SSO or IAM Systems?

We discuss which solution an organisation should implement when it comes to internet security and identity access. SSO or IAM?

Many companies believe that their internet security and identity access needs can be met by simply implementing a single sign-on (SSO) portal. While an SSO portal can be an effective solution, a full-featured identity access and management (IAM) solution is accompanied with various features that extend beyond the capabilities of an SSO portal. Although both solutions are largely similar, the major difference between SSO and IAM is that SSO is a subset of a larger IAM system. A fully-featured IAM solution has features such as automated provisioning and de-provisioning features, secured authentication and identity governance – features that are lacking in SSO.

Why Use SSO Portal Solutions?

An SSO portal solution is able to greatly alleviate the challenges faced by organisations who are restricted in terms of helpdesk resources. One of the most common issues are related to passwords, with statistics showing that approximately 40% of helpdesk support calls are pertaining to cases regarding password resets. With the presence of an SSO point, IT team members can focus their work on more critical matters, and organisations can cut down on helpdesk costs. With SSO, users do not need to remember their login credentials for each application. A single set of login credentials allows users to gain access to the various resources connected to the SSO portal, thus decreasing the frequency of password reset issues. Such an efficient password management system saves both time and money for companies.


When Should We Go Beyond SSO?

Although SSO portals offer simple and tangible benefits as a solution, the reality is that most companies stand to gain more from the comprehensive advantages of a fully-featured IAM platform. There are other identity and access management challenges that an SSO cannot address on its own. Companies need access management to ensure that employees can access the corporate resources and data that they are supposed to access, and to protect any sensitive and confidential information from falling into the wrong hands. With automated de-provisioning, users who have left the organisation will have their account rights rescinded, preventing them from accessing corporate data after they have quit. In the same vein, automated provisioning of accounts enables the IT security department to grant a new user access to all applications that are assigned to them based on the user database such as Active Directory. Role-based access can be conveniently managed and monitored by IT security via a fully-functional IAM system.



Although IAM and SSO are different, they are often used together. A fully-featured IAM solution will come with SSO capabilities, allowing companies to have authorisation and authentication frameworks for managing access. When SSO and IAM are seamlessly integrated, they can create a strengthened security platform. Many solutions offered by vendors in the market address either SSO or IAM however, there are a rare few that provide both SSO and IAM as a multi-tenet initiative.