Single Sign-On (SSO)

Checklist for single sign-on systems

Basic single sign on requirements (checklist)

It’s critical that your SSO solution meets the basic requirements to support employees and IT needs. That means a secure solution and one with high usability. But remember that SSO is only part of your identity and access management solution. Digital transformation today relies on a Unified Access Management (UAM) platform that includes SSO as well as other tools like MFA and directory integration.

Use the checklist below to make sure that your SSO system offers the protection your company needs.

User community support

Does the SSO solution support all your user communities?

  • Workforce (employees and contractors)
  • Partners/Vendors
  • Customers

Customers

If your customers need access, does the SSO system support commonly-used consumer authentication methods?

  • Facebook
  • Google

True SSO

Does the SSO solution allow true single sign-on versus password vaulting?

  • User only enters one username and password to access all apps/sites
  • User only has to log in once per day or session to gain access to all corporate apps/sites

Application integration

Does the SSO solution work with your cloud and on-prem apps?

  • SSO supports all your cloud applications
  • SSO supports all your on-prem applications

Open standards support

Does the SSO solution support the most common, widely-used protocols that enable a trusted relationship?

  • SAML
  • OpenID Connect
  • OAuth 2
  • WS-Federation

Reputation for security

Does the vendor meet the common, highest security standards and implement adequate internal processes?

  • SOC 2 Type 2
  • ISO 27017
  • ISO 27018
  • ISO 27001
  • Skyhigh Enterprise-Ready
  • CSA Star
  • TRUSTe
  • U.S. Privacy Shield
  • GDPR
  • EU Model Contract clauses
  • Adheres to the NIST Cybersecurity Framework
  • Vendor performs Penetration tests
  • Vendor performs network scans
  • Vendor has a bug bounty program

Availability and disaster recovery

Does the SSO service demonstrate consistent and high availability and the ability to recover quickly from disasters?

  • Historical availability of over 99%
  • Recent availability (last twelve months) of over 99%
  • Uses multiple data centers in different regions
  • Uses replication and redundancy across regions

High usability

Is the SSO user interface simple enough that employees will embrace it?

  • Provides a single portal of apps
  • Integrates with all the common browsers
  • Streamlines the app access process
  • Streamlines the login process
  • Makes it easy for users to reset their own passwords

Mobile ready

Does the SSO solution provide thorough support for mobile users?

  • Provides SSO for mobile devices (via a native mobile app)
  • Supports a variety of devices via SAML and partnerships with MDM vendors
  • Works with your multi-factor authentication (MFA) tool

Flexible password rules

Does the SSO system support and enforce password requirements in a usable and effective manner?

  • Lets you set password expiration times
  • Lets you set password complexity (length, characters, etc.)
  • Provides expiration notifications (helping to reduce support tickets)
  • Enforces MFA requirements for password resets if MFA is used

Enterprise access

Does the SSO solution integrate with your network access points?

  • Integrates with VPN
  • Integrates with Wi-Fi for app access
  • Provides endpoints for integration with RADIUS and LDAP

Federation

Does the SSO solution allow you to use the existing, corporate identity providers you prefer?

  • Microsoft Active Directory
  • Amazon Active Directory
  • LDAP
  • Google Directory
  • Human Resource Management Systems (HRMS), such as Workday or SuccessFactors

Authentication

Does the SSO solution provide additional security?

  • Multi-factor authentication
  • Adaptive authentication
  • Automatic forced authentication for high-risk resources
  • X.509–based certificates

Developer support

Does the SSO solution provide APIs and support so you can enable single sign-on for your custom applications and third-party systems?

  • SSO registration and life-cycle management APIs
  • SDK for major platforms and languages
  • Supports OpenID Connect

Reporting

Does the SSO solution provide reports that enable you to meet compliance requirements and enhance your security based on threat data?

  • Ability to externalize authorization events to third-party SIEM solutions
  • Out-of-the-box reports and audit trails

Advanced requirements

Although any SSO solution should meet basic requirements, organizations making a successful digital transformation usually choose solutions that meet advanced requirements. An advanced SSO solution ensures, from the start, that you aren’t behind the curve.

Behavioral analytics

Does the SSO solution use behavioral analytics to intelligently adapt and respond?

  • Allows blacklist and whitelist of geolocations and IPs
  • Allows you to set responses to high-risk login attempts
  • Allows you to set certain apps to require re-authentication (such as through MFA)

Manage authorization

Can the SSO solution manage authorization through its integration with your identity provider(s)?

  • Supports RBAC access
  • Supports provisioning and deprovisioning of user access in apps

Easy integration

Can you integrate the SSO solution with your custom apps and in your organization without having to replace or significantly modify existing solutions?

  • Enables integration into your custom apps via an API
  • Enables incorporation of SSO without the need to rip and replace other solutions

Thank you! We have received your details. Our sales teams will reach out to you shortly.

We’re passing along your contact information to our experts.

Something went wrong, please try again.

See Demo of OneLogin

All Fields RequiredFields Required*

  • Please enter your first name
  • Please enter your last name
  • Please enter company name
  • Include all internal and external users

    Please enter number of employees
  • Note: Please enter a work email address only as we DO NOT accept web-mail addresses (gmail, yahoo, hotmail, etc.)

    Is that a correct business email address?
  • Please enter your phone number
  • I agree to OneLogin’s Privacy Policy

Related Resources:

What to look for in an MFA tool

Read More

What is single sign-on?

Find Out

How does SSO work?

Find Out