In the tech industry, we love acronyms. So, have another: SSO via SAML IdP/SP.
This jumble of letters can make your life a whole lot easier.
Dissecting the Acronyms
SSO stands for Single Sign On. It allows you to seamlessly jump among applications you use daily without logging into each separately. Your social media accounts, CRM applications, ERP environment, CMS, cloud storage, even your digital printing service work off a single login.
SAML stands for Security Assertion Markup Language, the proven, standards-based, underlying technology that makes SSO possible. SAML 2.0 is the accepted standard. You should be using it.
IdP and SP stand for Identity Provider and Service Provider, the roles taken on by the applications you use. The SAML IdP is responsible for managing user identities and getting you logged in. The service providers are the applications with which you interact throughout your day. A single application can serve both roles.
SSO and SAML Benefits
While convenience is the biggest perk of Single Sign On for individual users, there are also several important benefits for your business.
- Multiple logins mean multiple passwords. Users typically respond, if the application allows, by creating passwords that are easy to remember – and easy to guess. They store passwords in their emails. They write them on post-its and stick them to their monitors. In sum, they create the conditions for security breaches. An SSO solution can mitigate that.
- A single Identity Provider can allow you to enforce password policy in a single location and update it as needed.
- By utilizing SAML, you get an industry standard that has proven itself secure, along with the ability to upgrade encryption technology as needed.
Multiple passwords = lost passwords. Gartner has estimated that password reset requests make up between 20% and 50% of all IT help desk tickets. Worse still, Forrester Research has estimated that those tickets cost your company, on average, a whopping $70 each. Lost passwords = lost money, and a lot of it.
Take an inventory of the enterprise applications you rely on. Many likely offer support for SSO via SAML 2.0 already and will require nothing more than some configuration. Some may require plug-ins or upgraded licensing to support SAML. If any of your applications do not support it, well, maybe it’s time to let go.
Prioritize your service providers. You don’t need to integrate your whole organization at once. Add applications to your SAML environment based on their current security issues, their level of support of SAML, and their use within your organization.
Pick your SAML IdP. Your ERP, CMS, or other enterprise application might already support this role. If not, numerous third-party providers are available online.
Perform some configuration. Each Service Provider will need to be made aware of your SAML 2.0 IdP and vice versa. This may require third-party contractors expert in the given application, if you lack expertise in-house.
SAML 2.0 in Titan CMS
Are you using Titan CMS? We have built all the convenience and security of SAML 2.0 into Titan CMS.
Titan CMS can be a service provider that plays alongside your other enterprise applications in a SAML environment. It can also be responsible for your user management and serve as the Identity Provider.
Titan CMS can even be configured to serve as your SAML 2.0 IdP while leveraging existing user stores such as Active Directory. Log into your computer in the morning, and all your enterprise applications know who you are.
Originally Published: Thu, November 30, 2017