This post is also available in: French, German, Portuguese (Brazil)

Why Enterprise SSO Is Not Enough to Secure Your Business

This post is also available in: French, German, Portuguese (Brazil)

Mitigate risks created by SSO by integrating it into a robust password manager and 2FA.

The recent Okta hack has caused many businesses to take another look at their authentication protocols. This incident is a good reminder that SSO is not enough—but there are simple ways to mitigate your risk.

The benefits and risks of using SSO

Enterprise SSO provides multiple benefits for your organization. For example:

  • It’s a convenient way for your business to centralize access rights control for all your critical services and tools. It also reduces help desk calls for password-related issues.
  • Employees can easily log into different systems, websites, and applications with one enterprise identity, eliminating the need to remember multiple passwords.
  • For IT teams, SSO helps meet certain security and compliance requirements because it gives them more control over access to critical systems. SSO also reduces the attack surface since there are fewer passwords for cybercriminals to steal.

However, in recent years it’s become clear that SSO protocols are not a magic bullet. They have many limitations—and can’t reliably protect your employee credentials for all accounts by themselves.

Here are some aspects that admins need to consider:

  • Not all SaaS applications support SSO. That means you have to manage those access rights through individual credentials manually, making the process more time-consuming and potentially introducing errors.
  • SSO is especially a challenge with shadow IT, since employees are using those applications and devices without the knowledge or supervision of the IT team. 
  • SSO is not supported by consumer apps that your employees use, whether that’s consumer versions of popular file-sharing apps or social media platforms.

From a security perspective, SSO also creates risks. If not managed properly, your SSO protocols can open doors for hackers. For instance, an employee’s leaked or compromised SSO credential provides an entry point to all the employee’s accounts. From there, an attacker can gain access to various sensitive business systems within your organization.

Cybercriminals evolve their techniques by adapting to new trends. Centralizing identity into a single system makes your SSO tool an attractive target for hackers. They only have to breach one vendor to get potential access to numerous customers and user accounts. The recent breach of Okta is an illustration of that risk.

This risk is not limited to your employees. Other insiders—contractors, interns, and business associates—who can access your critical systems are at risk, as are any third-party services plugged into your internal infrastructure. All those users and third-party systems are potential vectors. In the case of Okta, the breach reportedly came from a vendor providing customer support to Okta users.

How to mitigate SSO risks

SSO remains an effective authentication technique when paired with robust security. The best way to secure all your logins is by integrating SSO into a password manager. Password managers are a more universal solution that works with any online service or cloud and web application. 

A password manager also provides additional security on the long tail of services that SSO cannot cover.

In addition to implementing a password manager, complement your SSO solution with robust two-factor authentication (2FA). 2FA significantly reduces your risk of stolen and leaked passwords.

A solution like Dashlane makes it easy to integrate and manage 2FA with capabilities such as:

  • Autofilling 2FA codes received by SMS (for some apps)
  • Syncing 2FA codes across devices, making it convenient for employees who use multiple endpoints
  • Enabling sharing of 2FA codes between employees

When you implement a password manager, your adoption rate depends on having a user-friendly solution. This is important because a low adoption rate by employees will still leave your non-SSO logins highly exposed. When you’re considering a new solution, look for one that’s recognized for its consumer design and user-friendliness.

Also, look for additional features that can boost your security. Dashlane, for instance, offers password health scores and Dark Web Monitoring. Password health monitoring helps employees proactively improve their password hygiene, while enabling admins to monitor scores across the business and raise awareness about best practices. And with Dark Web Monitoring, employees receive immediate alerts when their credentials appear on the dark web so they quickly change passwords.

The market offers a wide variety of tools for securing your business. But securing credentials doesn’t have to be complicated—simple ways to mitigate SSO risks are just as effective when implemented properly.

For more insights about remote working, check out our new e-book, The Dashlane Guide to Hybrid Work.