Streamlining is always a good word when talking about the workplace. Combined with enhanced security, improved productivity, and reduced costs – it makes for a good case for any organisation. So, what is the solution that could deliver all of these benefits within your workplace?
It’s called single sign-on access control.
Table of Contents
What is single sign-on?
One username, one password = access to multiple platforms.
That’s single sign-on (SSO), in a nutshell. It’s like that familiar Google login you use that gets you access to email, YouTube, documents and so on.
SSO allows a user to authenticate once, allowing the use of all applications and resources supported by the SSO without needing to sign in separately to each one.
In a workplace sense, single sign-on is used to control access to physical features around the premises and digital platforms.
These physical features could be front doors, meeting rooms, individual workspaces, isolated zones, store cupboards, elevators, climate control and lighting for occupiers, and Internet of Things (IoT) sensors, smart devices, networks and systems for facility and property managers.
Because a personal smartphone can be used as an authenticator for access control in commercial premises, it makes the entire process readily accessible across the organisation. Everyone has a smartphone, after all. That same smartphone can become the tool to authenticate permissions to computers, programs and software, too.
How does single sign-on work?
Single sign-on forms part of a federated identity system. It establishes that the user claiming access is genuine, verifying via tokens such as a username or email address the particular user’s permissions.
Here’s how it works:
- User logs in for the first time and requests access
- Authentication server searches for an existing session to access the network, which it doesn’t find
- Server returns request for user credentials
- User enters credentials
- Central server makes a record of the session
- Access token is sent back to the user
- User gets access to all the connected features
Once a session is in progress, the user will be able to log into all SSO-supported applications without having to re-enter credentials.
What are the benefits of single sign-on access control in the workplace?
Single sign-on for access control offers benefits that reach all corners of an organisation when applied to smart technology for the workplace.
© Thales Group – 2019 Access Management Trends
For users, the key benefit of using a single sign-on to progress around a workspace is pure simplicity.
Bear in mind the average user logs into 10 apps every day, and within any building, there are multiple points of access involved in the average working day. Thus, it is going to quickly become very frustrating for users having to provide proof of authority to enter over and over.
But with SSO, these frustrations can be set aside because they are free to access everything open to them once they’ve logged in.
In a security sense, a single sign-on provides an audit trail of who accessed what and when. So if an issue arises, it is easy to follow the breadcrumbs to the source.
SSO reports will usually provide information such as
- who signed on, when and where
- what applications have been assigned to particular users
- what multi-factor credentials are being used
- the health of user passwords, and
- whether there has been any suspicious activity
All of this rich information allows admins and IT personnel to detect potential security risks and understand how users make use of applications and services.
In terms of cybersecurity, the use of fewer credentials means a reduced chance of phishing, making cybercrimes, like stealing data and social engineering, highly unlikely.
In a smart building using IoT connected devices and sensors, there is always the concern over those devices being left unsecured and vulnerable to hackers. The ideal way to address this concern is by using SSO, which consolidates login credentials and battens down all the device hatches.
A centralised database that holds logs for authentication and authorisation makes regulatory compliance and administration far easier to manage, a handy feature within the regulated sector for a business.
What’s more, with staff spending less time re-authenticating login information, they will be freed up to focus on their jobs, giving productivity a boost.
SSO also makes it easier to onboard new staff. Instead of having to issue countless login credentials, there is one simple, streamlined login system. And when someone leaves the organisation, it’s a simple task for the IT department to disable their access permissions, preventing security risks.
Finally, with 20 – 50 per cent of IT support helpdesk calls related to login difficulties or lost passwords, using SSO will directly reduce helpdesk costs or stretched IT resources.
What is role-based access control?
Role-based access control (RBAC) allows permissions to be set as to who is authorised to access the various parts and assets of a workplace.
For example, managers may have control over building-wide climate control and lighting, whilst employees only control their personal workspace settings. Visitors may be given temporary access to common areas of a building or meeting room, whilst senior staff could be allowed access to controlled zones. Facility managers, instead, could access the smart building systems and networks, allowing them to draw vital information such as energy consumption and maintenance schedule, or even execute predictive maintenance, and control and optimise HVAC, lighting and climate of single demise.
RBAC also allows permissions to be set in terms of which personnel are allowed to access certain areas of a building. So, for example, if there are sensitive or hazardous zones, only relevant, qualified or suitably experienced staff will be authorised to enter.
Are there any downsides to single sign-on?
The main disadvantage of single sign-on is the fact that it uses one set of credentials. If those credentials are not adequately protected, they may be stolen, allowing the thief access to an entire realm of applications or resources.
Multi-factor authentication is vital when using SSO. It adds a second layer of security, prompting users to provide additional credentials, which could be a one-time access code sent to a mobile phone or biometric information, such as a fingerprint.
Whilst SSO provides a single sign-on, it does not provide a single sign-off. As the logout process varies from one application to another, signing off will depend upon the individual app, with the user most likely needing to manually log out once they have finished using it. This means that settings will often stay active long after the user has completed the action, leading to potential session hijacking.
Maintaining security via single sign-on and role-based access control, courtesy of Smart Spaces
Smart Spaces is an IoT and artificial intelligence-powered platform designed to enhance everyday life in the workplace, bringing benefits to building owners, employers, employees, and visitors alike.
The Smart Spaces platform offers the ability to automatically control various elements of a building management system, including heating, ventilation and air conditioning. It also maintains building security via role-based access control, interfacing with the building security system and geofence-based access control to provide swift, secure and straightforward permission-based access for workplace users and visitors.
To learn how Smart Spaces could streamline your building’s access control via a single sign-on and bring an array of benefits to your organisation, you are welcome to get in touch or request a demo.