Single Sign-on (SSO) there are several ways to simply, SSO is an authentication process that allows users to access multiple resources using single sign-on. VDI users using cloud apps may need some way of authentication to access apps outside the desktop. SSO only requires users to enter authentication information one time to access virtual desktops and external resources, reducing the security burden on the end user. One of the arguments against the use of single sign-on technology is that it weakens security. If the user account is compromised, the intruder can also access the resources associated with the account. Access control outside of Active Directory four years ago, users were primarily linked to an organization's Active Directory access resources. SSO is not required because of access control by Windows. It can set up access control lists in the Active Directory and give specific users read and write permissions. Users now have access to Active Directory resources, Cloud resources, and even resources within the Active Directory forest. Active Directory forests include user groups, machines, and endpoints (Active Directory domains), as well as domain collections (Active Directory trees). To access resources outside the local Active Directory, users typically need to provide a set of credentials for each external resource that needs to be accessed. SSO allows users to access local and external resources once they log on. VDI Single Sign-on adds security and improves user experience if accessing external resources does not use SSO, it can sometimes weaken your organization's security. The number of passwords a user can remember is limited, and the ability of the user to remember the password is reduced when the company asks for complexity such as numbers and uppercase letters, or when the password must be changed frequently. It is common for users to write down their passwords or use the same password for all the resources they want to access. To increase security, it inevitably forces employees to use technologies that do not affect organizational protection. Single Sign-on technology only requires employees to remember a password that can reduce the burden on employees. In this case, the organization can really ask the user to use a more complex combination of passwords and even two-factor authentication. In addition, each protected resource continues to use its authentication method, unlike every resource that uses the same password. SSO is particularly appropriate for the updated VDI deployment environment, as it is becoming increasingly common for applications to reside outside the virtual desktop. For example, some apps might be in the software-as-a-service cloud, or Windows apps might exist as Microsoft Azure Remote Desktop. For the latter, administrators can use Azure AD to extend the Active Directory to the Cloud. Even if security is not a major problem, users may not want to enter a password every time they access the app. Citrix and VMware How to handle SSO Citrix and VMware are all enabled for SSO in the company's virtualized computing platform. Citrix enables SSO through the storefront Enterprise store, which refers to passthrough authentication, which communicates with receiver client software at the user's terminal.StoreFront as a central repository for user access to corporate XenApp and Xendesktip virtualization platform resources. With Citrix's ICA remote display protocol, it can enable passthrough authentication for all resource delivery. VMware added a new feature called True SSO in its seventh version of the horizon end-User computing suite. Before VMware SSO only supported Microsoft Active Directory authentication, True SSO added two-factor authentication and support technologies such as RSA SecurID, Kerberos, RADIUS authentication. Smart card and biometric single sign-on some organizations find SSO works well when combined with biometrics or smart card authentication. Both of these methods allow users to log on without having to use a password, improve security, and seamlessly connect the authentication process. Using biometric single sign-on or smart card authentication can improve user productivity in a specific work environment. Unlike PCs, virtual desktops are not limited to specific network terminals. As part of the daily work process, users may want to access the same virtual desktop through multiple physical devices. For example, a clinician who travels through an office, clinic, or laboratory all day. SSO using biometric or smart card authentication allows the physician to easily switch between different physical devices. Although the security of this approach works well for some organizations, it is sometimes more appropriate for organizations that continue to use passwords in single sign-on. The reason is simple: not all devices that support VDI have hardware-enabled smart card authentication or biometric single sign-on. SSO is useful for organizations where there is a split layer between virtual desktops and apps. However, for organizations that access resources only through the Active Directory, they may not benefit significantly from using SSO.
TechTarget China original content, original link: http://www.searchvirtual.com.cn/showcontent_92937.htm
©techtarget China: http://www.techtarget.com.cn
Too many passwords to remember? SSO makes it easy for you to access VDI and external resources