Overcome The Security Limits Of SSO With MFA

When talking about SSO and MFA, some may get mixed up, or perhaps don't fully understand the added value of combining both of them. Single sign-on (SSO) is all about users gaining access to different apps with a single authentication. As for multifactor authentication (MFA), it adds a layer of security upon authentication to verify the user’s identity.
SSO_Single-Sign-On_How_it_works

Understanding what is SSO and how it works

Single sign-on (SSO) is an authentication method allowing a user to use one set of login credentials - most of the time ID + password - to authenticate at the beginning of his/her work shift. This way, the user can enjoy access to multiple applications and websites without having to lose time login in again. A kind of “master sign-on”.

Each time a user logs into an SSO service, the service will create an authentication token that remembers that the user is verified. Any application or website that the user later visits in his work shift will check with the SSO service who will send the user's token to confirm his identity and give him access. You can imagine this token as being the "keys to the castle". This means that when a user logs in to another application or software after his first “master sign-on”, the SSO solution logs in on their behalf.

This master authentication made possible by a SSO solution must be protected by an additional and complementary solution called MFA (Multifactor authentication).

Beware of the security limits of SSO

Surely SSO is a gift to users: being able to access everything without additional login. But with this added value in productivity comes an increase in security concerns, with a need for a more secure environment.

Imagine if a hacker gained access to a user's SSO credentials. This means that all other applications and resources to which the user has access are compromised. It's like putting all your eggs in one basket.

Get the best of both worlds by combining SSO and MFA

If you are an organisation that "puts all its eggs in one basket" using SSO, then you need to be sure to protect that basket and secure it’s access. The answer is not to remove SSO, but rather to fill in the security gaps without compromising the user experience.

This makes it essential to deploy additional authentication mechanisms beyond a simple combination of ID + password. With SSO you need to ensure that access and identities (credentials) are well protected and secure, for example by combining it with a strong authentication solution (MFA).

According to Microsoft, MFA blocks more than 99.9% of account compromise attacks.

Benefits of combining SSO + MFA

Combining SSO with MFA in a business authentication strategy is a good practice for many reasons when it comes to UX, security and IT management.

Business

Enhanced security. Using an SSO solution limits the “zone of attack” for cybercriminals and makes it easier to implement enhanced security measures across multiple services at once. Adding MFA will back up the level security of an SSO solution.

Agility and productivity. SSO+MFA is a way to boost agility and productivity as it provides employees immediate access to thousands of applications in a very secure way.

User Experience

No more password hassle. Combining SSO with a passwordless MFA is “the cherry on the cake” when it comes to the user experience.

Faster and seamless login experience. SSO offers a faster login experience and some MFA technology can simplify the "master login" experience.

IT management

Simple user access management and auditing. SSO can be used to configure a user's access rights, for example according to his role, department and/or seniority level. In addition, when an employee leaves the company, it is easier to remove their login privileges.

Fewer helpdesk activity. Enabling SSO is a great way to reduce the number of end users calling for support because of a password issue. And by choosing the right MFA solution, you can go passwordless, which reduces even more the helpdesk activity.

Not all MFA solutions will secure your SSO to the same extent

Not all MFA solutions are the same as the technologies behind them are quite different. There are several other criteria to consider when evaluating the security and user experience of the different vendors.

Some MFA are not even natively 2 factors which means they really are just "+1FA" tools, adding a single extra factor to an existing password. While other multifactor authentication solutions are natively 2 factor and passwordless.

What is single sign-on (SSO)?
Single Sign-On (SSO) is a method of authentication that allows a user to access multiple applications and websites without the time-consuming task of logging in to each one. Only 1 login is required for all applications, a kind of "super login".
Why use SSO?
The most obvious advantage of SSO is the time saving for the user, which is a productivity gain for the employer. But beware of security risks. That's why it's important to combine it with an MFA solution to get the benefits in terms of user experience, security and IT management.
How does SSO work?
Whenever a user logs into an SSO service, the service creates an authentication token that will remember that the user has been verified. Thus, any application or associated website that the user needs to log in to later will check with the SSO service, which will send the user's token to confirm their identity and grant access.

Don't settle for just any MFA solution

Get in touch for a demo or to request a free trial of our multifactor authentication solution

Highest level of security on the market

inWebo MFA features the unique and patented technology of dynamic random keys. This ensures the highest level of security on the market. Solution certified by the French National Cybersecurity Agency (ANSSI).

Easy integration and deployment

Accessible in Saas, rich in connectors, API and SDK, a solution that adapts to your technical architecture, without imposing new constraints. Deploy MFA quickly and on a very large scale, without human contact or logistics.

Passwordless and deviceless user experience

inWebo allows you to offer a simplified user experience, extended to all dimensions of authentication, from enrollment to login thanks to its universal, passwordless and deviceless tokens.

Receive all the latest news on strong authentication

Our latest news

Request a demo