Is Single Sign-On Enough to Secure Your SaaS Applications?
May 20, 2021The Hacker News
If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers. With SSO at the helm, users don't have to remember separate passwords for each app or hide the digital copies of the credentials in plain sight. SSO also frees up the IT's bandwidth from handling recurring password reset requests while improving productivity for everyone in your organization. However, there is also a level of risk that comes with SSO capability. How to protect against SSO fails Real-Life Risks Involved in SSO While SSO facilitates ease of access to a great extent, it also comes with some amount of imminent risk. SSO is a good enabler of efficiency, but not the end-all security solution with its own flaws that allow for bypass. There's a specific class of vulnerability that Adam Roberts from the NCC Group detected in several SSO
