Principle Solutions & Innovations Consultant
Time to start your day. You go to your desk, where your two 23″ inch monitors and sticker-covered laptop are located. Your monitors are littered with sticky notes reading, “Username: XXXXXX Password: YYYYYY,” “PIN: ZZZZ,” and other variations of the sort. Or maybe you have your passwords stored digitally, but you still have multiple passwords. Remembering passwords for 20 different services is burdensome, even for the most active tech users. Single sign-on is there to help.
In the personal world, this strategy is more or less tolerable. Users may not need to protect usernames and passwords from prying eyes. A user may sign in to a handful of applications in a day, but remembering the unique username and password combination for each application on a day-to-day basis is a near-impossible task. Not only does a user have to keep track of a plethora of sign-in credentials, but they must prevent the stealing of passwords by making them secure. Sticky notes or a password journal definitely wouldn’t pass the test. Don’t forget those sticky notes can get lost or damaged — good luck signing onto Netflix on a new device.
Single sign-on solves these problems for an organization or and in an end user’s personal life. A single sign-on solution provides simplified access control for authentication and authorization. Now, users use a single username and password combination to access services and applications; no more sticky notes or password journals. Single sign-on is beneficial for users and benefits a business as a whole. Managing and addressing access, forgotten passwords, and locked accounts require a team to help end-users costs time and money. Single sign-on provides a single platform for managing these issues. With only a single username and password combination, employees access services and applications with ease — not to mention simplifying employee on and off-boarding.
Think of a large organization that provides end-user services, allowing them to access a separate application for each service. The end-users have to sign in to each application individually. Every time they choose to switch applications, they have to sign again. You can imagine how tedious this is. Say this organization provides video streaming services and has an application for movies, TV shows, and online shopping. Without single sign-on, a username and password is needed for each service. Let’s think about the previous scenario described above. We can imagine this enterprise’s end-users as the users with sticky notes covering their laptops or desktop monitors, struggling to keep up with the amalgam of usernames and passwords collected over the years. In reality, a user with this struggle wouldn’t last long. End-users want an easy process with everything they do. Signing in to each platform of their favorite site is not very appealing. With single sign-on, a user’s username and password are shared across applications or platforms. A sign-in operation on said platforms is retained when accessing the enterprise’s platforms secured by a single sign-on. Say “hello” to a more user-friendly experience! This also extends to internal users, such as an organization’s employees. Single sign-on can be used to secure the applications an enterprise’s employees use daily, allowing them to sign in once and have access to all of their frequently used applications.
As a Premier Red Hat Apex Partner, we have helped customers implement a single sign-on solution using Red Hat Single Sign-On or “Red Hat® SSO.” Red Hat SSO is the supported platform based on the upstream community project Keycloak. Red Hat SSO provides industry-standard mechanisms for authentication and authorization while also allowing customization to meet an enterprise’s needs.
Red Hat SSO provides authentication and authorization using known standards such as OAuth 2.0, SAML, OpenID Connect, Kerberos, X.509, and W3C Web Authentication. The advantage of supporting authentication standards allows organizations to integrate Red Hat SSO with existing tools and platforms. Using Red Hat SSO as an Identity Provider (IdP) is the most common use case for organizations. When acting as an IdP, Red Hat SSO manages the identity information, including creation. However, it’s becoming more common when working with our customers to use Red Hat SSO as an IdP and an Identify Broker. Have you logged into a website or app using a Google, Facebook, or Apple login? If so, you are using an Identity Broker. When Red Hat SSO acts as an Identity Broker, identities across multiple security domains are managed and associated with an account.
When discussing Red Hat SSO, customers typically asked where accounts are stored. While Red Hat SSO does have a database, it can also integrate with LDAP compliant systems such as Active Directory. The LDAP integration allows existing accounts to be used instead of creating, you guessed it, another username and password for someone to remember. However, it’s not always the case that an organization has LDAP or only uses it for employees and not external users, for instance, customers. Red Hat SSO provides customization using User Storage Service Provider Interfaces (or SPI’s) to handle this scenario. The SPIs enable developers to extend the platform to bridge a user store and Red Hat SSO, removing the need to migrate users.
While we’re on the subject of customization, it’s essential to have a cohesive user experience, whether registration, login, account management, or password reset emails. Red Hat SSO provides the ability to manage those items meaning organizations can provide a branded experience tailored to users. If there are internal and external users, each may have a different experience which Red Hat SSO manages.
Red Hat® is a trademark of Red Hat, Inc., registered in the United States and other countries.