Enterprise environments frequently implement a type of Single Sign-on (SSO) authentication. SSO is a distributed access method that allows a subject to log in (sign on) once to a network and access all authorized resources on the network. The SSO system authenticates the subject against a master system and automatically logs the subject on to all servers the subject is authorized to access. Once authenticated, the subject can request access to additional resources without additional login credentials or passwords. An SSO system is commonly used in directory systems and some types of scripted access.
Advantages of SSO include:
- It is a more efficient logon process. Users only need to type their user ID and password once.
- The user can create stronger passwords because there aren't so many passwords to remember.
- The need for multiple passwords and change synchronization is avoided.
- Access to all authorized resources with a single instance of authentication through a single set of user credentials.
- Inactivity timeout and attempt thresholds are applied closer to the user point of entry.
- Improved effectiveness of disabling all network and computer accounts for terminated users because of SSO's ability to add and delete accounts across the entire network from a centralized database and one user interface.
Disadvantages of SSO include:
- Once a user's ID and password are compromised in the system, an intruder can access all of the resources authorized for the user without constraint.
- The system security policy must be followed to ensure access is granted and/or limited to appropriate users.
- Implementation with microcomputer systems is difficult and can prevent full implementation.
- Ticket schemes do not scale very well.
- SSO presents a single point of failure.