7 Steps to Implement Single Sign-On

Employees log into a variety of programs daily from email to benefits systems, and other applications and remembering all of the usernames and passwords is a huge challenge. A single sign-on system (SSO) is important to recall various credentials. And that’s why there is a need for a well-defined identity and access management (IAM) roadmap.


But, providing a good SSO user experience has become more complex because the professionals responsible for implementing IAM initiatives must balance user convenience with the enterprise security risk.


Gartner has identified seven steps necessary to deliver an effective SSO architecture.

Step No. 1: Review objectives for SSO as part of the overall IAM program

Organizations must view every IAM project not just to achieve specific functional goals, but also support future IAM change. They must explore various options for implementing SSO and select the ones that are relevant for their needs. 

Step No. 2: Identify users and requirements, assess capabilities and perform gap analysis

Organizations must identify their specific SSO requirements. Implementing an SSO solution for all types of users and all applications is a huge task and requires a phased approach.

Step No. 3: Design an architecture to support SSO

Organizations must decide whether to run SSO software on-premises, use a cloud-based service such as identity and access management as a service (IDaaS) or take a hybrid approach. 

Step No. 4: Determine access control requirements for SSO

Organizations must take an adaptive trust-based approach such as the continuous adaptive risk and trust assessment (CARTA) to evaluate multiple signals, including both affirmative and negative signals.

Step No. 5: Assess other requirements

Once the general architectural approach is identified, organizations must assess other requirements that are relevant for their needs like MS Office 365, AWS, and APIs.

Step No. 6: Refine the architecture as needed

Organizations must iterate and refine architectural approaches as per need. Apply the 80/20 rule.

Step No. 7: Determine required features and vendor shortlists

Organizations must fill the gaps between existing and required infrastructure via upgrading existing IAM tools to newer, more modern versions or adding new software or services. 


Get more insights on how to deliver effective IAM capabilities at Gartner Security & Risk Management Summit 2019 from August 26-27 in Mumbai.

Sign up for information on the agenda, announcements and more! 

Thank You, Please add the domain @gartner.com to your safe sender list to ensure receipt of future email.
Thanks for the subscription.
Error occurred in submitting the form. Please try again!
Error occurred in submitting the form. Please try again!
Thank You, Please check your inbox to confirm your subscription and add the domain @gartner.com to your safe sender list to ensure receipt of future email.

Learn firsthand what you can achieve.