Manage SSO (Process - IAM)

Parent Process	Authentication (Process - IAM)
Title	Manage SSO
Status	1.0 DRAFT
Domain	IAM
Goals	Improved User Experience (IAM Goal) +++ Costs Efficiency (IAM Goal) ++ Information Security Resilience (IAM Goal) ++ Productivity Gains (IAM Goal) ++
Objective	Streamline the authentication process by enabling reuse of authentication results across multiple systems thus enhancing user experience, reducing efforts from relying parties and strengthening security
Inputs	Organization policies IT Systems IT Change Management IT Project Management
Activities	Design SSO Deploy SSO Maintain SSO Optimize SSO
Outputs	IT Systems that reuse centralized or federated authentication
Indicators
Scopes	At the level of an organization entity, program or project, the process scope may be defined using the scope dimensions listed below. But at the organization level, the scope must be embraced holistically to effectively manage revocation risks and consider all of these scope dimensions . User populations: permanent employees, contractors, partners, customers, consumers, authorities Identity categories: humans, robots, processes Principal categories: user accounts, technical accounts, service accounts Credential categories: passwords, certificates Access type: logical, physical (/wiki/spaces/QUOT/pages/67568001) Security session mechanisms or not (account lockout policies) IT Systems (business applications, infrastructure, …) Organizational scope (region, division, unit, …)
Risks	The deployment of SSO reinforces security, even though it may marginally increase risk in certain circumstances, e.g. when an identity is compromised (/wiki/spaces/QUOT/pages/76021898). This risk is typically offset by the concomitant implementation of MFA. Sloppily implemented SSO may weaken security.
Sources
See Also	Enterprise Single Sign-On (Dictionary Entry) Federated SSO (Dictionary Entry) Multidomain Single Sign-On (Dictionary Entry) Single Sign-On (Dictionary Entry) Web-based Single Sign-On (Dictionary Entry)