Single sign-on

Single sign-on (SSO) allows a user to share the same login for multiple different systems. When users log in to one platform, they are automatically logged into the other platform.

Enterprises are the most frequent users of single sign-on. Using an SSO provider, each user receives a set of login credentials. These credentials can then be used in any service that is paid for by the enterprise.

Single sign-on isn't an authentication method in itself. Another authentication method, such as username/password provides the security.

Strengths

IT departments often use SSO in enterprises. The IT departments can issue a single set of credentials for each employee and manage their access through the SSO provider. That means if the company signs up for a new service, the employees will have instant access. If an employee loses their credentials, the IT department can reset the credentials. And if an employee leaves the company, only one set of credentials has to be revoked.

Implementing SSO in a system can improve security as there is no need to store user passwords in the database. A 3rd party handles the authentication.

It can also help users suffering from password fatigue.

Lastly, it can be a good experience for users only to authenticate once when using professional services.

Weaknesses

Implementing single sign-on can be more complicated than implementing other methods. One of the common ways to create SSO is using LDAP and SAML flows.

If an attacker gains access to the credentials of a user, they have access to all the services the user can access. The benefit is that the credentials can be revoked, and the attacker loses access to all systems again.

When to use it

Many enterprises prefer systems with SSO when looking for tools. If your application is targeting corporations or employees of corporations, then it might be the best solution.

When not to use it

If you don't have B2B users, then it's not worth implementing.

Authentication scaffolding

Starter kits for Laravel, Vue and React.