The Benefits of Single Sign-On (SSO) Posted on September 16th, 2009 by

The Gustavus single sign-on login page

The Gustavus single sign-on login page

Single sign-on (SSO) is a mechanism that consolidates the authentication process of multiple services into one spot. This connection allows users to be logged into multiple services when they sign in to one. At Gustavus we are currently using a combination of CAS and Shibboleth to secure most of our services (e.g. the Gribly, College Calendar, Moodle, and Google Calendar). Additional services such as webmail are on their way to being secured with single sign-on.

If you are asking yourself, “why should I care about single sign-on?” read on.

Saves time and effort

While logging in may not seem like a significant amount of time and effort, it can add up.

Imagine submitting an item to the College Calendar, then adding it to your Google Calendar, and then looking up a few people in the Gribly to invite to your event. Without a single sign-on system, you would have to sign in three different times to perform these tasks (College Calendar, Google Calendar, and the Gribly) whereas with a single sign-on system, you would only need to sign in once. Single sign-on just saved you about a minute. If that seems insignificant, imagine doing something similar every day for a year. That’s about six hours. Now imagine being on a slow dial-up connection…

Fewer passwords to remember

Lets face it, I can’t remember what I ate for breakfast most days. How am I supposed to remember all of my different passwords, especially if I don’t use them all frequently? The truth is, many people don’t remember their passwords so they either write them down (which is a security risk) or they forget them and need to go through a sometimes cumbersome password reset or retrieval process (which wastes more time). It seems like this may be a particularly sticky issue for alumni who, for the most part, are not using their Gustavus usernames and passwords very often.

It is the nature of single sign-on systems for each user to have only one username and password that allows them to login to all of the connected services. This keeps everybody more secure and clears out space in your mind for more important things, like your partner’s birthday.

Reduces phishing

Phishing is a criminally fraudulent process where victims are tricked into giving criminals sensitive information such as their usernames and passwords. Phishing causes damage to individuals (e.g. taking their money) and institutions (e.g. preventing all users from sending e-mails).

Some types of phishing present users with a web page asking them to enter their username and password. If users are accustomed to seeing one and only one screen when entering their credentials (such as is the case in a single sign-on system), it may be easier for them to identify phishing attacks of this type.

Speeds up development

Creating a website that requires user authentication is not as trivial as it may seem. Authentication systems take time to develop, implement, and maintain. Using a single sign-on system reduces or removes a lot of that work from the development process. That means your friends in Web Services will have more time to work on more interesting and exciting things, which benefits everybody.

Easier to secure

In authentication systems, security is extremely important. Security can also be challenging. Making sure that passwords are transmitted and stored in a secure way can be difficult to perfect. If there are twelve different ways to log in, each of those ways needs to be just as secure as the other. Single sign-on allows us to focus our efforts into making one spot secure.

What do you think?

So, have you logged in to any Gustavus services lately. Have you noticed the single sign-on at all? If so, what do you think? Let us know in the comments.

 


3 Comments

  1. Tom Lany says:

    I really like the Single Sign On service – what a time saver!

    I also like the fact that you are now able to offer services from other companies that work with Gustavus accounts (like Google Calendar and gustavustickets.com) without actually sending passwords to the third party’s server. Pretty cool!

    • Joe Lencioni says:

      That’s a great point, Tom. Single sign-on allows Gustavus to serve as the place of authentication for third-party applications. This means your password is more secure because third-party applications never have access to it.

  2. Kevin Seitz says:

    Student Senate will be using an online voting system this fall for the elections, and we have that authenticating users via Single Sign On as well. It’s really easy to set up and helps reassure that no unauthorized access occurs.

    I’m happy that webmail will be joining the websites using Single Sign On. (Although I use Thunderbird most of the time.)