Share This Post

Single Sign-on vs. Password Synchronization: Get Your Identity Management Strategy Right

Users work with a variety of cloud applications to get work done efficiently, and organizations strive to reduce the number of user names and passwords that their users have to remember. To ease this burden, many organizations are looking toward investing in an enterprise single sign-on solution or a password synchronizer. Both methods greatly improve users’ satisfaction while reducing the number of calls to support, but the question of which to use has stumped plenty of organizations. Both methods have their share of pros and cons, and this has only made it harder for organizations to make a decision.

Let’s look at what each method is and what it has to offer users.

Single Sign-on

Single sign-on enables users to access all their software through a single application. From an end-user perspective, that means no longer needing to provide credentials for connecting to each application. Users log into a single application and can access any other application without having to retype their user names and passwords.

Password Synchronization

A password synchronizer links passwords for multiple user accounts, enabling users to authenticate themselves with all applications using a single password. Since users need to remember only one password, the IT department can enforce stronger password policies to increase security.

Influencing Factors

  • User-friendliness

Single sign-on requires users to log into just one application, meaning they can open all connected applications without having to key in their credentials again. Password synchronization requires that users key in their user name and password for every application they use.

  • Availability

Single sign-on requires a high-availability infrastructure, as any amount of downtime for the single sign-on application will essentially prevent users from logging into any application. On the other hand, users can still log into all their applications even if the password synchronizer application is down. However, when the password synchronizer is down, password changes are not synchronized to other systems.

  • Security

Passwords are not transmitted across applications when single sign-on is deployed, ensuring that passwords stay secure. With a password synchronizer deployed, passwords are transmitted between connected applications, and proper measures must be taken to ensure that the lines of communication are secure.

  • Configuration

Users are only required to log into the single sign-on application to access all other applications. Also, the password complexity requirements of the single application can be easily set to match the organization’s standards. However, depending on the individual applications, the process of integrating all applications could be complex.

When deploying a password synchronizer, the password complexity requirements of each application must to be taken into account when creating a universal password policy.

Based on all the above factors, organizations can base their decisions on what they wish to achieve with their identity management solution. While there are many applications that can help with either password synchronization or single sign-on, unfortunately, there are only a few that can perform both functions.

ADSelfService Plus allows organizations the flexibility to decide on an identity management  process, and then change it at short notice if necessary.

You can learn more about how ADSelfService Plus can help with your organization’s identity and password management  here.

Screen Shot 2017-06-29 at 9.38.38 AMDhilip is a marketing analyst for Active Directory solutions at ManageEngine. He has in-depth knowledge in Active Directory management. 

Share This Post

Leave a Reply