The full form of SSO is Single Sign-On which is a session and user authentication service.
This user authentication service name single sign-on permits a user to use one set of login credentials such as a name and password to get access to multiple applications.
The single sign-on service can be used by enterprises smaller organizations as well as individuals to make it easy to manage various usernames and passwords etc.
There is an agent module in a basic web single sign-on service on the server of the application.
This agent module regains the specific authentications credentials for an individual user from the dedicated signal sign-on to the policy server.
On the other hand, it authenticates the user against a user source like as a lightweight directory access protocol or LDAP directory.
The service single sign-on also authenticates the end-user for all kinds of applications the user has been provided rights to and eliminates future password prompts for any individual application in the same time session.
SSO work
- The working process of the single sign-on service is like a federated identity management arrangement and the use of this system is called identity federation.
- Open authorization is the framework that lets the end user’s account information be used by third-party services and this open authorization is normally called OAuth or oh-auth.
- These third-party services can be Facebook and it doesn’t expose the user’s password. This O-Auth works as an intermediary on behalf of the end-user by giving the service an access token. This access token by O-Auth authorizes specific account information to be shared. Here the service provider sends a request to the identity provider for their authentication.
- Then the service provider verifies the authentication and allows that user to log in.
SSO Configuration types
There are various types of these single sign-on and some of those use protocols like Keberos and Security assertion mark-up language SAML.
Here are three types of single sign-on based on protocol –
Kerberos protocol
Kerberos-based SSO issues a ticket-granting ticket TGT once the user provides its credentials. This ticket-granting ticket or TGT fetches service tickets for other applications the user is willing to access without asking the user to re-enter their details.
SAML SSO
Another type of SSO is based on SAML which is an extensible markup language XML standard. SAML provides the facility to exchange user authentication and authorization data across secure domains. This single sing service that is based on SAML contains communications among the user, a service provider, and an identity provider which maintains a user directory.
Smart card SSO
The smart card-based single sing-on gets the end-user to use a card holding the sign-in details for the first login. the user doesn’t need to re-enter usernames or passwords once their card is used. The single sign-on smart cards will store certificates or passwords etc.
SSO benefits
These are the advantages of SSO –
- SSO streamlines the singing on the process and using applications.
- There is no need to re-enter password details due to SSO.
- SSO lessons the phishing attack chance.
- SSO enables users to remember and manage fewer passwords as well as usernames for each user application.
- The single sign-on service leads to fewer complaints or trouble about passwords for information technology help desk etc.
SSO Disadvantages
These are the disadvantages of the single sing on service –
- Single sign-on service is not helpful if the availability is lost as then users are locked out of the multiple systems connects to this one SSO.
- If unauthorized users get access they can gain access to more than one application due to SSO.
- SSO does not concern a certain level of security that every application sing on can require.
Some Other Famous Full Forms of BHK
SSO- System Security Officer
SSO- School Services Officer
