Single Sign On Security Mistakes To Avoid In 2020

Single Sign On Security Mistakes To Avoid In 2020

Single sign-on mistakes are quite common. IT professionals get excited about the technology since it makes life easier for employees. However, if you approach a single sign-on technology solely as a convenience tool, you will have problems. Specifically, you will increase your security risk! To keep your organization safe, make sure you avoid these mistakes.

The Top Single Sign-On Mistakes To Avoid

As you plan your single sign-on (SSO) program, use this checklist of common mistakes to keep your organization safe.

1) Using Social Media/Social Network Logins

Consumers use Facebook, Twitter and Google login services to access many different websites. They already know, and like these services, so it is no surprise to see them take off in popularity. After all, you get to avoid creating yet another username and password.

There are several problems with relying on these services. First, your organization probably has no agreement or contract with these providers. That means it is difficult to pick up the phone and get support when you face a problem. Second, using a social media login at work sends the wrong message to staff. In the office, you need to be thoughtful about security and confidential information. So asking staff to use a social media login — which tends to encourage people to share information — does not make sense. Finally, there are technical problems with social network sign-on.

2) Avoiding Single Sign-On Solutions Completely

Some organizations are so concerned about single sign-on problems that they avoid SSO altogether. That’s a mistake because it makes life much more difficult for your end-users. Your employee has to remember one password for human resources, another for finance, and more to access IT services. Expecting employees to memorize this many passwords may lead to problems like password reuse.

3) Ignoring Multi-Factor Authentication

Single sign-on helps you to deliver security with speed. However, emphasizing speed alone is not always a wise approach. Some situations call for additional controls. Think about login requests from international locations where you have no employees. By definition, those login requests are higher risk. Therefore, it makes sense to apply more restrictions. For example, you might require users to use multi-factor authentication (MFA).

For the best security results, combine single sign-on (SSO) as the standard solution and support it by adding MFA to your systems as well.

4) Implementing A Partial Single Sign-On Solution

Picture the following scenario. Your organization has 50 internal applications, including internally developed systems and cloud services. You implement a single sign-on platform and then find a problem: it only works on 10 of your systems! As a result, users do not receive much in the way of time savings. If you are going to use a single sign-on solution, make sure that covers the majority, if not all, of your systems.

How To Manage Single Sign-On So It Reduces Security Risk

Avoiding the mistakes outlined above will improve your security. However, avoiding mistakes is not the same thing as success! That’s why you need supporting processes and security technologies in place. Single sign-on will help with end-user productivity and tracking cloud application usage. To continue protecting your security, you need to add more to the picture.

1) Make End User Productivity A Priority In Security

Installing a single sign-on solution is an excellent first step toward making security more comfortable to manage. There is more you can do to make security easy. Take password resets, for example. If you impose a demanding security policy with complicated rules, users are more likely to need frequent resets. Yet nobody enjoys looking disorganized and having to call the help desk for help. Instead, provide a fast self-serve option for password changes. Apollo makes it easy for employees to use your company website, phone and messaging apps to request password changes.

2) Keep Pace With Changing Security Needs In The Organization

If nothing ever changed in your organization, IT security would be easy. You could set up processes and never need to change them again. Alas, that’s not the world we live in! Instead, employees change jobs, new people join, and consultants come and go. All of these changes create more work for the IT security department… or does it?

If you use a modern identity and access management solution, you will be able to address common problems. You probably have some inactive user accounts right now. Those accounts add security risk because users may have more access than they need to do their work. That’s just the tip of the iceberg. When your company implements new software, you need a way to equip your team easily. Using a group request process makes it fast and easy.

3) Manage The Entire Access Lifecycle Including Reporting

When you implement a single sign-on for the first time, employees will notice an immediate benefit. From an IT management perspective, there is more to the story. Your job is never done in security management because the environment keeps changing. That’s one reason why you need to manage the entire life cycle for access management. The ability to add users, change access, suspend access and provide reporting.

Are you worried about passing your next IT audit? Choose a software solution built with compliance in mind. Identity Enforcer includes record keeping for audit and segregation of duties. That means you will save time and frustration on your next IT audit.

Avoid Mistakes First And Then Optimize

To avoid upsetting users and increasing security risk, start by avoiding single sign-on mistakes. That move will protect you from some of the most common SSO problems. However, don’t stop there! After you have SSO well managed, it is time to start looking at other parts of your IT security systems. Simplify life for users by letting them request passwords directly from their smartphone or through a messaging app. When you make password changes easy and painless, it’s much easier to ask users to use complex passwords.

Written by Nelson Cicchitto