Single Sign On (SSO) provides the user the ability to enter the same username and password to log in to multiple related applications and web sites. Since using just passwords has become unsecure and prone to exploiting, single sign on evolved into reduced sign on (RSO) and more different types of validation are used.
If you log in using Single Sign On, with just username and pass you recieve access to several applications that contain low risk information. But if you try to access apps and information of higher risk classification for example financial info, SSO prompts you to use a more secure means of validation such as one-time passwords, biometric scans, smart cards etc.
Three distinct kinds of Single Sign-On services exist:
Windows integrated services enable you to connect to various apps from inside your network that have similar validation means. After your credentials are verified and you log into the network you gain access to actions that your user rights allow you.
Extranet services allow you to access various Web sites all around the Internet with one set of user credentials, for example ‘Log in with Facebook’ button that many web sites provide that allow you to sign in with your FB username and password.
With Intranet services you can integrate multiple apps in one enterprise environment. They might not share common validation mechanisms, but with use of middleware (Enterprise Single Sign-On) users within an enterprise can connect to them with the use of only one set of credentials, it also synchronizes passwords throughout user directories.
1. Credential database, a SQL Server database with information regarding associating apps, and all the encrypted credentials connected to those applications.
2. Master secret server which is a server that houses the master secret which is transmitted to all other SSO servers.
3. One or more SSO servers that map connections from Windows to credentials and look them up from the Credential database.
There are several important benefits from Single Sign-On such as the capacity to administer single authorization and validation within an enterprise, inter-user audit sessions that enhance security while reporting. It also helps by making the developers work easier by not requiring them to know, comprehend and utilize ident security in their apps and of course the financial benefits are visible in terms of the password recovery and help desk fee reduction