Web Application Single Sign-On (SSO)
In 2021, the average number of Software-as-a-Service (SaaS) applications used in organizations around the world was 110. When web applications hit the market, they grew in popularity and began to proliferate very quickly, and this number has increased considerably every year. because. This explosive growth is what led to the creation of web application single sign-on (SSO).
In a word:
- There was an event: Web applications emerged and grew in popularity.
- There was a need: Organizations needed secure and efficient ways to connect employees to their business applications located outside of the on-premises Windows domain.
- There was an untapped opportunity: Web SSO application vendors came up with the first generation of Identity-as-a-Service (IDaaS) solutions to address this need, i.e. single sign-on tools for web applications.
What is Web Application Single Sign-On?
Web Application Single Sign-On refers to the traditional version of Single Sign-On which allows users to log in once using a single set of credentials to access all applications web they use, usually through a web portal or browser extension. To achieve this, organizations typically purchase and configure a web application SSO tool which is then layered over their existing directory service or identity provider (IdP).
A high-level overview of how the SSO process works:
- A user tries to log in to a web application.
- The web application verifies with the SSO tool which has either attested that the user is who they claim to be through verification with the IdP, or the SSO tool initiates this process to verify the user’s identity.
- If the user has already been attested by the SSO solution, he is logged into the application.
- If the user has not yet been verified by the SSO solution, it will prompt the user to start this process.
Can I use SSO alone?
Web application single sign-on must be used in conjunction with an entity that stores user credentials. Most web application single sign-on providers do not store user identities; instead, they validate user credentials against a separate identity database, traditionally a directory service or identity (Read More…)