December 14, 2023
SSO or Single Sign On is a technology that lets a service like Duo authenticate a account and MFA of one service to another. So you can have Azure as the lookup service and Duo can be configuired to check that service each time you login to another server that is configuired with SSO. This simpifies things as you no longer need to remember multiple usernames and passwords. Duo SSO uses the standarized SAML identity provider which works with a lot of 3rd party services.
The benefit of Duo SSO lies in its ability to expedite thelogin process for users. Traditional authentication methods require users toinput their credentials every time they access a different application orservice. This not only slows down the process but also leads to the possibility of forgotten passwords which often means users are not creating strong passwords to begin with.
Duo SSO eliminates this frustration by allowing users toauthenticate themselves just once. Once they've logged in to their Duo SSOaccount, they gain access to all connected services. This savestime, enhances productivity, and provides a more user-friendly experience.Whether it's email, CRM tools, cloud storage, or other third-partyapplications, users can switch between services without compromisingsecurity.
MFA is also a huge part of this. With so many accounts forcing MFA the authenticator apps are often loaded with different accounts that users have to keep up with. Duo takes care of all of this and puts the connected servers under 1 MFA app. When you authenticate via SSO Duo will send a push to the device and you simply enter the code and approve. You also have the ability to use SMS and hardware keys to gain access if needed.
Duo supports SAML which is widely supported by many 3rd party services. It does require setup on both ends to link the service and change the way the user logs in. Some services require using a new URL for SSO that the end users will need to be made aware of. Duo has a growing list of SSO applications it supports and instructions on how it's setup. https://duo.com/product/single-sign-on-sso
Another benefit is the centralized management, when using Azure for example as the lookup source you only manage the users onboarding and offboarding from 1 place. If they need a password reset you do it on Azure and it applies to the other accounts as well that are linked to SSO making management a breeze. Finally the compliance aspect could benefit you as well. Being able to enforce authentication and view logins from 1 spot will make sure you are compliant with government agencies.