## Scene 1: **Speaker:** Zoe Tsoraklidis Let’s talk about Single Sign-On – or SSO – and what it actually is (and isn’t). ## Scene 2: **Speaker:** Zoe Tsoraklidis Single Sign-On lets you log in once and access multiple applications without entering passwords again. **Speaker:** Zoe Tsoraklidis ## Scene 3: **Speaker:** Zoe Tsoraklidis Think of it like this: Instead of having fifteen different keys for fifteen different doors in your office building, you have one keycard that opens all the doors you’re authorized to access. ## Scene 4: **Speaker:** Zoe Tsoraklidis You log in once in the morning – to your identity system – and from that point, you’re automatically logged in to everything from your email, to your CRM, accounting apps and so on. ## Scene 5: **Speaker:** Zoe Tsoraklidis SSO improves password security and workflows. Your team isn’t juggling multiple passwords, reusing passwords, writing passwords on sticky notes or in spreadsheets, or constantly resetting passwords. ## Scene 6: **Speaker:** Zoe Tsoraklidis But here’s the critical misunderstanding of Single Sign-On: It’s not a security solution. In fact, without the right security, it can give away access to everything should your email account be hacked. ## Scene 7: **Speaker:** Zoe Tsoraklidis SSO is a function of just one component of Identity Management – efficient administration. Think of Identity Management as the complete security system for your building – and Single Sign-On as an easy access card for the rooms you use most often. ## Scene 8: **Speaker:** Zoe Tsoraklidis Here’s what SSO doesn’t do: It doesn’t verify that the person logging in is actually authorized. It doesn’t check if the device they’re using is secure. It doesn’t monitor for suspicious behavior after they’re logged in. It can’t control access or protect data. ## Scene 9: **Speaker:** Zoe Tsoraklidis If someone steals your keycard – or in this case, gets your login credentials – SSO happily lets them into everything. Because from SSO’s perspective, they have valid credentials. ## Scene 10: **Speaker:** Zoe Tsoraklidis This is why SSO needs to be part of a broader Identity Management strategy. Identity Management is the framework that controls who can access what, from where, using which devices, at what times. It’s the complete system, not just the login convenience. ## Scene 11: **Speaker:** Zoe Tsoraklidis Here are a few key security controls you need alongside Single Sign-On. ## Scene 12: **Speaker:** Zoe Tsoraklidis One: Multi Factor Authentication; when someone logs in with their SSO credentials, MFA asks “is this really you?” by sending a code to your phone or a push notification. **Speaker:** Zoe Tsoraklidis This means even if someone steals your password, they can’t actually get in without also having your phone. ## Scene 13: **Speaker:** Zoe Tsoraklidis Two: Conditional Access Policies; these are the rules that determine whether to allow a login based on context. **Speaker:** Zoe Tsoraklidis For example, your CFO logging in from the office on their company laptop? Full access granted. Same CFO appears to be logging in at two AM from Romania on an unknown device? Access denied. **Speaker:** Zoe Tsoraklidis SSO handles the “who”, in this case, it is Sarah’s account. Conditional Access handles the “should we let her in right now”, based on risk factors. ## Scene 14: **Speaker:** Zoe Tsoraklidis Three. Device Management. Your Identity Management system should know which devices are trusted company devices versus personal or unknown devices. **Speaker:** Zoe Tsoraklidis Company laptop, properly secured and managed? Can access everything. Unknown device from a new location? Blocked. ## Scene 15: **Speaker:** Zoe Tsoraklidis Four: Automated Provisioning and De-provisioning; when someone joins your company, your Identity Management system creates their accounts, assigns appropriate access, and connects them to SSO. **Speaker:** Zoe Tsoraklidis More importantly, when someone leaves, one action in your Identity Management system immediately revokes all their access across every connected application. **Speaker:** Zoe Tsoraklidis No manual cleanup or forgotten accounts. ## Scene 16: **Speaker:** Zoe Tsoraklidis That’s a brief overview of how you can have the convenience of Single Sign-On as part of the protection of a complete Identity Management system. **Speaker:** Zoe Tsoraklidis Here at TUCU Managed IT Services in Toronto and Durham Region, we help small businesses with strategic IT solutions. ## Scene 17: **Speaker:** Zoe Tsoraklidis Visit us online today at TUCU.ca to schedule a free Discovery Call. Let’s discuss what secure IT management looks like for your organization. **Speaker:** Zoe Tsoraklidis Thanks for watching!