Financial Advisory Blog

Armanino’s Financial Advisory blog is your source for thought leadership around cloud ERP and accounting solutions and integrations. Supported by the Cloud Accounting Institute and numerous experts in cloud, finance, reporting, integration, compliance, and technology, Armanino’s Financial Advisory blog features must-read content on what’s happening in the finance industry, case studies, white papers, and much more.

October 10, 2014

Relieve Password Pains with Single Sign-On

Posted by Sean Batchelor

Cloud_LockWho enjoys memorizing and tracking an ever-expanding list of user names and passwords? Not many of us!

Personal applications aside, the number of logins required to perform day-to-day tasks in the professional world is mounting. The time spent changing passwords, increasing their complexity, remembering those passwords, and calling the support desk to reset forgotten passwords, plus the heightened security risk of passwords being written down, is adding pressures (and costs) for companies large and small. In response, an increasing number of firms are adopting cloud-based single sign-on (SSO) services (like Okta).

SSO allows employees to log in to their company’s network and enjoy automatic access to a wide range of cloud-based applications, without any additional log-in requirements. Hence the name “single sign-on.” Even outside the network, a single password (sign-on) will provide access to all company applications. This saves precious time and relieves frustration, as employees can seamlessly access time-entry systems, payroll systems, 401k sites, performance evaluation applications, secure file transfer services and more – without needing to set, reset and otherwise administer multiple application-specific credentials.

Of course, implementing an SSO service requires some fundamental enterprise changes. Many companies adopting SSO will shift their governance/oversight to the SSO application and away from the actual applications. However, in most cases, SSO services replace where authentication happens, but not where access provisioning happens.

Most SSO applications are only authenticating the user. Authentication means the service is proving that the user is the user through the username, password and possibly other information. Basically, they are validating that John Doe is John Doe. The SSO application will then pass those credentials (the John Doe validation) to the related applications. Most applications will take those credentials, and the application will grant or deny permissions for that user (allowing or denying what John Doe can do). The new tool doesn’t mean the focus for all application access should be moved away from the application; only some of it. All governance, control and audit activities need to consider where those control activities are happening now, and adjust their related focus accordingly.

Check out more tips, tricks, and insights from Armanino.

« | »