FIVE REASONS WHY SSO PROJECTS FAIL

FIVE REASONS WHY SSO PROJECTS FAIL

Identity is the fundamental security control in the multi-perimeter Enterprise world. Through 2016, Federated Single Sign-On will be the predominant SSO technology, needed by 80% of Enterprises.

By 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets and 80% of access will be shaped by non-PC architectures.

A well-executed Single Sign-On (SSO) strategy eliminates password-related reset costs and downtime, mitigates the risk of insider threat, improves user experience, authentication processes and puts the organisation firmly in control of user access.

However, there are many expensive pitfalls in the journey from SSO as a concept to a successful SSO implementation. Challenges as a result of identity sprawl, an evolving technology & corporate roadmap, scalability and integration complexity can result in these expensive failures.

This paper summarises the main SSO pitfalls to be aware of and the actions you can take to mitigate these.

my1login.com | 1

Through 2016, Federated Single Sign-On will be the predominant SSO technology.

1. IDENTITY SPRAWL

• The SSO solution is not inclusive of all users, apps and devices in use across the organisation. Some users are still able to log into applications outside of the SSO solution

• Doesn’t allow the organisation to bring together multiple directory structures

• User identities may exist in different forms within different systems and the SSO solution is unable to synchronize these and provide a single identity for each business user. For example, HR may have implemented a cloud-based appraisal system that uses personal number and a password for authentication, finance may have procured a corporate expenses system that uses email address and password, and other systems may use active directory login credentials to authenticate users

• Legacy desktop applications that don’t integrate with users’ directory logins can be the weak link that causes SSO to fail.

2. LACK OF VISIBILITY

• Lack of visibility of the applications in use across the business is one of the biggest barriers to successful SSO implementation

• Department-led adoption of cloud services means there are business applications in-use that IT are not aware of which need to be integrated with the SSO solution

• If these apps are not integrated with the SSO then end-users will perceive SSO to have failed.

Federated SSO will be the predominant SSO

technology, needed by

80% of Enterprises, by 2016

70% of all businesses will use ABAC as the dominant mechanism to protect

critical assets

The SSO solution doesn’t unify all user identities

If you don’t know about it, you won’t consider it, and if you don’t consider it, SSO won’t solve it

Choosing an SSO solution that auto-discovers and auto-integrates new applications provides visibility of all corporate applications and seamlessly links them to the SSO.

Pick 5-10 end-users that represent departments across the organisation and use them to set the benchmark for use-cases your SSO solution needs to address.

my1login.com | 2

An SSO solution that is not critically dependent on complex connectors with target applications can provide significant future-proofing.

3. EVOLVING TECHNOLOGY & CORPORATE ROADMAP

• While the SSO solution worked with all the systems in place at the time the project was implemented, it doesn’t integrate with newly-adopted applications and devices

• The SSO solution isn’t compatible with new web technologies introduced after project completion

• The SSO solution’s benefits don’t align to evolving business drivers - eg. the business has moved to virtualized applications instead of desktop solutions to reduce in-house maintenance costs, but the SSO solution isn’t compatible with these

• SSO solution isn’t compatible with a newly-adopted BYOD initiative for a number of user-owned devices. eg. It may work with Android and IOS, but isn’t compatible with Windows phones

• Business decentralises control for application adoption – apps adopted by departments have no native integration with the SSO solution and operate outside of its control

• The company infrastructure goes through an architecture upgrade after the SSO project is introduced.

The SSO solution works for known use cases, but is not future-proofed for longer term roadmap initiatives

Choosing an SSO solution that is not critically dependent on complex connectors with target applications can provide significant future-proofing. Being able to use connectors where available, e.g. SAML or OAuth, for authentication, provisioning and de-provisioning is great, but in order to be widely compatible and future-proof, the SSO solution also needs to be able to work with legacy desktop (non-browser), virtualized and cloud-based applications that don’t have connectors.

my1login.com | 3

• If your SSO solution requires a change in user behaviour this can create a huge barrier to adoption

• Forcing users to use an SSO portal or to change their normal working practices makes their life more difficult rather than removing the burden it aimed to solve.

4. LACK OF ADOPTION BY USERS

5. SCALABILITY, COMPLEXITY & COST

• Solution is capable of supporting end-user numbers at project completion, but cannot scale to provide for increased user numbers as the business grows

• Technical limitations with the SSO solution means it’s unable to grow with the business, e.g. the SSO solution’s architecture isn’t scalable

• Corporate transformation projects such as an acquisition could lead more complex, multiple directory structures that challenge the limits of the SSO

• Demand on IT team increases as new applications need complex integration with the SSO solution

• It becomes easier and more cost-effective to roll out new applications outside of the SSO solution due to the overhead of integration

• The overhead in maintaining an on-premise SSO solution become unmanageable.

Users bypass the SSO solution where possible

The SSO solution is unable to scale with the business

End-users are typically resistant to change. Deploying a solution that doesn’t require an end-user to change their behavior, and operates seamlessly, will remove any barriers to adoption.

Select a solution that can integrate identities with the SSO across multiple domains. Using a federated SSO solution removes the challenges of scaling and delivers a far lower total cost of ownership.

my1login.com | 4

SUMMARY

PARTNERS

HAVE A QUESTION? SPEAK TO OUR IDENTITY EXPERTS

Email VisitCall

0800 044 3091 contact@my1login.com www.my1login.com

My1Login Limited, Office 404, 324 Regent Street, London, W1B 3HH

© My1Login. All rights reserved.

Founded in 2007, My1Login is a European leader in protecting against enterprise cyber security threats through its Identity and Access Management solutions.

The trend towards SaaS has moved Enterprise identities outside the traditional corporate infrastructure, exacerbating the challenges of identity sprawl, password fatigue, resets and compliance adherence. My1Login’s next generation Identity and Access Management solution enables organisations to overcome these challenges by providing a single user identity for employees, improving productivity and eliminating security threats.

My1Login’s IAM solution supports identity standards such as SAML, SCIM, OAuth 2.0 and OpenID Connect, but uniquely can also integrate with target applications that don’t have connectors (e.g. legacy and mainframes), ensuring there are no gaps. My1Login works across cloud, mobile and legacy desktop applications enabling control of user identity and access while delivering a return on investment. The service can be deployed rapidly, even in the most complex enterprise environments.

About My1Login

10,000+ Apps In addition to working with legacy, desktop and mainframe applications, My1Login also works with today’s enterprise cloud apps such as Microsoft Office 365, Zendesk, DocuSign, Netsuite, GotoMeeting, Dropbox, Yammer, Atlassian, Workday, Box, Google Apps, Salesforce and Cisco.

My1Login Protects Over 1,000+ Organisations Worldwide