To control and manage access, security measures often require the authentication of user credentials. Single sign-on (SSO) is a type of authentication that enables users to access multiple applications, documents, and infrastructure using a single set of login credentials. This process relies on a trust relationship between service providers and identity providers to link cross-platform identities and uses the Open Authorization (OAuth) framework to aid authentication.
However, there are several disadvantages associated with SSO that increase security risks. Firstly, SSO systems are susceptible to hacking as a successful hack would grant access to multiple systems through a single entry point. Additionally, SSO can cause a security breach if multiple employees use a computer and forget to sign out after their shift, as the next user will have unrestricted access to everything. Furthermore, relying solely on SSO means that if there are any issues with the system, access will be denied to multiple applications. There is also a risk of sharing internal information with third parties, and the principle of least privilege is not upheld as SSO permits multiple access with a single authentication.
To reduce the risks associated with SSO, additional security measures can be implemented. These include using logon management with features such as user login endpoint restriction, session type restriction, managerial approval, unusual login monitoring, and forced log-offs. Two-factor authentication (2FA) can also be used to add an additional layer of security to prevent a data breach resulting from compromised authentication credentials. By combining logon management and 2FA, the risks associated with SSO can be mitigated.
 is a type of authentication that enables users to access multiple applications, documents, and infrastructure using a single set of login credentials.){kind=link}