discover our V.D.R.

Instead of an SOS it is better to opt for an SSO.

November 2018

Instead of an SOS it is better to opt for an SSO.

Numerous passwords, credentials and different authentication procedures pass every day from our hands, minds and devices to allow us to access to our daily activities.

How many passwords and credentials do we have to invent and remember every morning when we go to work and sit in front of a computer, or when we access our smartphone, before we can start working? Many, often too many. Some write them in their phone’s Notes app, some in a paperback agenda, some memorize them in their head (!!!!), some ask their assistants, while others use specific tools such as Universal Password Manager to store the keys to their work. Many systems require multiple forms of access, such as desktop logins, emails, external resources, web applications. To login and then logout of an application, to login again, requires to add your credentials multiple times a day. On the other hand, we know that these procedures are necessary for us to access any system or app while maintaining high levels of security. A valid alternative, if applicable with the activities to be carried out and the corporate policies, is the Single Sign On (SSO), i.e. single authentications/identification. An access control system that allows users to be identified once and propagate the authentication information to the various systems or networks (in our case to the VDR) to which they are registered.

SSO advantages

The SSO presents several advantages mainly linked to the possibility of facilitating passwords management: the greater the number of passwords to manage, the greater the possibility that they will be similar, easy to memorize, thus, inevitably lowering the level of security. SSO helps simplify access management to the various services as well as the definition and management of the security policies. Moreover, with this single identification procedure your credentials never leave the authentication domain, you reduce the operational costs as well as the time to access the data. Last but not least, SSO improves the user experience, avoiding users to have to “carry” too many passwords (mentally or in writing!).

 

How does SSO work?

The Single Sign On is based on 3 key steps.

Identification - WHO ARE YOU?
Authentication - PROVE WHO YOU ARE
Authorization - ACCESS TO PROTECTED RESOURCES

Which architecture to choose?

The SSO must be integrated and made operational within an architecture that is selected based on specific corporate needs. The are three types of approaches that can be implemented.

Centralized approach.
In this case, you start from a single centralized database of all users with consequent centralization of security policies.

Federated approach.
With a federated approach, different service providers («federated» between each other) manage data belonging to the same user. Access to one of the federated systems allows to automatically access all the other related systems and services. This approach responds to the need for decentralized user management and allows service providers to keep control over their own security policy.

Cooperative approach.
Each user depends on each partner entity to access each service. Each service provider independently manages its own security policy without exchanging user credentials between other entities. This approach responds to the needs of institutional structures in which users depend on a single entity (i.e. Universities, Public Administrations, etc.).

single sign on Multipartner Virtual Data Room

Main supported protocols

SSO, being the property of an access control system, integrates into an IT architecture designed to receive it (i.e. configured ad hoc) and its task, simplifying the most, is to authorize business users on extra-corporate resources. To do this, it must interface with certain protocols (following are indicated the most common ones):

SAML 2.0 (Security Assertion Markup Language), framework, released by OASIS (Organization for the Advancement of Structured Informations Standard), to exchange authentication, authorization and user information (assertion) between users and federated domains. Currently, it is the most supported and adopted protocol.

OAuth 2.0 is the industry standard protocol for authorization. OAuth 2.0 focuses on the simplicity of client developers while providing specific authorizations flows for Web applications, desktop applications and mobile phones.

OpenID Connect (OIDC) is a simple authentication layer that sits on top of the OAuth 2.0 protocol that allows computing clients to verify the identity of an end-user based on the authentication carried out by an authorization server, as well as to obtain basic profile information on the end-user in an interoperable manner.

SSO and Virtual Data Rooms

Thanks to the versatility of our secure platform, it is possible to integrate access to one or more Multipartner Virtual Data Rooms through SSO automatically and regardless of the type of procedure (centralized, federated or collaborative) adopted by your company. This way, authorized users will access one or more Virtual Data Rooms simultaneously, through a single authentication already verified by your corporate domain. To set up access to our Virtual Data Room through SSO, our technical team needs to interact with your IT department. Find out more on the main features of our Virtual Data Room or request a free demo.