Why Enterprise SSO Is Not Enough to Secure Your Business
Originally published Apr. 6, 2022
When it comes to securing access and authentication, it's important to have the right essentials in your cybersecurity stack. While SSO remains an effective authentication technique, the best way to secure all your logins is by integrating SSO into an enterprise password manager like Dashlane.
The benefits and risks of using SSO
Enterprise SSO provides multiple benefits for your organization. For example:
- It’s a convenient way for your business to centralize access rights control for all your critical services and tools. It also reduces help desk calls for password-related issues.
- Employees can easily log in to different systems, websites, and applications with one enterprise identity, eliminating the need to remember multiple passwords.
- For IT teams, SSO helps meet certain security and compliance requirements because it gives them more control over access to critical systems. SSO also reduces the attack surface since there are fewer passwords for cybercriminals to steal.
However, in recent years it’s become clear that SSO protocols aren’t without limitations—and can’t reliably protect your employee credentials for all accounts by themselves. Here are some aspects that admins need to consider:
- Not all SaaS applications support SSO, even ones as widely used as X (formerly Twitter). That means you have to manage those access rights through individual credentials manually, making the process more time-consuming and potentially introducing errors.
- SSO can’t solve or account for shadow IT; when employees use apps and devices without the knowledge or supervision of the IT team, they can’t be connected to SSO.
- SSO is not supported by consumer apps that your employees use, whether that’s consumer versions of popular file-sharing apps or social media platforms.
From a security perspective, SSO also creates risks. If not managed properly, your SSO protocols can open doors for hackers. For instance, an employee’s leaked or compromised SSO credential provides an entry point to all the employee’s accounts. From there, an attacker can gain access to various sensitive business systems within your organization. Cybercriminals evolve their techniques by adapting to new trends. Centralizing identity into a single system makes your SSO tool an attractive target for hackers. They only have to breach one vendor to get potential access to numerous customers and user accounts.
This risk is not limited to your employees. Other insiders—contractors, interns, and business associates—who can access your critical systems are at risk, as are any third-party services plugged into your internal infrastructure. All those users and third-party systems are potential attack vectors.
Update: Dashlane Confidential SSO & Provisioning allows admins to easily set up a credential manager, making it easier for employees to log in to their Dashlane vault safely. Learn more today.
How to mitigate SSO risks
Secure all your logins by integrating SSO into an enterprise password manager like Dashlane. Password managers are a more universal solution that work with any online service or cloud and web application. And while a password manager can seamlessly pair with your SSO, it is ultimately a separate solution, providing you with an extra layer of security should your SSO provider be compromised. A password manager also provides additional security on the long tail of services that SSO cannot cover.
In addition to implementing a password manager, complement your SSO solution with robust two-factor authentication (2FA). 2FA significantly reduces your risk of stolen and leaked passwords.
A solution like Dashlane makes it easy to integrate and manage 2FA with capabilities such as:
- Autofilling 2FA codes received by SMS (for some apps)
- Syncing 2FA codes across devices, making it convenient for employees who use multiple endpoints
- Enabling sharing of 2FA codes between employees
When you implement a business password manager, your adoption rate depends on having a user-friendly solution. A low adoption rate by employees will still leave your non-SSO logins highly exposed. When you’re considering a new solution, look for one that’s recognized for its user-friendliness. Dashlane has long been known as an easy-to-use (and easy-to-love) password manager. We’ve recently made it easier for organizations to roll out Dashlane to all their employees by offering site licenses. With a Dashlane site license, you can reduce your costs and increase your organization’s security.
Also, look for additional features that can boost your security. Dashlane, for instance, offers Password Health scores and Dark Web Monitoring. Password Health scores help employees proactively improve their password hygiene while empowering admins to monitor scores across the business and raise awareness about best practices. And with Dark Web Monitoring, employees receive immediate alerts when their credentials appear on the dark web so they can quickly change them.
The market offers a wide variety of tools for securing your business. But securing credentials doesn’t have to be complicated—simple ways to mitigate SSO risks are just as effective when implemented properly.
Discover how to improve organizational security by seamlessly integrating SSO and a password manager in our white paper. For more information about our Dashlane site license program, read our blog.
Sign up to receive news and updates about Dashlane