The Importance of Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

The combination of MFA security and SSO convenience allows for a single set of credentials to access multiple applications. The challenge security teams face is in finding the right balance between protection and ease of use.

Issues reported to the Support Center have become increasingly complex to troubleshoot. Some of the factors include:

  • Shibboleth session length
  • Application session length (varies)
  • ForceAuthn (varies)
  • IdP logout (varies)
  • User behavior/habits - how do they ‘log out’? (varies)
  • Incognito window/different browsers
  • Shared/public computer
  • Browser settings (especially Chrome) & add-on extensions
  • Use of Duo’s “Remember Me” feature (varies)

The complexities of these types of issues are wide-reaching. The Support Center is unable to know every detail as there are more than 100 applications currently using Gold.

The goal for ITS is to ensure that SSO, combined with user education, will help make the adoption of MFA as easy as possible. We are striving to have everyone enroll with minimal impact to their day-to-day experience. User adoption to MFA and secure SSO practices and processes are incredibly important, as anyone who does not participate puts campus systems that they use at risk.