Streamlining Single Sign-On through self-service SAML integration
Single Sign-on, or SSO, is a protocol that allows users to complete the login process only once in order to access multiple applications. In addition to being more efficient and convenient for users, SSO enhances security by encouraging longer, more complex and unique passwords (since the user only needs to remember one), allowing credentials to be managed internally rather than having the user store passwords in a haphazard manner, and — most importantly — SSO allows the password to work without it being shared with the application, thus protecting user information from being compromised through that app.
When the user logs into an SSO service, it creates an authentication token that the applications can check to verify the user’s identity, allowing the user to bypass the username and password entering process. One important protocol that makes this possible is Security Assertion Markup Language (SAML), an XML-based standard for communicating identity information between organizations, used to enable secure transmission of authentication tokens and other user attributes across Internet domains. SAML works kind of like a digital ID badge, which applications can check to let a user “in the door.”
Virginia Tech has utilized SSO for nearly 20 years for key cloud services and applications, and in FY 2023, Secure Identity Services (SIS) within the Division of IT rolled out new capabilities to allow users to set up and configure their own SAML SSO integrations by requesting the integration through the IT Service Catalog. This new option significantly streamlines the process for onboarding new applications and services into the Virginia Tech SSO service, thereby reducing implementation time and cost.
In conjunction with enabling these new capabilities, SIS also worked with numerous Data Stewards to standardize how we release attributes across our many SSO protocols. This further simplifies the process of SSO integration by reducing the amount of approvals required in various circumstances.
This work involved significant changes to the back end of our authentication service, but the result is a major step forward for the larger IT community at Virginia Tech. By enabling users and their IT representatives to initiate the SSO integration process, we have a built-in system to ensure that we are providing secure, convenient access to the applications most utilized by the Virginia Tech community.