Single sign-on (SSO) is a universal strategy for a network login in which the user only needs a single user ID to gain access to computers, applications, services or programs in the network. Single sign-on has the advantages for users that they no longer have to maintain their passwords and remember various, sometimes insecure passwords, but only a single password.
Single sign-on has the advantage that, after a single authentication, participants can access resources released to them without further prompting, because the SSO service authenticates the user for all applications for which he or she has been assigned rights.
SSO can be complex, but it provides organizations with a gain in security. SSO mechanisms increase efficiency and security in access control. The subscriber PC obtains its access rights via transactions in the background without the subscriber being aware of it. For single sign-on, Kerberos has become the standard protocol for Windows and Unix networks. Due to the heterogeneity of the networks and the weaknesses of Kerberos in relation to firewalls, its use is largely limited to internal company networks.
SSO solutions are based, among other things, on smart cards and on one-time passwords( OTP) with ACE server and token card. To increase security, SSO implementations should be coupled with Two-Factor Authentication( 2FA) or Multifactor Authentication( MFA). The Security Assertion Markup Language( SAML) is a universal language for single sign-on.