Back to Skyward
An Intro to Single Sign On Security An Intro to Single Sign On Security

An Intro to Single Sign On Security

#Technology
Erin Werra Erin Werra Security Student
Read time:

Just about everyone enjoys the convenience of single sign on. But SSO is not only convenient. It’s also a powerful way to keep your network safe.   

 

What is single sign on (SSO)?

Single sign on is a service districts use to allow users a secure, quick way to access multiple edtech applications (including their SIS, LMS, and practice programs, to name a few) all using the same credentials.

 

How does it work?

SSO allows a single centralized authentication source for multiple applications. It checks users’ credentials before allowing them access to different applications simultaneously. This removes a ton of headaches from managing and entering multiple high-quality passwords or passphrases.

SSO works behind the scenes to provide authentication. Security Assertion Markup Language, or SAML, is a standard to search for when choosing interoperable edtech. SAML is used for SSO by many vendors, including Google, Microsoft Office 365, Skyward, and ClassLink, among others.

 

What is SAML and why is it important?

SAML provides web-based SSO and allows users to log in to several applications using one sign on. There’s no need to create and maintain multiple passphrases on different applications. SAML does not reveal the password used to the different applications—in fact, it doesn’t have much to do with the applications. Instead, the user provides credentials to the SSO/SAML identity provider and uses that approval to gain access to applications. 

It works the same whether users start at an individual application and are then routed back to the SSO, or vice versa with users beginning at the SSO provider to gain access to all related applications.

 

How does SSO enhance security?

Secure authentication is the only focus of SSO providers, not a component of the service.
  
Rigorous password requirements form the cornerstone of security to a whole roster of interoperable applications. Because there is just one password to create and manage, users are more likely to use best practices in creating a strong password (or better yet, a passphrase). Users are not tempted to recycle easy-to-guess passwords. And of course, the moments spent accessing and recalling username and password information is dramatically reduced, which conserves valuable teaching and learning time. 

In addition to strong passphrases, SSO authentication often incorporates multifactor authentication (MFA). MFA is an added layer of security because it requires users to enter multiple forms of identifying information. They may need to know their passphrase in addition to setting up a biometric profile. Other components may include authenticator applications on a trusted device, temporary passcodes, or secure links sent via email. 

 

Which weak points should be protected?

SSO is designed to allow access to multiple applications. While it’s true the SSO identity provider doesn’t share credentials with the applications, cracking a single password could be an easy way for shady characters to gain access to many services they shouldn’t. 

Users typing in passwords are one of the weak points hackers exploit to gain access to a system. Strong passphrase requirements, frequent training, and different types of phishing drills help condition staff to remain constantly vigilant to any attacks.


 

Follow-up resources:

Keep passwords safe from pint-sized hackers

Join the debate: Is EdTech Ready for MFA?

Take a look at the edtech interoperability landscape: EdTech Playbook: Interoperability 

 

Erin Werra Erin Werra Security Student
Share this story:


Share Facebook
Twitter
LinkedIn Email

Recent Articles

3 Methods of Broadband Expansion
Let's explore three ways schools are providing connectivity to students in need. by Caroline Gilchrist
 
Youth Activism in Schools
The next generation of heroes is walking the halls of schools today, and you’re uniquely poised to help them along.  by Erin Werra
 
The Cost of Proactive vs. Reactive Data Security
Investing in K12 data security pays off. Here’s how to stretch your dollar.  by Erin Werra
 

Logo