Single sign-on (SSO) is an authentication mechanism that allows a user to log in with a single user credential to multiple web applications (cloud or on-premises) and sites.
Single sign-on is based on the concept of federated identity management in which one or more applications (service provider) have a trust relationship set with an SSO service (identity provider). When a user signs in to one of the applications the SSO service provider will check whether the user has already signed in. If an authentication token is available, then the same will be shared with the application. If not, a new token will be shared with the application. When the user tries to log in to any other application that has a mutual trust established with the SSO service, then they are automatically granted access. Standard SSO is achieved through federated protocols like OIDC, OAuth, and SAML 2.0.
SSO service need not necessarily store the user credentials. Most SSO services validate the user credentials against a separate identity management services like AD / LDAP (AD) or LDAP or other Identity Providers.
CyLock SSO uses Microsoft AD / LDAP Federation Services (ADFS) which is part of the Microsoft Windows Server OS to provide Single Sign-On services to on-premises applications. Cloud services like O365 and Google Workspace can be enabled with SSO through the on-premises ADFS setup.
CyLock SSO can be used by enterprises, financial institutions, and governments to eliminate the need for managing multiple credentials for its user and customers.
Enable passwordless authentication using CyLock MFA mobile app to deploy and manage passwordless SSO solution.
Secure Browser Authentication (SBA) provides Single Sign-On (SSO) like experience to users when they login to external web applications that do not support federated protocols like SAML 2.0, OIDC and OAuth.
Many enterprises still use applications that do not support federated protocols or do not use common credentials for login. In such cases CyLock SSO using SBA technology can used to provide a seamless SSO like experience to end users without the need for remembering multiple credentials for each application.
Users enter their login credentials CyLock SSO portal
If first factor authentication is successful, MFA is triggered based on the preferred authentication mode set or user can select from a range of MFA options
After successful authentication of the second factor, a dashboard is displayed with the list of web applications they are allowed to access
User can then click the application they want to login
A new tab is opened with the login page of the selected application
The SBA browser extension component will automatically fill the username / password and trigger the login process without the need for the user to input anything
If the credentials are successful, user is logged into the web application
On top of strong password policies, organizations can enable MFA to provide a more secure SSO process within the organization. MFA can provide security against cyber-attacks thereby safeguarding enterprise identity and data. The table below lists the authentication types and the security options supported during SSO.
  Enforce strong and realistic password policies.
  Eliminate the need to manage multiple passwords.
  Boost user productivity as they need to remember fewer passwords and sign in once.
  Protect access to any application - On-premise or cloud hosted.
  Defend against cyber-attacks.
  Reduced IT help desk calls for a password reset.
  Better visibility, tracking, and control of applications by the IT team.
Seamless and fast access to internal or external work applications without the need of remembering multiple passwords or logging into individual applications, will improve employee productivity. CyLock SSO enabled with strong security can make this happen by providing a smooth user experience.
To learn more about our product and how it can secure your applications, please talk to our support team.