Updated Aug 4 2020 :: by Katie Joll

Should your help desk enable single sign-on (SSO)?

SSO is one of the features we offer at JitBit, via four possible methods. Having SSO provides a number of efficiencies to help desks, but naturally, people have questions about it first.

Primarily, people ask why they should use SSO, what the benefits are and whether there are any risks they should take into account. Below is a brief run-down on what to expect from SSO:

Free download: Best practices for password policies

What is Single Sign-on?

Single Sign-on means that your users can sign into your help desk software using the same sign-on they use for other cloud apps or websites. If you’ve ever spent time yelling “but that IS my password!” at your screen, you’ll understand how this might be helpful.

A prime example of SSO is Google’s implementation across all of their products. If you are signed into your Gmail account, you automatically have access to Google Drive, YouTube and other Google products and services.

In the help desk world here at JitBit, we offer single sign-on via the following four methods:

  1. Via the authentication API
  2. Via AD authentication (non-Azure local AD) when you place a simple script on your local server that will authenticate your users and redirect them to the help desk application
  3. Via windows-integrated authentication (self-hosted version only)
  4. Via SAML.

Benefits of Single sign-on

There are several great reasons to use SSO. To begin with, have you ever kept a record of how much time your service desk spends on password resets? Most users have to remember an average of 40 passwords and for many, something has to give.

Dealing with password issues can take up a lot of time that could be used for more productive tasks. The task might be easy, but it’s inefficient. SSO allows users to spend more time working and less time trying to open up the software.

Speaking of passwords, SSO can help to minimize bad password habits that people have. Password fatigue can be a real issue. When they have so many to remember (compounded by scheduled password changes), people often resort to passwords that are too easy or to doing other things to remember them, such as writing them down. Having SSO can assist your company with enforcing your password policies and reduces the mental load on users.

SSO can help to improve identity and security protection in some ways. For example, when employees leave it makes it easy for IT to revoke one stream of access, rather than having to go through separate programs, with the risk that some get missed. Identity security can be strengthened with two-factor or multifactor identification. If your company connects with outside vendors or partners, SSO can reduce security risk there, too.

Another benefit of SSO is that it saves time. How many apps do your users have to access in a day? Re-entering passwords across different apps (or forgetting, then resetting) is a time-sink that they could do without. SSO streamlines their workflows and helps to provide a better user experience, too.

Single sign-on can help to minimize the bad password habits people get into

Are there any risks of Single sign-on?

Underlying the growing use of cloud-based software are a number of challenges around user authentication. SSO is positioned to help with this, but there are a few potential risks. For example:

  • Single sign-on doesn’t mean single logout. That process tends to vary across applications, so it’s possible someone may still be logged into applications and unaware that they haven’t logged out, presenting a potential security risk.
  • One set of credentials could prove to be a disaster if a hacker figured out that one password. Once they have cracked one application, they can access the rest easily. This single point-of-failure can have massive repercussions, but they can be mitigated with good planning for SSO. For example, you can select strong password requirements and use features such as multi-factor authentication. This adds layers of protection to a user’s mobile phone).
  • Not all SSO solutions will be able to integrate with any on-premise or legacy applications. This can be a real inefficiency. (JitBit’s self-hosted version allows for SSO via windows-integrated authentication).
  • SSO can be a risk in office environments where different users access the same computer. One user might still be logged in when another decides to use the machine. This can create security risk in terms of traceability. The system says Jan made the change, but really it was Jon using Jan’s login.
  • If your identity provider goes down, your SSO does, too. While this is rare, it’s a possibility. Be careful about choosing a good vendor!

What is SAML?

SAML is “Security Assertion Markup Language.” It is an open standard that allows identity providers to pass authorization credentials to service providers. In a nutshell, it’s a coding language that enables SSO if you have it available. SAML provides the link between the authentication of a user’s identity and the authorization to use the app.

SAML allows for your identity provider and your service provider to exist separately from one another. This means SaaS solutions (like ours) can use it as user management is centralized. In terms of SSO, it is SAML authentication that verifies the user identity and credentials via passwords or multi factor authentication. An SAML authentication “tells” service providers what level of access to grant the user that has been authenticated.

SAML is one way to enable SSO that’s also compatible with JitBit. Your infrastructure must support SAML first. Otherwise you can still enable SSO via API or AD authentication for the web app version.

An example of how the SAML flow works:

  1. Jen logs into SSO when she starts work for the day
  2. She opens the webpage for JitBit
  3. JitBit checks Jen’s credentials with the identity provider
  4. The identity provider sends authorization and authentication back to JitBit
  5. Jen can get on with her day, using JitBit.

An advantage of SAML is that it can be transmitted by different transport protocols such as HTTP and SMTP. It uses an XML framework which allows it to be used on all platforms.

JitBit operates with SAML 2.0 so it can work with any app that supports the same. Examples of identity providers include:

Download our best practices for password policies here

Final thoughts

User access and authentication has been an issue for years, and in a sense has grown as people use more apps for work. Password issues can create inefficiencies and security concerns.

Single sign-on can help to mitigate these challenges and overall, create a better user experience. No one enjoys spending chunks of their day in frustration over trying to access the apps that they need!

SSO isn’t without risks, but those can be mitigated through clear, strong policies. For example, all users should follow strict protocol around the difficulty of their passwords and what they do to remember them.

For helpdesks, SSO can be a valuable efficiency, and who doesn’t want some time back?

'The Benefits of Single Sign-on for Help Desks' was written by Katie Joll
Katie Joll
Katie is our writer who specializes in technology and travel. When she's not writing, you'll probably find her on a trail, taking photos.

Subscribe comments Tweet

Brought to you by

Help desk software

Jitbit Helpdesk