Providing a secure, single sign-on process is the goal of most network and application administrators. In this video, you’ll learn how single sign-on works and how it can be used to create a seamless authentication infrastructure for your user community.
<< Previous Video: CHAP and PAPNext: Federation and Transitive Trust >>
If you’re in a medium to large environment, you may have heard of this concept of single sign-on. And it just makes sense. If you have so many different resources that you need access to, it’d be a lot easier if we could just authenticate one time, and we would have access to everything that’s out there.
There’s many different ways to do this. It’s obviously are relatively complex process behind the scenes to make this happen. But we’ve already talked about Kerberos which is one of the more popular ways to provide a single sign on process to the network.
There are also a number of third-party options available, as well. You really don’t see this much in smaller environments just because of the complexities that you would need to set something up like this. And by the way, how many different things do you really have to log into, how much time are you really spending having to do that in a smaller environment?
Obviously, the cloud itself, and as we’re using more and more services that are in more and more places anywhere over the internet, this is becoming increasingly a little bit more of a problem even in smaller organizations. So it’s still an important concept we need to keep in mind, regardless of what size organization you might be.
Kerberos is a very common way to do single sign-on. You’ve got ticket granting services. You’re getting the ticket. You authenticate one time, and then you’re done. Everything else really happens behind the scenes.
You don’t have to worry too much about where those tickets are going and all of the things that are happening with encryption behind the scenes. It’s invisible to you as an end user. And it’s simple. You just put in your user-name and password, and you’re finished.
Every time you connect to a printer, every time you need to map a drive, it doesn’t ask you or reprompt you for usernames and passwords, unless, of course, you don’t really have access into those resources. You might be asked for additional authentication to be able to do that.
Now this is just Kerberos-ish but, of course, you’re going to have to make sure that everything you’re doing is doing Kerberos. If you need to gain access to a system that’s not Kerberos friendly– maybe you’re logging into a service that you use across the web, maybe that web can’t communicate back to your Kerberos servers to be able to authenticate. So maybe that doesn’t work for everything that you’re doing. So keep in mind that whatever system you’re using for single sign-on is only going to work if everything plays together to be able to make that happen.
Software as a service has really changed the way that we use applications and obviously creates some complexities in dealing with single sign-on. So you’ve got these web services that might be on Amazon, it might be a web conferencing system, it might be a location where we’re storing data to be able to recover that later.
Each one of those individual systems are different companies. They’re different databases. It’s a different login process. So to be able to consolidate and use those things with a single logon, and a single sign-on becomes a little bit more complicated. To help address this need that many organizations have to verify and reliably authenticate people into all of these different services automatically, there are number of third party companies and pieces of software that you can find out there.
One example of this is OneLogin. They have a catalog of over 1,500 applications that they can do single sign-on with. They can even use multi-factor authentication with the single sign-on process. If you want to read a little more about it, it’s at onelogin.com. It’s an interesting technology in itself.
As organizations have so many people that are using so many applications in so many different places, the single sign-on capability becomes even more important for the security of your organization.