Tuesday, October 2, 2007

SSO vs centralized authentication


Single Sign On (SSO) provides a mechanism in which user is authenticated only once and then given access to various applications. Behind the scene it might be possible that systems are authenticating/authorizing the user with different systems. SSO works mainly with web based applications. We can not (easily) achieve SSO for logging into Unix servers or non web based applications.

Centralized authentication helps user in such cases. User will have to enter the credential multiple times but they will be same. All the applications will authenticate the user against the centralized repository (like active directory or another LDAP or common database). Since all the applications are authenticating user against one server user don;t need to remember multiple credentials. Also once user account is terminated in the centralized system user can not access any of the application user has access to.

No comments: