Single sign-ons are access strategies that allow an end user to log on through a single round of entering credentials and have access to a range of different systems on the network without the need to enter additional credentials. This process is complimented with the use of what is known as the single sign-off, which allows the user to leave the network and end access to all the systems on the network until the next time the user chooses to log in.
This process of utilizing a single sign-on is only one example of different models for access control. The single sign-on or SSO does have some benefits. One common claim for the use of the single sign-on is that it is a time saver. The use of a single session for logging in saves time for end users who may need to access several systems in order to carry out work related tasks. By not having to take the time to log in to a different system each time there is a need to make momentary use of that system, tasks can be completed quickly and productivity can remain at a slightly higher rate.
At the same time, the single sign-on approach to access control does have a fair share of critics. While there is no doubt that the method helps to save time, it does present a greater security risk than with other approaches to access control. When there are no limits placed on where an end user can go among the systems, or no time limits imposed before the system queries for identification, the potential for illicit use of the systems becomes greater. For this reason, many companies do not use a single sign-on approach when it comes to systems that contain proprietary or highly confidential data. This is true even when only a few users are issued credentials to access the systems.
There are currently several different configurations for single sign-on protocols in use. The Kerberos based approach involves the process granting an end user a ticket when the login attempt is made, assuming the login credentials entered are recognized by the system. The OPT or One Time Password approach issues a token that allows the user to move freely among several systems. A third option, known as the Enterprise Single Sign-On or E-SSO essentially functions as an automatic password filler that provides the login data when the end user attempts to access a system without requiring the user to re-enter the login credentials.