Corporate single sign-on (SSO), allowing employees connect to all internal and external system with a single user id and passwords has long been a goal of IT managers. They traditionally, site the effort of maintaining multiple userids/passwords, the time spent performing password change and reset and the resultant lost productivity as cost justifications. This business case has received a lukewarm reception at best since the potential productivity and time savings are hard to quantify in real dollars.
However, there is a new, much more powerful justification; corporate compliance. Internal auditors and government regulations demand tight control over the user id provisioning process. For example, the widely adopted MA 201 CMR 17.00 privacy regulation calls for “immediately blocking terminated employees, physical and electronic access to PI (personal information) records (including deactivating their passwords and user names).” Systems that contain employee and/or personal information are under increased scrutiny. Access control standards are nearly impossible to maintain in an environment where authentication is distributed among many disparate systems.
Increasingly, companies adopt corporate SSO to ensure that removing a use in a single, central location, disables the users from access to all corporate systems, both internally and in the cloud. Further, one set of password policy (password strength, expirations dates, etc.), enforced on the central directory automatically applies to all systems that are accessed via SSO. Auditors routinely accept single sign-on as a proven solution to the password maintenance and termination issue.
Employees can now maintain compliance on numerous systems without the nightmare of dozens of individual credentials each with their own.
IT managers are now revisiting corporate single sign-on. They are providing the original convenience and productivity gains for employees while justifying the effort based on legal and internal audit compliance.