In 2021, the average number of Software-as-a-Service (SaaS) apps used across organizations worldwide was . When web applications first hit the market, they gained popularity and began proliferating very quickly, and this number has grown significantly every year since. This explosive growth is what led to the creation of web application single sign-on (SSO).
In a nutshell:
- There was an event: Web apps emerged and rose in popularity.
- There was a need: Organizations needed secure and efficient means to connect employees to their work apps that lived outside of the on-prem, Windows-based domain.
- There was an untapped opportunity: Web app SSO providers came up with the first generation of Identity-as-a-Service (IDaaS) solutions to fill this need 鈥 aka web app single sign-on tools.
What is Web Application SSO?
Web application SSO refers to the traditional version of single sign-on that allows users to sign in one time using a single set of credentials to gain access to all of the web applications they use, generally through a web portal or a browser extension. To achieve this, organizations typically purchase and set up a web application SSO tool that is then layered on top of their existing directory service or identity provider (IdP).
A high-level overview of the how the SSO process works:
- A user attempts to sign in to a web application.
- The web application checks with the SSO tool which has either attested that the user is who they say they are through verification with the IdP, or the SSO tool embarks on that process to verify the identity of the user.
- If the user has already been attested by the SSO solution, they are logged into the app.
- If the user has not already been verified by the SSO solution, it will prompt the user to start that process.
Can I Use SSO on its Own?
Web app SSO must be used in conjunction with an entity that stores user credentials. Most web app SSO providers do not store user identities; instead, they validate user credentials against a separate identity database, traditionally a directory service or identity provider.
More recently, some web app SSO providers have begun offering identity provider services, which layer into their overall product packaging; however, this is an add-on service which generally comes with additional costs and may fragment the core identity database into multiple, 鈥渕ini鈥 directories. Web app SSO tools generally aren鈥檛 used on their own for this reason.
Is Web App SSO Still Used?
Web application SSO is still used extensively across many organizations, but the market is shifting away from offering this as a more traditional point solution in conjunction with a separate directory service. Alternatively, the interest and adoption of broader, more comprehensive identity and access management (IAM) platforms continues growing, with web app SSO as a major component.
A holistic IAM platform includes far-reaching single sign-on capabilities among many other features that give IT more control over identities and access. With all of the necessary IAM features included in a single platform, organizations no longer have to worry about layering a web application SSO solution on top of their separate directory/IdP.
The transition away from web app SSO point solutions is happening for a few reasons:
- An interest in vendor consolidation.
- A desire to avoid hidden costs.
- A widespread need for improved identity and access management.
Common Web App SSO Use Cases
There are a variety of use cases that drive web app SSO adoption:
- Small organizations that use a variety of web applications.
- Mid-market and enterpr