You might have heard the acronym SSO, often used in relation to cybersecurity. What is SSO? SSO stands for "Single Sign-On." It's like having one special key that unlocks many doors. Instead of needing separate keys (or usernames and passwords) for every website or app you use, SSO lets you use a single key to access multiple places. It makes logging in simpler and more convenient because you don't have to remember lots of different keys (passwords). Just one key does the job, like magic!
How does SSO work?
A simple explanation of how SSO, or Single Sign-On, works would be this:
- You log in into an app or platform, or website.
- Instead of typing in a new username and password, you use the same key you’ve got.
- The app checks your key (with the help of an SSO service).
- If it’s the correct key, you’re in!
For example, after you log in through your company’s SSO provider’s login portal, you can access all company-approved applications without having to log in again. Same as when you log in to your Gmail account, you’re automatically logged in into other Google apps – YouTube, Ads, Analytics, etc.
What are SSO providers?
The SSO providers manage and keep your login information safe. Their service makes sure your logins work smoothly and you’re able to access multiple applications. Some of the most popular SSO service providers are:
- Active Directory Federation Services (ADFS)
- Azure Active Directory
- Ping Federate
- Google G-Suite
These SSO providers make it easier for individuals and organizations to manage their online access, improve security, and simplify the login process by using a single set of credentials for multiple services.
Benefits of SSO for a Digital Asset Management (DAM) solution?
Single Sign-On (SSO) for a Digital Asset Management (DAM) platform allows users to access the DAM system using a single set of login credentials, rather than having to remember separate usernames and passwords. Here's how SSO for a DAM platform works:
- Simplified Access: With SSO, users only need to log in once to access the DAM system, and they can then seamlessly move between the DAM and other integrated applications without the need for repeated logins.
- Centralised Authentication: SSO for DAM relies on a trusted identity provider (IdP) or SSO provider. This IdP verifies the user's identity and provides access to the DAM platform. Users log in through the IdP, which then confirms their identity to the DAM system.
- Secure Authentication: SSO enhances security because it reduces the risk of weak or reused passwords. Users are often required to use stronger, unique passwords for their single login, and security features like multi-factor authentication can be applied for extra protection.
- Improved User Experience: SSO simplifies the user experience, making it easier for employees to access the DAM platform. They don't need to remember multiple sets of login credentials, which can reduce the risk of forgotten passwords and support requests.
- Compliance and Control: Organisations can maintain better control and visibility over who has access to the DAM system. SSO allows administrators to manage user access centrally and revoke access quickly when needed.
- Integration: SSO for DAM can be integrated with various identity providers and directory services, such as Microsoft Active Directory, Google Workspace, or other SSO solutions. This ensures that the DAM platform aligns with existing organisational identity management systems.
- Scalability: SSO accommodates the growth of an organisation. As new employees join, they can easily gain access to the DAM system using the established SSO process.
Implementing SSO for a DAM platform streamlines access, enhances security, and simplifies user management. It's especially valuable for organisations with multiple applications and platforms, as it promotes a seamless and secure user experience while reducing the administrative burden associated with managing numerous logins.
What is SSO Hybrid model and how it works for Canto DAM solution?
A Single Sign-On (SSO) hybrid model combines elements of both SSO and Canto user management. Here are some key aspects of SSO Hybrid model for your Canto DAM solution:
- Two alternate methods to access Canto:
If the SSO system is down, then you can still log in via Canto login.
You can have both SSO and Canto access.
- User security:
Inherits the password policy and 2FA method from the organisation, as sometimes organisations require higher levels of security measures in place for the user accounts than the Canto application offers.
- SSO strategy:
Clear direction on the type of login process that the users will follow, f.e. internal teams using SSO, and External using Canto login.
- External party access:
Allows User account creation for External parties (e.g. Third party photographers and agency, databasics Helpdesk team).
The choice to implement a Hybrid SSO model depends on your organisation's specific needs. Databasics recommends the Hybrid SSO strategy for various reasons, outlined in the table below, as well as in this Knowledge Base article. Please get in touch if you have any questions or would like to discuss further.