We talked about SSO in the context of automation and identity management, but using an identity management solution has more benefits than just automation.  

What are SSO and SAML? 

SSO or Single Sign On simply refers to the capability to access multiple accounts with one login. However, there are a few different ways to achieve this end goal from a technological standpoint. The most common authentication standard in enterprise contexts is SAML, or Security Assertion Mark-up Language. Simply put, SAML is the technology that powers SSO. 

Why are they important? 

While there are a variety of benefits from the perspective of ease of use, here are a few specific security benefits: 

1. Implementing SSO makes it easier for IT teams to enforce password policies and MFA (and avoid offboarding errors) since they have less passwords to manage. They can also get more granular with the policies in place.  

2. Implementing SSO reduces likelihood of employees using bad passwords –remember that you are only as strong as your weakest password, so taking steps to avoid having any weak passwords is critical 

3. Implementing SSO reduces surface area of where passwords are stored. With SSO, you have less passwords out there that could get leaked in any data breach. You can also have more control on where to store them. 

SSO in Rescue 

Rescue supports Identity Provider Initiatied (idP) and Service Provider initiated (SP) SSO. Logging in via idP SSO would start on your idP page, whereas SP SSO starts by entering your email into the Rescue first.    Using SSO in Rescue lets you use the settings you’ve already configured in your identity platform – sometimes even decided by Security teams – like:  password complexity requirements  how many times you need to authenticate,  how long the session is valid for  MFA requirements  login tracking

TIP: Make sure to implement the earlier tips here, or else SSO won’t make things more secure (and might make things less secure).