What are single sign-on best practices?

When searching for an SSO solution, it's important to keep the following best practices in mind. Access to any application. Secure user identity when accessing SaaS applications. Integration with multi-factor authentication mechanisms. Monitoring and troubleshooting tools.

解决方案
解决方案
数字化工作空间

DaaS 和 VDI

安全访问

零信任网络访问 (ZTNA)

应用交付

分析

Content Collaboration

协同工作管理

SD-WAN

按照用例划分

实现 IT 现代化

部署 DaaS

简化混合云

加速员工入职工作

安全的分散式工作

实现 IT 安全现代化

获取 VPN 替代方案

保护应用程序和 API

提高生产力

实现远程办公

安全协作

改善用户体验

查看所有用例

按照行业划分

医疗行业

教育

政府

金融服务

制造行业

零售

按业务规模

小企业和部门
产品

产品

构建您自己的数字化工作空间

DAAS 和 VDI

Citrix DaaS
Citrix Virtual Apps and Desktops
Citrix Analytics for Performance

CONTENT COLLABORATION 和 WORK MANAGEMENT

Citrix ShareFile
Citrix Podio
Citrix RightSignature
Wrike

应用交付和安全

Citrix App Delivery and Security Service
Citrix ADC
Citrix Analytics for Security
Citrix Secure Private Access
Citrix Web App and API Protection

查看全部产品

查看 Citrix DaaS 的实际效果

可选择简要概述、详细的管理员体验或 1:1 演示。

下载 Citrix Workspace App

Citrix Workspace App 是一款易于安装的客户端软件，可无缝、安全地访问您完成工作所需的一切资源。
资源
资源
博客

Fieldwork

信任中心

活动和网络研讨会

科技区

客户案例

Citrix 讨论

查看所有资源

重新思考您使用 Citrix DaaS for Google Cloud 的方式

获取解决方案简介

桌面即服务 (DaaS) 如何避免产生意外成本

获取报告
客户
客户
获取帮助

支持

下载

社区

客户成功案例

成功计划

咨询服务

高级培训

引入和采用

客户案例

成功中心

获取专家指导、资源和逐步说明，协助您迁移至云。

基础知识培训

了解 Citrix 解决方案的规划、部署和管理，大幅提高您的投资价值。
公司
公司
公司

关于我们

企业公民

多元化与包容性

可持续发展

新闻动态

合作伙伴

战略联盟

携手 Citrix

合作伙伴门户

Citrix Ready 市场

查找当地合作伙伴

Work rebalanced: The Citrix hybrid work report

See how global opinion research from Fieldwork by Citrix can help business leaders, IT leaders, and employees build the new world of work.

Read the report

Back to Glossary

What is single sign-on (SSO)?

Q: Why use single sign-on?

Today, applications are deployed across data centers and clouds, and being delivered as SaaS. Every business application requires users to be authenticated before they are given access to a resource. In the pre-SSO days, every time a user needed to move between applications, they had to sign in with a set of credentials. Most of the time, every application had a separate set of credentials, and it resulted in poor user experience, failed sign-ins as a result of forgotten credentials, inconsistent access control policies, and higher cost to support these applications.

Q: How does single sign-on work?

Single sign-on is a component of federated identity management (FIM), an arrangement between enterprises that lets subscribers use the same identification data to access each enterprise's network. FIM is often referred to as identity federation. The user's identity is linked across multiple security domains, each with its own identity management system. When the domains are federated, the user can authenticate to one and access resources in another without having to sign in again.

Single sign-on (SSO) is an authentication capability that lets users access multiple applications with one set of sign-in credentials. Enterprises typically use SSO authentication to provide simpler access to a variety of web, on-premises, and cloud applications for a better user experience. It can also give IT more control over user access, reduce password-related help desk calls, and improve security and compliance.

Explore additional SSO topics:

Why use single sign-on solutions?
How does single sign-on work?
What are the benefits of single sign-on?
Single sign on best practices
Citrix single sign-on solutions

What's New and What's Next with Citrix Workspace

Why use single sign-on solutions?

