using fingerprint to sign into desktop

Single Sign-on (SSO) for Desktops and Devices

Fast and Frictionless Sign-On for Employees on the Go

The way we work has changed. It’s become less common to have one employee assigned to one desk or office, all the time. Many job functions require employees to access information at different locations, on different devices or stored in different software systems. It’s a hassle to be forced to log into multiple places, multiple times in the same day.

Single sign-on (SSO) allows people to use one master password to authenticate their identity at the beginning of a work period, granting secure access to the right software, files and locations without missing a beat. SSO also reduces IT support costs because there are fewer calls to the service desk for password resets.

One criticism of SSO is that if a password is compromised by a hacker or malware, it exposes multiple systems to that vulnerability. However, this risk is easily mitigated by combining SSO with multi-factor authentication (MFA). MFA is the use of several different factors — something you know, something you are and/or something you have, like a hard token — to verify a person’s trusted identity before granting access.

MFA can be required every time or only when authorized identities are accessing particularly sensitive information. MFA options include:

  • Smart cards inserted into readers next to desktops
  • A one-time password (OTP) sent to the user’s mobile or email
  • A biometric scan, usually a fingerprint
  • A hard or soft token

To get a better understanding of how SSO and MFA can work together, check out this blog post.