AUTH-1 Single Sign On (SSO)

Estimated reading: 4 minutes 1865 views

What is AUTH-1 Single Sign On (SSO) Control?

Single Sign-On (SSO) Control is a best practice recommendation for critical systems but is not mandatory. Therefore, do not panic if you don’t have SSO implemented on all your systems.

AUTH-1, Single Sign-On (SSO) Control, revolutionizes user authentication by allowing access to multiple systems with a single login. This streamlined approach enhances security, reducing the risk of password fatigue and simplifying access management. By centralizing authentication processes, organizations bolster efficiency and the user experience while fortifying security measures.

SSO not only mitigates the need for multiple passwords but also provides administrators with centralized control and monitoring capabilities. Embracing SSO as part of authentication strategies ensures smoother operations, heightened security, and improved user satisfaction across various digital platforms.

An organization requires a unique username and password to authenticate with any system, program, or data. Having SSO is the industry’s best practice and enhances the protection mechanism, but that decision remains at the discretion of each organization.

How does AUTH-1 Single Sign On (SSO) Control work?

At its core, AUTH-1 SSO Control functions as a master key for accessing multiple applications. Upon your initial login, AUTH-1 SSO Control authenticates your identity using robust encryption mechanisms. Once verified, it communicates with all authorized applications on your behalf, using tokens to prove your identity without requiring you to re-enter your credentials.

This process is not only swift but also secure. Each token is uniquely encrypted, ensuring that your credentials are never exposed or compromised during transactions. Furthermore, AUTH-1 SSO Control employs continuous session monitoring, automatically detecting and addressing any anomalies that could indicate unauthorized access attempts.

The beauty of AUTH-1 SSO Control lies in its simplicity and security. Centralizing authentication processes not only streamlines access but also significantly enhances security protocols, ensuring that your digital interactions are both effortless and protected.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools, as we haven’t used them.

Authentication Tools
Azure AD

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A: There is no available template for this control

Control implementation

NOTE: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefits of automation.
To implement this control manually,
Implement SSO configuration settings on each system, especially critical systems. As noted in the above section, this is not mandatory.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Upload a screenshot of the configuration settings that show SSO enabled for all users.

Evidence example

For the suggested action, an example is provided below:

  1. Upload a screenshot of the configuration settings that show Single Sign On (SSO) enabled for all users.
    Here are different ways to show this setting.
    The following screenshot shows you can enable SSO settings through “Global SSO Settings”.
    Single Sign OnThe following screenshot shows you can enable SSO settings through “User sign-in”
    Single Sign On
    The following screenshot shows you can enable SSO settings through “User Access”.
    Single Sign On

Want to learn more about GRC?
Explore our GRC launchpad to gain expertise on numerous compliance standards and topics.

Want to see how to turn GRC into a profit center?
Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk!

Join our TrustCommunity to learn about security, privacy, governance, risk and compliance, collaborate with your peers, and share and review the trust posture of companies that value trust and transparency!

Join the conversation