In recent years, Sharetru has received many questions from our customer base regarding Single Sign-On, otherwise known as SSO. This blog is meant to educate the reader on definitions and use cases as the technology has become widely adopted across organizations of all sizes for administration and security purposes. In this blog post, we’ll cover SSO and how Sharetru’s SSO integration works:
What is Single Sign-On (SSO)?
How does SSO work?
What are the Benefits of Single Sign-On (SSO)
What are the Downsides of using Single Sign On (SSO)
Why SSO Integration is Essential for your Secure File Transfer Platform
Sharetru’s Single Sign On Integration
Single Sign-On is a user authentication service that permits a user to utilize a single set of login credentials, and then have the ability to access any related – yet independent – software applications.
Example: A user might login using an SSO platform such as Azure AD, Okta, One Login or Ping. Then that user gains access simultaneously to a list of cloud-based applications required to perform their duties such as Sharetru, Microsoft O365, Salesforce and others.
There are 2 main types of SSO technology used by organizations today, Open Authorization (OAuth) and Security Assertion Markup Language (SAML).
OAuth Explained: Why It's the Smarter Way to Keep Your Online Accounts Safe
Ever wondered how apps and websites keep your information secure without making you type your password a million times? That's where OAuth comes in—and it's something we all use every day without even realizing it.
What Is OAuth and Why Should You Care?
Think of OAuth as your digital passport system. Instead of sharing your house keys with everyone who needs to visit, you're giving them a special one-time pass that only works for exactly what they need to access.
OAuth works entirely over secure HTTPS connections and uses special digital tokens instead of your actual username and password. This means you can let apps access your data without giving them your actual login credentials—pretty smart, right?
How OAuth Has Evolved to Protect You Better
There are two main versions you might encounter:
OAuth 1.0a is like the original iPhone—groundbreaking when it launched but now mostly replaced by newer technology. Some older systems still use it, and it requires each request to be digitally "signed" for extra security.
OAuth 2.0 is what most modern websites and apps use today. It's simpler, more flexible, and works especially well with mobile apps and modern web services. If you've ever clicked "Sign in with Google" or "Login with Facebook," you've used OAuth 2.0.
This is like having a trusted friend vouch for you at a private event instead of having to show your ID to every person you meet.
When combined with OpenID Connect (which is basically an extension that sits on top of OAuth 2.0), the system becomes even more powerful—not just controlling what you can access, but confirming who you are in a standardized way that works across the entire internet.
SAML 2.0: The Enterprise Authentication Standard That's Still Going Strong
Ever wondered why some organizations seem stuck in the past with their login systems? Look no further than SAML 2.0
What Is SAML 2.0 and Why Is It Still Around?
Security Assertion Markup Language 2.0 (SAML 2.0) might sound like ancient tech—after all, it was introduced back in 2005 when MySpace was still the king of social media and smartphones were barely a thing. But don't be fooled by its age!
Think of SAML 2.0 as that reliable old truck that's not flashy but gets the job done every single time. It essentially works by creating a secure "session cookie" in your browser that gives you access to specific web applications that your organization's admin has approved for you.
Once you're authenticated through SAML, you can seamlessly access multiple connected applications without needing to log in again and again—making it one of the first true single sign-on technologies to gain widespread adoption.
Why Some Organizations Won't Let Go of SAML 2.0
You might wonder why companies don't just switch to newer protocols like OAuth 2.0. Here's where it gets interesting:
Many highly-regulated industries and government agencies still mandate SAML 2.0 as their authentication standard. For example, Impact Level 4 (IL4) compliance requirements for handling controlled unclassified information still specify SAML 2.0 as the standard. The Department of Defense and other government bodies tend to move cautiously when it comes to changing security protocols—and with good reason.
But it's not just about compliance. SAML 2.0 also offers some distinct advantages:
- It was specifically designed for enterprise environments with centralized identity management
- It provides rich information about user attributes and roles in a standardized format
- It has decades of implementation experience and security testing behind it
- It focuses primarily on authentication, which makes it straightforward for specific use cases
The Limitations of SAML in Today's World
That said, SAML does show its age in today's digital landscape. It was created primarily for web browser interactions in an era before mobile apps dominated our digital lives.
Some of its limitations include:
- Clunky implementation with mobile applications
- Complex XML-based format that's heavier than modern JSON-based alternatives
- Less suited for API authorization scenarios
- More difficult to implement than newer protocols like OAuth 2.0 with OpenID Connect
Finding the Right Balance for Your Organization
For many businesses and government agencies, the ideal approach isn't choosing between SAML 2.0 and OAuth 2.0, but supporting both:
- SAML 2.0 for legacy systems and compliance-critical applications
- OAuth 2.0 with OpenID Connect for modern mobile apps and APIs
The best file transfer platforms understand this reality and provide flexible authentication options that support both standards, allowing you to satisfy compliance requirements while still delivering a modern user experience where appropriate.
This hybrid approach gives you the best of both worlds: the proven enterprise reliability of SAML 2.0 where you need it, and the flexibility of OAuth 2.0 where it makes more sense.
With the increase of cloud-based, off-premise, subscription software used by organizations today, SSO benefits your organization's security posture in several ways:
- SSO is convenient for users because they do not have to login to multiple applications. They can login once and gain access to a full application set decided on by your organization’s systems administration team for a specific user group.
- SSO is convenient for administrators because it removes a significant load of managing the same user list across multiple applications. If John Doe has access to 5 applications, an administrator no longer manages 5 sets of credentials for John Doe. He’s now managing a single set of credentials for this user. This allows for an administrator to quickly remove access to all applications in case of a security threat from the individual, or quickly provide access to new employees, or individuals moving to new roles.
