Skip to main content
IT Strategy

A CISO recommends SSO, in phases

Axonius’s Lenny Zeltser shares a few tips on single sign-on steps.
article cover

Vertigo3d/Getty Images

3 min read

A single sign-on (SSO) implementation wouldn’t be something that Lenny Zeltser necessarily recommends for a CISO just starting the job, even though that’s just what he did when he began as Axonius’s chief information security officer about five years ago.

The implementation of SSO, what Gartner defines as the ability “to authenticate once, and be subsequently and automatically authenticated when accessing various target systems,” has plenty of chances to exhaust an IT staff—for one, finding all the applications in your company.

To ease challenges, Zeltser recommends implementing SSO in phases—a strategy that can lead to early wins. One first step, he says, is seeing which tools already provide SSO options.

“There’s probably several apps that can provide single sign-on. You just need to configure it and integrate it with your single sign-on provider when you do it for just even a handful of apps. Now everybody loves you. Why? Because now employees have fewer passwords to remember,” Zeltser told IT Brew.

So SaaS-y. In 2023, according to SaaS platform BetterCloud’s survey of over 411 IT pros, orgs had an average of 112 SaaS applications—a challenge for IT pros managing them all.

“It’s not feasible to manage hundreds of independent user stores making sure that access is granted and de provisioned when appropriate, and that the right access is assigned,” Zeltser said, adding that SSO creates a way to enforce access policies and potentially provision/deprovision users.

Tech recs. Some of Zeltser’s recommended steps for orgs include:

  • Decide on user-account security measures, like password complexity, multi-factor authentication, or passkeys
  • Pick an SSO provider that meets requirements
  • Determine which apps already provide SSO user-authentication capability without requiring new licenses
  • Start with one app that easily integrates and reflect on the process, to help plan for future integrations.
Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

In addition to starting with one app, like an HR tool, Ismael Valenzuela, vice president of threat research and intelligence at BlackBerry, says a phased approach for some orgs could involve one pilot group of people, like contractors who have stricter authentication experiences enforced by the SSO product. SSO projects are often ongoing ones, he said.

“There’s always new applications,” Valenzuela told IT Brew.

Other recommended strategies Zeltser suggests include:

  • Adjust procurement processes to ensure SSO is offered from new products
  • Identify remaining SaaS applications that require additional license fees to integrate with SSO (and be ready to negotiate with a current vendor or with internal teams to migrate to a new one)
  • Continue to watch for unsanctioned SaaS apps that don’t integrate with SSO

After deploying SSO, Zeltser and his team added another capability: the ability to ensure that a device was in a trusted state. He said successful SSO adoption offers a chance to get buy-in for other IT objectives.

“Once you have an early win, you’ve built up trust, now you can take on more challenging projects that might have nothing to do with single sign-on,” Zeltser said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.