This checklist is designed to offer guidance to decision makers in enterprises, small and mid tier organizations, government agencies or other organizations to assess single sign-on (SSO) systems, as well for SSO developers to ensure that they have provided is equipped to detect the possibilities of exchanging identification and authentication credentials.
This checklist will provide you with:
- The most important metrics to consider
- Making sure that your SSO system is fully SSO enabled
- A handy matrix form for you to see what each vendor has to offer
Checklist for Single Sign-on Systems
Application Integration
- On-premises
- On cloud
- Hybrid
Community Support
- Employees
- Contractors
- Partners/Vendors
- Customers
End users or customers
Password Vaulting vs True SSO
- User enters username+password to access apps/sites
- User log-in for single time to access apps/sites
Open Standards
- SAML
- OpenID Connect
- OAuth 2
- WS-Federation
Mobile Users
- SSO for mobile devices
- Work with various devices with SAML and MDM vendors
- MFA Authentication tool
Meet Security regulatory compliance
- SOC 2 Type 2
- ISO 27117
- ISO 2701
- ISO 27001
- CSA Star
- Truste
- US Privacy Shield
- Skyhigh enterprise ready
- GDPR
- EU Model Contract Clauses
- NIST Cyber security framework
- Vendor penetration, network and bug tests
Disaster Recovery Availability
- 99.99% availability
- Across data centers located across regions
- Replication and redundancy across regions
High usability features
- Single portal for apps
- Integration with different browsers
- Easy login process
- Easy app access process
- Users can reset passwords on their own
Enterprise access
- Integrates with VPN
- Integrates with wi-fi for app access
- Endpoints integration with RADIUS and LDAP
Authentication
- MFA
- Adaptive authentication
- Automated authentication
- X 509 based certificates
Authorization Management
- RBAC access
- Provisioning and de-provisioning of user access in apps
Integration features
- Seamless integration with in-house custom apps through API
- Seamless deployment of SSO without disturbing existing apps
Federation
- Existing identity providers like Microsoft Active Directory (AD)
- Amazon AD
- LDAP
- Google directory
- Human resource management systems such as Workday, Sucessfactors
Password rules
- Setting up of password when expires
- Set password complexity such as length, characters
- Reduce support tickets during expiration notifications
- MFA requirements for password resets if MFA isused
Developer Support -custom apps and third party systems
- API support
- SSO registration
- SDK for major platforms and languages
- OpenID Connect
Compliance based reporting
- External authorization to third party SIEM solutions
- Audit trails
User Behaviour Analytics (UBA)
- Allow blacklist, whitelist of geo-locations and IP’s
- Set responses to high risk logins attempts
- Re-authentication to access certain apps with MFA tools
Data processing model
- Where data identity is processed and stored
