SSO and Adaptive MFA

For the cybersecurity officer looking for solutions to their managed identity woes, SSO and adaptive MFA is a fresh spring in the desert. However, the ideal access management program must capitalize on both features in their proper context. Implemented properly, SSO (Single Sign-On) provides your users with a simple and convenient means of accessing their identities. Likewise, adaptive MFA (Multi-Factor Authentication) can elevate risk posture to exceptionally high levels across even large attack surfaces.

However, like any up-and-coming system (or any system in general) you must properly understand and apply each with the proper guiding principles lest their implementation end in disaster. By understanding the potential benefits and risks of SSO and adaptive MFA, your enterprise becomes positioned to take full advantage of their capabilities.

Consolidation of Security

If you’re a CISO of any experience, you know the constant struggle of balancing useability with security. The struggle only gets more challenging as operations scale up. Attack surface grows with a company, an issue exacerbated if the identity management system doesn’t intelligently scale with it. Multiple accounts, scattered authentication methods, and inadequate integration usually result in gaping holes in an enterprise’s identity fabric.

SSO and adaptive MFA offer a solution to these issues. SSO minimizes sign-ins and MFA by provides easily proven (yet hard to spoof) safeguards and recovery options. In addition to the friction alleviated by SSO, the reduction of memorized credentials also greatly reduces password fatigue. Likewise, MFA streamlines the account recovery process. The otherwise tense and tedious verification becomes a matter of minutes instead of hours or even days. When paired with an identity service security, SSO and MFA transforms your identity fabric into a world class platform.

Pankaj Kumar, Senior Manager at Simeio, describes the advantage of SSO and MFA as a consolidation of authentication. “When an enterprise wants an authentication method,” he says, “it can be centralized, delivering an authentication service that integrates all applications into it.” It also establishes a trust with an AM solution. A user trusted by the solution also gets trusted by the applications.

Adaptive MFA as the New Normal

Implementation of adaptive MFA comes in two stages: authentication and proofing. Initial authentication is only one factor at the start, usually the user ID and password created when creating a new account. Some companies will leave the creation process there, but more savvy enterprises move on to proofing as quickly as possible, sometimes not allowing account access until proofing is complete. By instituting these systems, enterprises harden their defenses and make answering the 6 vital security questions much easier.

Proofing a user means building up the characteristics of their unique identity which can be referenced later to prove oneself. The “adaptive” aspect comes into play in terms of criticality of risk: i.e. different levels of verification based on circumstance. For example, if an account holder goes to a bank to withdraw some cash, they might only give their account number to access their checking. But if they tried to take out several thousand dollars or called the bank remotely, then the banker may ask for their Social Security number or even biometrics.

Adaptive MFA determines the criticality of the risk based on the criticality of the request. Whenever the system determines that something is risky or out of the ordinary, the authentication stages are increased. This ensures that whoever is trying to get access is who they say they are. This scalable process adds dynamism to improve the user experience and productivity. The solution itself determines the risk factor and increases or decreases the challenge accordingly.

Intelligent Implementation of SSO and Adaptive MFA

With SSO and adaptive MFA establishing themselves as hallmarks of modern systems, their intelligent implementation becomes paramount. Many people misinterpret SSO as a brand-new technology when it is simply a reconfiguration of existing policy rights. On the other hand, far too often companies try write their own code. Instead they should use standardized protocols, common development framework, or even off the shelf SSO products.

Adaptive MFA requires more infrastructure than SSO, usually in the form of a specific technology. Services like Ping offer scalable adaptive MFA programs while others like Simeio bundle it with offerings like the Simeio Identity Orchestrator. Such services make the implementation process much easier, with expert advisement and quick implementation. Simeio clients simply fill out an application and they’re automatically onboarded for SSO, adaptive MFA, or both.

By taking maximum advantage of the possibilities offered by SSO and adaptive MFA, including adjacent developments like passwordless authentication, CISOs can face modern cybersecurity risks head-on. By pairing automated verification policies with active threat detection and remediation, you give bad actors fewer gaps to work with.

If you’re ready to explore your options for strengthening your risk posture while enhancing your user experience, talk to a Simeio identity expert now.