Single sign-on, or SSO, helps companies improve business efficiency, while also providing security benefits. However, many companies -- especially those without large in-house IT staff -- lack the resources to implement an SSO solution themselves.
That’s why, as an MSP, you might consider offering SSO support as a managed service. By providing the setup and management of an SSO solution for your clients, you can deliver value, while also expanding your revenue stream.
What is SSO?
SSO is a technology that allows a user to log into an organization’s IT systems once, using a single set of credentials, then access multiple applications or other resources without having to log into each one separately.
For example, an SSO solution at a company might enable employees to access their company email accounts, file storage service, and cloud-based word processor with just a single log-in event. They enter usernames and passwords the first time they access one of these resources, and then automatically gain access to the others, without having to log in again when they launch a different resource.
A related technology, single sign-off, logs users out of every application within an organization’s environment when they log out of just one.
Why MSPs Should Provide SSO
Offering clients the ability to connect securely to multiple IT resources using just one set of credentials and one log-in event offers several benefits:
- Higher productivity: According to Yubico's 2019 report, in 2018 the average employee spent 10.9 hours entering and/or resetting passwords. SSO reduces this burden by requiring employees to manage just one password for all of their accounts. It also helps avoid situations where business workflows are disrupted because one employee can’t access a critical application or resource due to a log-in issue.
- Greater security: When employees only have to remember one password, there is a lower risk that they’ll set weak passwords that could be hacked. SSO can also improve access control provisioning by allowing admins to configure which applications each employee can and can’t access.
- Faster onboarding process: New users -- whether they are employees or external stakeholders, such as partners -- can be onboarded faster when they require only one set of credentials to access all relevant resources.
- Fewer support requests: Fewer credentials for users means fewer opportunities for things to go wrong, like a forgotten password or failed log-in. In turn, there are fewer support requests for your MSP help desk to handle.
In short, SSO enables higher productivity and security for your clients. It may make your support burden easier, too.
How to Sell SSO to MSP Clients
When proposing a managed service offering SSO to clients, begin by emphasizing the core value that SSO provides to them. Focus on the opportunity to reduce end-user friction and frustration and, by extension, increase employee productivity.
A second factor to emphasize is how SSO can help organizations remain compliant with regulations by tightening the security controls within their infrastructure.
Be sure, as well, to make clear that SSO is not only about simplifying access to applications. It can be applied to any type of IT resource, from servers and workstations to encrypted files and mobile devices. When clients understand that SSO can reduce friction across their entire IT environment, it will be easier for them to see the value.
To finish your pitch, reemphasize the two core pillars that define the value of SSO from the client’s perspective: it streamlines employee productivity and improves security and compliance.
How to Choose an SSO Solution
When you design an SSO managed service offering, you typically don’t want to try to build the SSO software from the ground up. That would require much more development effort than it’s worth. Instead, build the offering around an existing SSO tool, of which there is a number on the market.
When selecting a tool, look for the following features:
- A customizable user experience that allows you to configure how the log-in interface appears, which messages users receive when they need to change passwords, and so on.
Support for all of the apps your clients use, or all of the authentication protocols on which those apps rely, such as OAuth, SAML, and LDAP.
- Flexible password rules that allow you to set password expiration windows, password complexity requirements, and so on.
- Support for mobile devices as well as traditional devices.
- The ability to add new accounts automatically, in order to enable scalability.
- A reputation for security and reliability.
Popular SSO tools on the market include Okta, Citrix Workspace, Duo Security, OneLogin, LastPass, Keeper Password Manager, and JumpCloud, among others.
How to Implement SSO
One of the challenges in offering SSO as a managed service is that you likely can’t support SSO for every application or resource within your client’s organization. Some (such as those that use a non-standard authentication method) may just not work at all. Others may require more effort to integrate into your SSO solution than you can afford.
For these reasons, think strategically about which applications to cover, and make sure to be up-front with the client about this information.
(Stating in your contract that you can only support SSO for applications that use standard authentication protocols is a good way to set clear expectations upfront.)
The most commonly used applications in the client’s environment, as well as those for which SSO offers the greatest security benefits, are the obvious places to start when implementing SSO.
If the client asks for support for other applications where it will be hard to implement, you can explain that that is not included as part of the standard service offering, but that you can implement it for an extra charge. Alternatively, you could offer a service to help migrate the client to a different application that your SSO solution supports.
SSO offers a range of benefits for businesses. It may also make your job as an MSP simpler by reducing the time you spend on requests related to failed log-ins or lost passwords. For both of these reasons, SSO is an obvious solution to offer as a managed service. It’s also an easy service to deliver, provided that you choose the right tool as the foundation of your offering, and think strategically about how to implement it for your clients.