Single sign-on makes life easier for employees and IT administrators alike – and using your online HR system as the source of data will help to make network access even more secure
Single sign-on (SSO) is a crucial identity and access management (IAM) service for many organisations. But it’s a term that many non-IT professionals – such as HR teams – might not have come across before. So what is single-sign on, what are its benefits, and how can HR software help your organisations manage user access in this way?
What is single sign-on?
Let’s start with a definition from CSO Magazine:
“Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you one on one designated platform, enabling you to then use a plethora of services without having to log in and out each time.”
It’s likely that you use SSO every day, both at work and in your personal life. At work, SSO will probably be dictating how you access applications, and what level of access you have. When you use your corporate username and password to log into your email account, networked drive, or other business tools such as an HRIS system, expenses software or learning management system – without having to use additional or alternative credentials – that’s SSO in action. At home, you might use SSO managed by a specific technology provider – such as Facebook, Google, Twitter or LinkedIn – to register for websites or services by choosing to ‘Log in with Google’ or ‘Log in with Facebook’, for example.
What are the benefits of single sign-on?
Introducing SSO brings a number of advantages for system users and IT teams alike, including:
- Enabling frictionless access to all business applications that are part of your organisation’s SSO ecosystem
- It puts your organisation in control of access levels (rather than third-party software providers)
- Users can be set up more quickly, which is great for creating a smoother onboarding experience
- Users’ accounts can also be deactivated more speedily when they leave an organisation, which is vital for data security
- Reduces password fatigue because there’s no need to remember multiple logins and passwords. It’s also less likely users will note down access credentials insecurely (such as on a sticky note on their computer monitor
- Improves worker productivity – there’s no need to rekey credentials to access various systems
- Reduces demand on IT time – Gartner estimates that up to 50% of calls to IT service desks are related to passwords
- Improves access to cloud applications, especially for flexible and remote workers
- Enables IT teams to report on employee system access and usage frequency
What are the disadvantages of single sign-on?
While the benefits of SSO are significant, there are some downsides that organisations need to be mindful of:
- The user database must always be up to date, especially in relation to leavers – if access isn’t revoked when an employee leaves, they will still be able to use a wide range of critical business systems
- Because users’ credentials will enable access to multiple applications, there will need to be good awareness of the need to use strong passwords, and to protect logins and passwords
How is single sign-on managed?
Your IT department will manage users’ access to your organisation’s systems through a product such as Microsoft Active Directory, Google (G Suite) or Okta. These products manage permissions and access to networked resources and systems.
How can an HR system facilitate single sign-on?
Modern HR systems should integrate with your chosen network management tool to help your organisation more securely and effectively manage system access. Your HR database will become the ‘single source of truth’, where information about all starters, leavers and changes is held and updated. So when a new starter joins your organisation and is registered on your HRIS, an IT user account will be generated automatically. Similarly, when someone is marked in your HR system as having left the organisation, their IT account will be deactivated automatically.
Enabling the link between these two systems – the HR software and user access tool – will reduce the time it takes to set up or deactivate a user account, and reduce the likelihood of errors that might occur as a result of manually transferring employee details from one system to another.
You can widen the number of applications that your employees can access via SSO by choosing to integrate your HR systems with other software such as a learning management system, or time and attendance software.
Related reading: How to make your next HRIS payroll software implementation the best yet