Today, applications are deployed across datacenters and clouds, and being delivered as software as a service (SaaS). Every business application requires users to be authenticated before they are given access to a resource. In the pre-SSO days, every time a user needed to move between applications, they had to sign in with a set of credentials. Most of the time, every application had a separate set of credentials, and it resulted in poor user experience, failed sign-ins as a result of forgotten credentials, inconsistent access control policies, and higher cost to support these applications.

SSO has simplified the way users interact with and access their applications. With SSO, users can save time by accessing all their SaaS, enterprise, web, and virtual applications, as well as other corporate resources like network file shares with only one set of credentials.

How does single sign-on work?

Single sign-on authentication is a component of federated identity management (FIM), an arrangement between enterprises that lets subscribers use the same identification data to access each enterprise’s network. FIM is often referred to as identity federation.

The user’s identity is linked across multiple security domains, each with its own identity management system. When the domains are federated, the user can authenticate to one and access resources in another without having to sign in again.

The framework that allows third parties, like LinkedIn or Facebook, to use someone’s account information to sign them in without exposing their password is called OAuth. It acts as an intermediary by providing the service with a token allowing only specified account information to be shared. When a user accesses an application, the service sends an authentication request to the identity provider, which then verifies the request and grants access.

There are other authenticating protocols, like Kerberos and the Security Assertion Markup Language (SAML). Kerberos-based SSO services issue a time-stamped authentication ticket, or ticket-granting ticket (TGT), which gets service tickets for other applications without prompting the user to enter new credentials. SAML-based SSO services exchange user authentication and authorization data across secure domains, and manage communications between the user, an identity provider with a user directory, and a service provider.

E-BOOK

Make the right decision when selecting SSO solutions

Learn the five features you should prioritize when lookingfor single sign-on solutions.

Read the e-book

What are the benefits of single sign-on?

SSO offers benefits to both users and IT. From a user perspective, SSO alleviates password fatigue, making it easier and faster to access applications.

For IT, SSO can help reduce the number of password-related support calls. And automated credential management alleviates the burden of manually managing employees’ access to apps and services. SSO also makes it easier for IT to quickly provision and roll out SaaS applications to employees.

Additionally, from a security perspective, SSO can reduce the threat of cyberattacks, like phishing, by reducing the number of credentials at risk. It’s critical, however, to also implement multi-factor authentication as a backup in case passwords do become compromised.

Single sign on best practices

When searching for an SSO solution, it’s important to keep the following best practices in mind.

Access to any application

Some SSO solutions are limited in the scope of application landscape they cover. Some on-premises solutions provide SSO to web and enterprise applications but cannot do the same for virtual desktop infrastructure (VDI) or SaaS applications. On the other hand, some of the IDaaS vendors provide SSO to cloud and SaaS applications but not for on-premises applications. When evaluating an SSO solution, you should prioritize the capability to not only provide SSO experience across all VDI, enterprise, web, and SaaS applications, but also network access to other corporate resources like network file shares.

Secure user identity when accessing SaaS applications

SaaS applications are outside of the data center network. To achieve SSO to these applications, many SSO solutions require customers to move their user directory to cloud. This, to many enterprise customers, is a concern and a high-risk task, which is why your solution should provide the option to keep your user directory on premises.

Integration with multi-factor authentication mechanisms

It’s crucial to quickly and rightfully identify any user and authorize their access to corporate resources. Enterprise customers, therefore, should not rely on just usernames and passwords but should also look for a solution that provides flexibility to use authentication schemes based on the state of end user device, user location, application they are trying to access, etc. This makes it important to select an SSO solution that supports any authentication mechanism as well as authentication protocols like RADIUS, Kerberos, Microsoft NTLM, Certificate Services, etc.

SSO monitoring and troubleshooting tools

Your SSO solution should include monitoring tools that look for performance issues for all applications irrespective if they are in a datacenter, cloud, or delivered as SaaS, so you can resolve issues quickly.

Citrix single sign-on solutions

Employees rely on a variety of applications to get work done, but managing access to them can be a big challenge. Citrix Secure Private Access provides adaptive authentication and SSO to all IT sanctioned apps in one place, with a single set of credentials for easy access to corporate resources. Security is improved with fewer passwords for users to manage, and employees can boost productivity with a unified digital workspace.