- The usernames and passwords no longer being stored in third-party sites, an administrator can mitigate risk by not managing the usernames and passwords externally.
- “Password fatigue,” otherwise known as “password chaos,” is alleviated. Password fatigue is the feeling experienced by members of organizations with multiple systems requiring separate usernames, passwords, and password strength requirements. On top of this, a good security posture asks their organization members to change their passwords typically every 90 days. This affects your users’ routines and can lead to employee frustrations when they forget passwords.
- Beyond reducing the time spent by your employees to re-enter passwords or pick new passwords, SSO has the added benefit of reducing IT costs due to the lower number of help desk tickets and calls about passwords. This is because of the decrease in usernames and passwords managed through external applications.
- End to end user audit sessions improve an organization’s reporting and auditing when that time of the year comes along.
- Since SSO provides a user access to multiple applications with a single login method, the negative impact of a bad actor gaining the credentials of a single user is amplified.
- To overcome this potentially high impact situation, organizations should still integrate a multi-factor authentication (MFA) system with their SSO platform.
- SSO can be a single point of enterprise failure since it creates a critical application for access to all systems.
- If your organization’s SSO platform were to go offline, your users might be denied access to systems they need to perform their job duties. If access to specific systems must be always guaranteed, SSO might create a less than desirable situation during a downtime event. To combat this, your organization should ensure it has a good (and well tested!) failover/disaster recovery design.
- Some organizations have low visibility into the changes required to employees’ SSO requirements.
- An organization must require good identity governance. Pain points may arise from security threats by outgoing employees, and time spent waiting for systems access by incoming employees. An organization must have high visibility processes in place so if an employee leaves, is hired, changes roles, or otherwise should be removed from your systems, this can be accomplished quickly and easily.
While there are both positive benefits and negatives to using SSO, the negatives can be corrected with a well-planned internal security process. For all these reasons, organizations across every industry have continued to adopt SSO.
In today's digital landscape, where organizations manage countless applications and sensitive data transfers, Single Sign-On (SSO) has evolved from a convenient feature to a critical security requirement. Modern file transfer platforms must include robust SSO capabilities to meet enterprise security demands while maintaining operational efficiency.
Strengthening Your Security Posture
Implementing SSO with your file transfer solution dramatically reduces your organization's attack surface. By eliminating password fatigue and poor password practices, SSO immediately makes your business less vulnerable to phishing attacks. Users need to remember just one strong password instead of juggling multiple credentials across systems.
When SSO is properly integrated with your file transfer platform:
- User credentials remain protected since passwords are never directly shared with the application
- Consistent security policies that start with your SSO, including multi-factor authentication, can be enforced across all systems and users
- Automatic deprovisioning ensures immediate access revocation when employees leave
- Comprehensive authentication logging provides enhanced visibility into potential security threats
With SSO in place, even if your file transfer service were to be compromised, your credentials would remain secure as there's no local password stored with the service.
Enhancing User Experience and Adoption
Security tools are only effective when they're actually used. One of the biggest obstacles to establishing security and compliance policies is employee buy-in. If employees find security tools too complicated, they'll seek workarounds, undermining your security investments.
SSO integration creates a frictionless experience that encourages proper use of your secure file transfer platform:
- Users access the platform without remembering additional passwords
- Login processes are streamlined, saving valuable time
- Password reset requests are dramatically reduced
- New employees onboard more quickly with immediate access to necessary systems
Why User-by-User SSO Configuration Is a Game-Changer
While standard SSO implementation delivers significant benefits, the most advanced file transfer platforms offer something even more valuable: the ability to enable or disable SSO on a per-user basis.
Seamlessly Supporting Both Internal and External Users
SSO brings significant advantages to file transfer professionals, streamlining workflows and tightening security. However, balancing these benefits with potential downsides is important. Most organizations need to transfer files with external parties who don't have accounts in their identity provider.
With user-by-user SSO configuration, you can:
- Apply SSO authentication to all internal employees
- Maintain traditional username/password authentication for external clients, vendors, and partners
- Create special service accounts for automated transfers with custom authentication requirements
- Support temporary contractors with appropriate authentication methods
Managing Implementation and Transition Phases
Organizations rarely implement technology changes across all users simultaneously. Per-user SSO flexibility enables:
- Phased rollouts that minimize disruption
- Pilot testing with specific departments before wider deployment
- Side-by-side authentication methods during transition periods
- Special handling for mission-critical systems
Supporting Special Use Cases and Compliance Requirements
Different users and workflows may have unique authentication requirements:
- Emergency access accounts that function during identity provider outages
- Automated service accounts requiring special authentication
- Regulatory-required segregation of duties for specific users
- Special administrative functions with heightened security requirements
Enterprise Integration Ready
Modern SSO works based upon a trust relationship set up between your application (the service provider) and an identity provider. Look for file transfer platforms that support industry-standard protocols like SAML 2.0 and OpenID Connect (OIDC), ensuring compatibility with popular identity providers like Okta, Azure AD, Google Workspace, and others.
The most capable platforms support:
- Just-in-Time (JIT) user provisioning
- Attribute-based access control
- Integrated multi-factor authentication
- Detailed authentication audit logging
Sharetru has allowed for SSO provider integrations for our top-tier plans on our Standard Security and our Advanced Security and Compliance Platform in a way that’s adoptable for an organization’s internal users and external users. If you have questions about Sharetru’s SSO or any other features, please contact Sharetru sales.
Trial Info: Try out a full-featured Sharetru plan and your first 14 days are free.
As you try out the different file sharing options available to your company, keep in mind that the security and flexibility of Sharetru can’t be beat. It’s the perfect file sharing solution for companies who are looking for both usability and data protection.