For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin + One Identity delivering IAM together. Learn more

Single Sign-On (SSO) Solution Requirements

Checklist for single sign-on systems

Basic Single Sign-On Requirements (checklist)

It’s critical that your single sign-on (SSO) solution meets the basic requirements to support employees and IT needs. That means a secure solution, which is also easily usable. One that offers a seamless, one-stop authentication screen for all your applications and users.

Use the checklist below to make sure that your SSO system offers the protection your company needs.

Application integration

Does the SSO solution seamlessly integrate with all your applications?

  • Supports all your cloud and SaaS apps
  • Supports all your on-prem apps

Open standards support

Does the SSO solution support the most common, widely-used protocols that enable a trusted relationship?

  • SAML
  • OpenID Connect
  • OAuth 2
  • WS-Federation

User community support

Does the SSO solution support all your user communities?

  • Workforce (employees and contractors)
  • Partners/Vendors
  • Customers

Onboarding customers

If your customers need access, does the SSO system support commonly-used consumer authentication methods?

  • Facebook
  • Google

True SSO

Does the SSO solution allow true single sign-on, as opposed to password vaulting?

  • User only enters one username and password to access all apps/sites
  • User only has to log in once per day or session to gain access to all corporate apps/sites

Enterprise access

Does the SSO solution integrate with your network access points?

  • Integrates with VPN
  • Integrates with Wi-Fi for app access
  • Provides endpoints for integration with RADIUS and LDAP (commonly used authentication protocols)

Reputation for security

Does the vendor adhere to the recommended security standards?

  • SOC 2 Type 2
  • ISO 27017
  • ISO 27018
  • ISO 27001
  • TRUSTe
  • U.S. Privacy Shield
  • GDPR
  • EU Model Contract clauses
  • NIST Cybersecurity Framework

Internal security controls

Does the vendor take their own security seriously?

  • Performs penetration tests and vulnerability patching
  • Implements network scans

Availability and disaster recovery

Does the SSO service consistently demonstrate high availability and prompt disaster recovery?

  • Historical availability of over 99%
  • Recent availability (last twelve months) of over 99%
  • Uses multiple data centers in different regions
  • Uses replication and redundancy across regions

High usability

Is the SSO user interface simple enough that employees will embrace it?

  • Provides a single portal of apps
  • Integrates with all the common browsers
  • Streamlines the app access process
  • Makes it easy for users to reset their own passwords

Mobile ready

Does the SSO solution provide dedicated support for mobile users?

  • Provides SSO for mobile devices (via a native mobile app)
  • Supports a variety of devices, via SAML and partnerships with MDM vendors
  • Works with your multi-factor authentication (MFA) tool

Flexible password rules

Does the SSO system support and enforce password requirements in a usable and effective manner?

  • Lets you set password expiration times
  • Enables you to set password complexity (length, characters, etc.)
  • Provides expiration notifications (helping to reduce support tickets)
  • Provide end users with the means to reset their own passwords
  • Enforces MFA requirements for password resets

Federation

Does the SSO solution allow you to continue using your existing, corporate identity providers?

  • Microsoft Active Directory/Microsoft Entra ID
  • Amazon Active Directory
  • LDAP
  • Google Directory
  • Human Resource Management Systems (HRMS)

Advanced authentication

Does the SSO solution provide more than just plain authentication?

  • Multi-factor authentication
  • Adaptive authentication
  • Automatic forced authentication for high-risk resources
  • X.509–based certificates

Reporting

Does the SSO solution provide reports that enable you to meet compliance requirements and enhance your security, based on threat data?

  • Ability to externalize authorization events to third-party SIEM solutions
  • Out-of-the-box reports and audit trails

Scalability

Will the solution keep up with the growing and changing demands of your organization?

  • Will it still perform efficiently if the number of users doubles?
  • Does it support seamless integrations with any number of apps, without compromising efficiency?

Advanced Requirements

Although any SSO solution should meet basic requirements, organizations making a successful digital transformation, usually choose solutions that meet advanced requirements. An advanced SSO solution ensures, from the start, that you aren’t behind the curve.

Behavioral analytics

Does the SSO solution use behavioral analytics to intelligently adapt and respond?

  • Allows blacklist and whitelist of geolocations and IPs
  • Enables you to set responses to high-risk login attempts
  • Allows you to set certain apps to require re-authentication (such as through MFA)
  • Lets you define policies to identify high-risk behavior

Manage authorization

Can the SSO solution manage authorization, through its integration with your identity provider(s)?

  • Supports role-based access control (RBAC) access
  • Supports seamless provisioning and deprovisioning of users, across different applications

Developer support

Does the SSO solution provide APIs and documentation, which can let you enable single sign-on for your internal applications and third-party systems?

  • SSO registration and life-cycle management APIs
  • Software development kits (SDKs) for major platforms and languages
  • Supports OpenID Connect

Conclusion

A secure, user-friendly SSO solution can safeguard your applications and users, while also boosting productivity and convenience. But remember that SSO is only a small part of an identity and access management solution. Digital transformation today relies on Identity and Access Management (IAM) platforms, that include SSO, as well as other processes like MFA and directory integration.

Try OneLogin for Free

Experience OneLogin’s Access Management capabilities first-hand for 30 days