back to Jitbit Blog home About this blog

The Benefits of Single Sign-on for Help Desks

by Katie Joll · Updated Aug 4 2020

Should your help desk enable single sign-on (SSO)?

SSO is one of the features we offer at JitBit, via four possible methods. Having SSO provides a number of efficiencies to help desks, but naturally, people have questions about it first.

Primarily, people ask why they should use SSO, what the benefits are and whether there are any risks they should take into account. Below is a brief run-down on what to expect from SSO:

Free download: Best practices for password policies

What is Single Sign-on?

Single Sign-on means that your users can sign into your help desk software using the same sign-on they use for other cloud apps or websites. If you’ve ever spent time yelling “but that IS my password!” at your screen, you’ll understand how this might be helpful.

A prime example of SSO is Google’s implementation across all of their products. If you are signed into your Gmail account, you automatically have access to Google Drive, YouTube and other Google products and services.

In the help desk world here at JitBit, we offer single sign-on via the following four methods:

  1. Via the authentication API
  2. Via AD authentication (non-Azure local AD) when you place a simple script on your local server that will authenticate your users and redirect them to the help desk application
  3. Via windows-integrated authentication (self-hosted version only)
  4. Via SAML.

Benefits of Single sign-on

There are several great reasons to use SSO. To begin with, have you ever kept a record of how much time your service desk spends on password resets? Most users have to remember an average of 40 passwords and for many, something has to give.

Dealing with password issues can take up a lot of time that could be used for more productive tasks. The task might be easy, but it’s inefficient. SSO allows users to spend more time working and less time trying to open up the software.

Speaking of passwords, SSO can help to minimize bad password habits that people have. Password fatigue can be a real issue. When they have so many to remember (compounded by scheduled password changes), people often resort to passwords that are too easy or to doing other things to remember them, such as writing them down. Having SSO can assist your company with enforcing your password policies and reduces the mental load on users.

SSO can help to improve identity and security protection in some ways. For example, when employees leave it makes it easy for IT to revoke one stream of access, rather than having to go through separate programs, with the risk that some get missed. Identity security can be strengthened with two-factor or multifactor identification. If your company connects with outside vendors or partners, SSO can reduce security risk there, too.

Another benefit of SSO is that it saves time. How many apps do your users have to access in a day? Re-entering passwords across different apps (or forgetting, then resetting) is a time-sink that they could do without. SSO streamlines their workflows and helps to provide a better user experience, too.

Single sign-on can help to minimize the bad password habits people get into

Are there any risks of Single sign-on?

Underlying the growing use of cloud-based software are a number of challenges around user authentication. SSO is positioned to help with this, but there are a few potential risks. For example:

What is SAML?

SAML is “Security Assertion Markup Language.” It is an open standard that allows identity providers to pass authorization credentials to service providers. In a nutshell, it’s a coding language that enables SSO if you have it available. SAML provides the link between the authentication of a user’s identity and the authorization to use the app.

SAML allows for your identity provider and your service provider to exist separately from one another. This means SaaS solutions (like ours) can use it as user management is centralized. In terms of SSO, it is SAML authentication that verifies the user identity and credentials via passwords or multi factor authentication. An SAML authentication “tells” service providers what level of access to grant the user that has been authenticated.

SAML is one way to enable SSO that’s also compatible with JitBit. Your infrastructure must support SAML first. Otherwise you can still enable SSO via API or AD authentication for the web app version.

An example of how the SAML flow works:

  1. Jen logs into SSO when she starts work for the day
  2. She opens the webpage for JitBit
  3. JitBit checks Jen’s credentials with the identity provider
  4. The identity provider sends authorization and authentication back to JitBit
  5. Jen can get on with her day, using JitBit.

An advantage of SAML is that it can be transmitted by different transport protocols such as HTTP and SMTP. It uses an XML framework which allows it to be used on all platforms.

JitBit operates with SAML 2.0 so it can work with any app that supports the same. Examples of identity providers include:

Download our best practices for password policies here

Final thoughts

User access and authentication has been an issue for years, and in a sense has grown as people use more apps for work. Password issues can create inefficiencies and security concerns.

Single sign-on can help to mitigate these challenges and overall, create a better user experience. No one enjoys spending chunks of their day in frustration over trying to access the apps that they need!

SSO isn’t without risks, but those can be mitigated through clear, strong policies. For example, all users should follow strict protocol around the difficulty of their passwords and what they do to remember them.

For helpdesks, SSO can be a valuable efficiency, and who doesn’t want some time back?