Basic single sign on requirements (checklist)
It’s critical that your SSO solution meets the basic requirements to support employees and IT needs. That means a secure solution and one with high usability. But remember that SSO is only part of your identity and access management solution. Digital transformation today relies on an Identity and Access Management (IAM) platform that includes SSO as well as other tools like MFA and directory integration.
Use the checklist below to make sure that your SSO system offers the protection your company needs.
User community support
Does the SSO solution support all your user communities?
Workforce (employees and contractors)
Partners/Vendors
Customers
Customers
If your customers need access, does the SSO system support commonly-used consumer authentication methods?
Facebook
Google
True SSO
Does the SSO solution allow true single sign-on versus password vaulting?
User only enters one username and password to access all apps/sites
User only has to log in once per day or session to gain access to all corporate apps/sites
Application integration
Does the SSO solution work with your cloud and on-prem apps?
SSO supports all your cloud applications
SSO supports all your on-prem applications
Open standards support
Does the SSO solution support the most common, widely-used protocols that enable a trusted relationship?
SAML
OpenID Connect
OAuth 2
WS-Federation
Reputation for security
Does the vendor meet the common, highest security standards and implement adequate internal processes?
SOC 2 Type 2
ISO 27017
ISO 27018
ISO 27001
Skyhigh Enterprise-Ready
CSA Star
TRUSTe
U.S. Privacy Shield
GDPR
EU Model Contract clauses
Adheres to the NIST Cybersecurity Framework
Vendor performs Penetration tests
Vendor performs network scans
Vendor has a bug bounty program
Availability and disaster recovery
Does the SSO service demonstrate consistent and high availability and the ability to recover quickly from disasters?
Historical availability of over 99%
Recent availability (last twelve months) of over 99%
Uses multiple data centers in different regions
Uses replication and redundancy across regions
High usability
Is the SSO user interface simple enough that employees will embrace it?
Provides a single portal of apps
Integrates with all the common browsers
Streamlines the app access process
Streamlines the login process
Makes it easy for users to reset their own passwords
Mobile ready
Does the SSO solution provide thorough support for mobile users?
Provides SSO for mobile devices (via a native mobile app)
Supports a variety of devices via SAML and partnerships with MDM vendors
Works with your multi-factor authentication (MFA) tool
Flexible password rules
Does the SSO system support and enforce password requirements in a usable and effective manner?
Lets you set password expiration times
Lets you set password complexity (length, characters, etc.)
Provides expiration notifications (helping to reduce support tickets)
Enforces MFA requirements for password resets if MFA is used
Enterprise access
Does the SSO solution integrate with your network access points?
Integrates with VPN
Integrates with Wi-Fi for app access
Provides endpoints for integration with RADIUS and LDAP
Federation
Does the SSO solution allow you to use the existing, corporate identity providers you prefer?
Microsoft Active Directory
Amazon Active Directory
LDAP
Google Directory
Human Resource Management Systems (HRMS), such as Workday or SuccessFactors
Authentication
Does the SSO solution provide additional security?
Multi-factor authentication
Adaptive authentication
Automatic forced authentication for high-risk resources
X.509–based certificates
Developer support
Does the SSO solution provide APIs and support so you can enable single sign-on for your custom applications and third-party systems?
SSO registration and life-cycle management APIs
SDK for major platforms and languages
Supports OpenID Connect
Reporting
Does the SSO solution provide reports that enable you to meet compliance requirements and enhance your security based on threat data?
Ability to externalize authorization events to third-party SIEM solutions
Out-of-the-box reports and audit trails
Advanced requirements
Although any SSO solution should meet basic requirements, organizations making a successful digital transformation usually choose solutions that meet advanced requirements. An advanced SSO solution ensures, from the start, that you aren’t behind the curve.
Behavioral analytics
Does the SSO solution use behavioral analytics to intelligently adapt and respond?
Allows blacklist and whitelist of geolocations and IPs
Allows you to set responses to high-risk login attempts
Allows you to set certain apps to require re-authentication (such as through MFA)
Manage authorization
Can the SSO solution manage authorization through its integration with your identity provider(s)?
Supports RBAC access
Supports provisioning and deprovisioning of user access in apps
Easy integration
Can you integrate the SSO solution with your custom apps and in your organization without having to replace or significantly modify existing solutions?
Enables integration into your custom apps via an API
Enables incorporation of SSO without the need to rip and replace other solutions
