An Intro to Single Sign On Security An Intro to Single Sign On Security

An Intro to Single Sign On Security

#Technology
Erin Werra Erin Werra Edtech Thought Leader
Read time:

Just about everyone enjoys the convenience of single sign on. But SSO is not only convenient. It’s also a powerful way to keep your network safe.   

 

What is single sign on (SSO)?

Single sign on is a service districts use to allow users a secure, quick way to access multiple edtech applications (including their SIS, LMS, and practice programs, to name a few) all using the same credentials.

 

How does it work?

SSO allows a single centralized authentication source for multiple applications. It checks users’ credentials before allowing them access to different applications simultaneously. This removes a ton of headaches from managing and entering multiple high-quality passwords or passphrases.

SSO works behind the scenes to provide authentication. Security Assertion Markup Language, or SAML, is a standard to search for when choosing interoperable edtech. SAML is used for SSO by many vendors, including Google, Microsoft Office 365, Skyward, and ClassLink, among others.

 

What is SAML and why is it important?

SAML provides web-based SSO and allows users to log in to several applications using one sign on. There’s no need to create and maintain multiple passphrases on different applications. SAML does not reveal the password used to the different applications—in fact, it doesn’t have much to do with the applications. Instead, the user provides credentials to the SSO/SAML identity provider and uses that approval to gain access to applications. 

It works the same whether users start at an individual application and are then routed back to the SSO, or vice versa with users beginning at the SSO provider to gain access to all related applications.

 

How does SSO enhance security?

Secure authentication is the only focus of SSO providers, not a component of the service.
  
Rigorous password requirements form the cornerstone of security to a whole roster of interoperable applications. Because there is just one password to create and manage, users are more likely to use best practices in creating a strong password (or better yet, a passphrase). Users are not tempted to recycle easy-to-guess passwords. And of course, the moments spent accessing and recalling username and password information is dramatically reduced, which conserves valuable teaching and learning time. 

In addition to strong passphrases, SSO authentication often incorporates multifactor authentication (MFA). MFA is an added layer of security because it requires users to enter multiple forms of identifying information. They may need to know their passphrase in addition to setting up a biometric profile. Other components may include authenticator applications on a trusted device, temporary passcodes, or secure links sent via email. 

 

Which weak points should be protected?

SSO is designed to allow access to multiple applications. While it’s true the SSO identity provider doesn’t share credentials with the applications, cracking a single password could be an easy way for shady characters to gain access to many services they shouldn’t. 

Users typing in passwords are one of the weak points hackers exploit to gain access to a system. Strong passphrase requirements, frequent training, and different types of phishing drills help condition staff to remain constantly vigilant to any attacks.


 

Follow-up resources:

Keep passwords safe from pint-sized hackers

Join the debate: Is EdTech Ready for MFA?

Take a look at the edtech interoperability landscape: EdTech Playbook: Interoperability 

 

Erin Werra Erin Werra Edtech Thought Leader
Share this story:

Large Districts Large Districts


Recent Articles

The Two Kinds of Time You'll Spend in a K12 Career
Examining both ends of the K12 spectrum and a kaleidoscope of time in between. Erin Werra
 
10 Ways to Use Your SIS to Build Educator Support into School Culture
While district leaders undoubtedly have several strategies planned to shore up staff support, did you count your student information system (SIS) among them? Erin Pinter
 
Tackling Tension within Your District: Steps for K12 Leaders
Follow these steps to tease out solutions when tensions run high. Casey Hernandez
 



Share Facebook
Twitter
LinkedIn Email
X
Humanity 🤝 Technology
Edtech insight delivered directly to you.

AK12