Types of SSO configurations
- Kerberos-Based SSO: When user credentials are submitted in a Kerberos-based configuration, a ticket-granting ticket (TGT) is generated. The TGT retrieves service tickets for other apps that the user wants to access without requiring the user to enter their credentials.
- SAML SSO: SAML is an Extensible Markup Language standard that allows for the sharing of user authentication and authorization data across secure domains. SAML-based SSO services require communication between the user, an identity provider that manages the user directory, and a service provider.
- Smart card-based SSO: Smart card-based SSO requires an end user to utilize a card that contains the sign-in credentials for the first login. Once the card is used, the user is not required to enter usernames or passwords. SSO smart cards can store either certificates or passwords.
- Social SSO: Many security professionals advise end users not to use social SSO services since once attackers obtain control of a user’s SSO credentials, they can access all other applications that use the same credentials.
- Enterprise SSO: Enterprise single sign-on (eSSO) software and services are password managers that use client and server components to log users into target apps by repeating their credentials.
Introduction of Single Sign On (SSO)
Single Sign On(SSO) is a session and user authentication service that allows a user to access various apps using a single set of login credentials, such as a username and password. SSO is used by every organization as well as individuals to manage multiple credentials more efficiently.