Enough is Enough
For those of you using cloud applications to run facets of your business, you may find yourself and your employees with separate logins for each application. You may be storing them in a password vault, which is great but keeping track of each one and when the password expires can be a daunting task. If there was only a way, these applications could use the same credentials while still being secure. I am here to tell you not only does that functionality exist, but SaaS providers are hiding it from you or choosing to place it into a higher-paid tier with features you may not need! This is called the SSO Tax, and it needs to stop now.
“61% of data breaches involved stolen or weak passwords*. By using SSO (combined with MFA), organizations can reduce the number of passwords that users need to remember, making it easier to maintain strong, unique passwords for each application.”
*According to the 2021 Verizon Data Breach Investigations Report
Here are a few examples of SSO Tax gone wild:
Provider |
Starting Price |
Tier with SSO Price |
SSO Tax calculation |
---|---|---|---|
$50.00 per month per user |
$3,600.00 per month |
7200% increase |
|
$8.00 per month per user |
Enterprise only |
400% increase No public pricing, but based on the pattern per tier |
|
Free up to 10 users, then $7.75 per month |
$4 separate subscription or enterprise |
50% – 380% increase Depending on the configuration or subscription |
What is Single Sign-On (SSO)
SSO stands for Single Sign-On, a mechanism that allows users to access multiple applications with a single set of login credentials. These credentials are typically the same as your corporate email account.
Let’s say your business uses multiple software applications, such as a customer relationship management (CRM) system, accounting software, and email service. With SSO, your employees can log in to a single application using their credentials and then access the others without having to log in with their password again.
How does SSO work?
This is possible with an SSO solution that mediates between your applications and your users. When a user logs in to an application integrated with the SSO solution, the SSO solution verifies the user’s identity. It creates a token or ticket that represents the user’s session. This token or ticket is then passed to the other applications the user wants to access. The applications can verify the token or ticket with the SSO solution to confirm the user’s identity and grant access without requiring them to enter their credentials again.
Why is SSO better?
- SSO enables users to authenticate once and access all the applications they need without having to log in separately to each one. This simplifies the login process and improves security by reducing the number of passwords users need to remember.
- With SSO, users can access applications securely and efficiently while giving administrators centralized control over user access and security policies.
- The solution is secured by storing the SSO token or ticket within the SSO solution and utilizing digital signatures or thumbprints on the user’s web browser to ensure no forgery or tampering.
Why isn’t SSO the standard for all applications?
This is our rant. Now that we have outlined the benefits of SSO, you can see that SaaS companies only benefit from offering this in every tier of their application subscriptions, including the free tier. Here are some of the benefits for SaaS providers:
Improved user experience
SSO simplifies the login process for users by allowing them to authenticate once and access multiple applications or services without having to enter their credentials again. This can improve user experience, reduce frustration, and increase user adoption.
Enhanced security
SSO can enhance security by reducing the number of passwords users need to remember and reducing the risk of password reuse or loss. Additionally, SSO solutions often provide advanced security features such as multi-factor authentication, which can further improve security. The SaaS provider does not have to maintain an MFA solution.
Reduced administrative overhead
SSO can reduce the administrative overhead of managing user accounts and passwords for their application or service. This can save time and resources and reduce the risk of errors or inconsistencies.
Better visibility and control
SSO solutions often provide tools and dashboards that allow administrators to monitor and manage user access to multiple applications or services from a single location. This can provide better visibility and control over user access and permissions and help organizations comply with regulatory requirements.
Competitive advantage
Offering SSO as a feature can give service providers a competitive advantage over competitors who do not offer SSO. SSO can be an important factor in decision-making for customers who value ease of use, security, and efficient workflow.
What can be done about it?
While it seems like nothing can be done to curb this money grab, there is a hard-nosed tactic that can work to your advantage.
Don’t buy
This should force you to ask “how do I know you take my company’s security seriously”? They will undoubtedly have a litany of answers in their side holster to talk about their compliance badges and other accomplishments. That is when you ask: “Oh great! So you must support SSO with my identity providers like Azure, Okta, or Google”? Again, they will answer in the affirmative. And lastly, reiterate which tier you are interested in purchasing and that you are happy they are a company that takes security seriously and that you can SSO this application.
If they return to tell you it requires a higher tier, simply refuse to purchase. Or, if you are a smaller company, send them on a guilt trip. Explain to them that small businesses like yours are a prime target for credential theft and that SSO is the requirement for your small business.
This tactic has worked for us on behalf of our customers, and many times, the vendor will ‘throw in SSO’ at no cost. Just. Like. Magic.
How to implement SSO for your applications
Lastly, this wouldn’t be complete without giving you some insight into how to enable SSO in your organization. This can be a technical process, but here are the high-level steps:
Implementing SSO in your organization is easier than you might think. Here are the steps to enable SSO for an enterprise application in Azure and Google:
Enabling SSO in Azure:
-
Sign in to the Azure portal and select “Azure Active Directory” from the left-hand menu.
-
Click on “Enterprise applications” and select the application you want to enable SSO for or install it if it doesn’t exist.
-
Click on “Single sign-on” and choose the SSO method you want to use, such as SAML, OAuth, or OpenID Connect.
-
Each vendor should have documentation for how they need you to set up the SSO. Follow the instructions to set up SSO for the application.
Enabling SSO in Google:
-
Sign in to the Google Cloud Console and select “IAM & Admin” from the left-hand menu.
-
Click on “Identity providers” and select the identity provider you want to use (e.g., Azure AD, Google Workspace).
-
Each vendor should have documentation for how they need you to set up the SSO. Follow the instructions to set up SSO for the application.
-
Sign in to the application and configure SSO using the identity provider.
In conclusion, SSO is critical to an organization’s security posture, whether large or small. It improves security by reducing the number of passwords that users need to remember, and it improves productivity by reducing the time spent logging in and out of applications. As such, SaaS providers should offer SSO as a standard feature in every tier, even the free ones. It’s time to end the SSO Tax and make SSO accessible to all.
Epilogue
As you can see, single sign-on has some great benefits, as mentioned here. We hope this blog post gave you insight into how single sign-on can help your business. While there is a plethora of information here, there can be much more to consider when implementing the strategies mentioned in this article. As each business is unique, so are its security needs and, more importantly, its risks.
How StrataNorth Can help.
If you are ready to transform your business’s security landscape and are looking for experts to guide you, StrataNorth has security consultants with decades of experience. We can help you reach security nirvana and give you a roadmap for success. Reach out for a no-cost, no-obligation chat with a security expert today.