By the end of this article, you’ll know what SSO is, how it works, and how to use SSO here at Keepabl. There’s also our Admin Guide to SSO & Keepabl, taking you through all the detail.
But first, why use SSO at all? Who uses SSO?
Unsurprisingly, according to Bitglass, the use of SSO increases with company size, and reaches a healthy 64% for those over 1,000 headcount. However, only 25% of organisations with less than 500 employees use SSO – clearly there’s some ground to be made up here by smaller organisations.
The breakdown by industry is interesting, with Education leading the way, with 61% using SSO (clever clogs). Even more than Finance, who are at 41% adoption.
But why are so many using SSO?
A typical organisation will use different software-as-a-service (SaaS) solutions for their email, calendar, document storage, collaboration, finance and expenses, recruiting and absence management, visitor management, anti-virus software, browser … the list goes on and on. A recent study shows that, on average, we each have to remember 100 passwords. And, for Security reasons, you’ll want each password to be distinct, hard to guess, with sufficient ‘entropy’ making it hard to crack.
Remote and hybrid working are contributing to the issue: according to Snow Software’s survey of 250 IT leaders from mid-sized and enterprise organisations around the world, 82% of those surveyed said they’ve increased their cloud usage in response to the pandemic.
Remembering all those passwords is tough, so passwords get re-used or iterated – a Security nightmare. Measures such as password managers (we strongly recommend you use them) and 2FA (again, strongly recommended and built into Keepabl) drastically improve the Security of your online accounts.
These are all great steps in your IAM or Identity & Access Management: securing and controlling who has access to what, and what they can do when they get there.
But there’s another step you can take, to improve Security and usability at the same time.
Enter Single Sign-On, or SSO.
As the name suggests, it means you only need to sign into one of your accounts online – for example, your organisation’s intranet – and you can then go straight into all the apps you need for your role, without needing to remember a password for each of them. One sign in, which is still usually by password (and we hope 2FA), to access all your online solutions.
You can see SSO is a clear Security and usability win, particularly in these times of hybrid working, and brings great usability benefits too.
Now, let’s look at some common terms in SSO, which will help explain more about how it works.
There are different ways to implement Single Sign-On but, while the core terms can differ, there are the same core actors: you, your employer, the Service Provider and the Identity Provider.
The whole idea of SSO is to use various SaaS (such as Keepabl, HubSpot or Asana) with just one login. Those SaaS solutions that you want to use, provide services to you: they’re the service providers.
Your organisation wants to use SSO so that employees only need to login in once (maybe the work intranet) to have access to all the SaaS they need for their jobs, and the organisation can centrally manage that access, assigning and revoking access to various SaaS for various employees.
The solution you use to grant, revoke and manage that access is your Identity Provider (or IdP). These providers act as the authority on identity for accessing software for your organisation, hence their name. Examples of IdPs are Okta, OneLogin and Azure AD (the AD is for Active Directory, the grandaddy of SSO).
There are many recognised and high-impact benefits of using SSO, all around enhanced Security and simplified User administration.
SSO is a core part of Identity & Access Management – knowing who is accessing your solutions and securely managing that access. With SSO, you have total control over who can access your Keepabl account.
With SSO, you can onboard new employees – and offboard leavers – across multiple SaaS apps (such as Keepabl) in one place, your Identity Provider. No more ex-employees accidentally left with access to your SaaS estate.
You can also give and revoke access to existing employees to your SaaS estate in one place. All with the Security benefits of SSO.
By only having one password for their work apps, your Users are less likely to reuse passwords or create linked, weak, passwords. And because your Users have just one password for many apps, and that password is managed in one place (your Identity Provider), you can easily reset a forgotten password, or change a compromised password, in one place instead of many.
Using SSO means your Users only need to use the Two-Factor or Multi-Factor Authentication (2FA or MFA) tool provided by your Identity Provider, instead of using various MFA methods for multiple apps.
Keepabl has created SSO integrations with the leading Identity Providers so you can give your users seamless access to Keepabl, using the same credentials they use for other SaaS solutions you make available to them. No need to use a separate password (although it’s always a good idea to keep a couple of people with passwords for each solution).
You can use the top 2 Identity Providers with Keepabl, and we’re adding more all the time: