An Intro to Single Sign On Security#Technology
by Erin WerraRead time:
What is single sign on (SSO)?Single sign on is a service districts use to allow users a secure, quick way to access multiple edtech applications (including their SIS, LMS, and practice programs, to name a few) all using the same credentials.
How does it work?SSO allows a single centralized authentication source for multiple applications. It checks users’ credentials before allowing them access to different applications simultaneously. This removes a ton of headaches from managing and entering multiple high-quality passwords or passphrases.
SSO works behind the scenes to provide authentication. Security Assertion Markup Language, or SAML, is a standard to search for when choosing interoperable edtech. SAML is used for SSO by many vendors, including Google, Microsoft Office 365, Skyward, and ClassLink, among others.
What is SAML and why is it important?SAML provides web-based SSO and allows users to log in to several applications using one sign on. There’s no need to create and maintain multiple passphrases on different applications. SAML does not reveal the password used to the different applications—in fact, it doesn’t have much to do with the applications. Instead, the user provides credentials to the SSO/SAML identity provider and uses that approval to gain access to applications.
It works the same whether users start at an individual application and are then routed back to the SSO, or vice versa with users beginning at the SSO provider to gain access to all related applications.
How does SSO enhance security?Secure authentication is the only focus of SSO providers, not a component of the service.
Rigorous password requirements form the cornerstone of security to a whole roster of interoperable applications. Because there is just one password to create and manage, users are more likely to use best practices in creating a strong password (or better yet, a passphrase). Users are not tempted to recycle easy-to-guess passwords. And of course, the moments spent accessing and recalling username and password information is dramatically reduced, which conserves valuable teaching and learning time.
In addition to strong passphrases, SSO authentication often incorporates multifactor authentication (MFA). MFA is an added layer of security because it requires users to enter multiple forms of identifying information. They may need to know their passphrase in addition to setting up a biometric profile. Other components may include authenticator applications on a trusted device, temporary passcodes, or secure links sent via email.
Which weak points should be protected?SSO is designed to allow access to multiple applications. While it’s true the SSO identity provider doesn’t share credentials with the applications, cracking a single password could be an easy way for shady characters to gain access to many services they shouldn’t.
Users typing in passwords are one of the weak points hackers exploit to gain access to a system. Strong passphrase requirements, frequent training, and different types of phishing drills help condition staff to remain constantly vigilant to any attacks.
Follow-up resources:Keep passwords safe from pint-sized hackers
Join the debate: Is EdTech Ready for MFA?
Take a look at the edtech interoperability landscape: EdTech Playbook: Interoperability
|Erin Werra Edtech Thought Leader|