‘TRUE’ single-sign-on: a definition

‘TRUE’ single-sign-on: a definition

We recently wrote about the major upgrade released for Magellan. In that post we described our latest single-sign-on (SSO) solution for schools and colleges as ‘true’ single-sign-on – but what did we mean by this? CSE-July-16

Well, there’s no shortage of SSO products out there for schools and colleges looking to make technology more usable for their students, teachers and staff. But single-sign-on is a very complex and technical area, so it’s important not to assume that all solutions are all much of a muchness.

Here’s our definition of ‘true’ single-sign-on:

1

Definition point 1: Actually only sign in once

The first, fundamental thing to point out is that when we talk about single-sign-on, that’s exactly what we mean. You sign in once and don’t have to click another ‘submit’ button again. Users seamlessly go from one app or resource to another by simply tapping or clicking the relevant tile.

This may seem obvious, but for many SSO solutions this is not the case, they use shared authentication schemes such as OAuth, OpenID, OpenID Connect and Facebook Connect. These work by unifying a user’s credentials across many systems. Fewer credentials to remember is great, but ‘true’ single-sign-on it certainly is not.


2

Definition point 2: Sign in to everything and anything

True SSO is difficult to achieve thanks to the many different protocols used to define login requirements, these include; Federation Services (OpenID, OpenID Connect, OAuth2, SAML2), Forms, NTLM and Kerebos, and Basic.

So, to be able to single-sign-on to all web, SaaS, mobile and school based applications, your SSO solution needs to be able to handle all of these.

Imagine, for example, implementing a new SSO technology for your school and then discovering pupils and teachers can’t sign in to MyMaths with it. This scenario is not picked at random, it’s a real story that a school came to us with (they now use Magellan for their SSO!). To date, we have not found a single resource that Magellan can’t sign in to. That’s not to say we never will, but it illustrates the importance of thoroughly testing your SSO solution before launching.


3

Definition point 3: Single-sign-on to native apps

Our final requirement for a solution to be called ‘true’ single-sign-on is the ability to sign users in to native apps. Well, we all use them everyday so it’s a pretty major oversight for your SSO solution not to be able to handle them!

The first thing to know about SSO to native apps is that it has to be app-to-app, so any product that does not have an app available will not be able to do it. That’s why Magellan is available in browser – ideal for desktop access – and through the app stores for both Android and IOS devices. Once in the Magellan app, users simply tap the tile on their desktop and they’re in; Evernote; TED, CreativeCloud, WolframAlpha, Microsoft Office Mobile – all just one tap away.

We hope this article illustrates how important it is for schools and colleges to do their research before choosing a single-sign-on solution. Draw-up a list of requirements and challenge your suppliers to prove their solution is capable of meeting all your needs.

The technical challenges involved in achieving ‘true’ single-sign-on take significant resource, expertise and commitment to overcome. We know because that’s the journey we’ve been on with the latest release of Magellan – in fact you need to look at high-end enterprise SSO products (and their eye-watering price tags) to find comparable capabilities.

Magellan from CSE

The universal portal for education, providing simple access to local and cloud resources from any device through a single interface.

• The complete cloud and local portal
• Supports BYOD and device independence
• Anywhere, anytime access
• Supports learning and engagement
• Supports hybrid cloud computing
• IOS and Android apps available

Learn more