scope over the next few years. If an application will be retired or replaced or have its user base significantly reduced within one to two years, then it can possibly be removed from consideration and, therefore, reduce the problem space. Approaching commercial application vendors to ask whether there are any plans to provide authentication options that can leverage the enterprise standards is also a good idea. A matrix with the inventory results should be drawn up to help identify common architecture and use case patterns.

Leverage Currently Owned Services or Solutions to Reduce the In-Scope Applications

Identifying existing tools that could help reduce the problem is essential. Their use may be isolated to one business unit or application set when they could be more broadly deployed. Sometimes reduced sign-on (RSO), enabled by an established password synchronization tool or authentication to a common LDAP-accessible directory, will provide good-enough reduction in the problem space. When multiple directories are used for authentication, directory synchronization or virtual directories may be brought to bear to join disparate identity sources and to expose one standardized view of identity to multiple applications or authentication services, such as a WAM tool. This can provide RSO or SSO, depending on the configuration.

Select Solutions to Resolve the Remaining Requirements

Application designs are moving toward Web architectures. As soon as currently owned directories, Kerberos and password synchronization tools have been leveraged, it is likely that tool or service selection will be based on the need to support SSO to Web-architected applications. Furthermore, SaaS adoption has been driving the need for federated Web SSO. Therefore, the solutions that support these needs should be presented first, with less prevalently needed solutions following.

Nike Shox Avenue 808


Add new comment