If your business relies on cloud applications, you’re probably considering single sign-on (SSO) for those applications. After all, managing all of those passwords is a hassle for your business – and not having control over cloud applications can be a real risk. But what SSO solution do you choose? Does it have to be expensive and complicated? Can it fit into your business? Answer your SSO questions with this whitepaper.

1. WHITEPAPER
A Buyer’s Guide for Cloud Single
Sign-On (SSO)

2. Whitepaper
2
Table of Contents
Solution Architecture 3
Security Considerations 3
Compliance Requirements 4
Total Cost of Ownership 4
Business Fit 5

3. Whitepaper
3
A Buyer’s Guide for Cloud SSO
If your business relies on cloud applications, you’re probably considering single sign-on (SSO)
for those applications. After all, managing all of those passwords is a hassle for your business
– and not having control over cloud applications can be a real risk.
But what SSO solution do you choose? Does it have to be expensive and complicated? Can it
fit into your business? These are some of the questions that may keep you from moving
forward – that, and fear that you’ll be undertaking another major technology initiative.
This paper should help in your decision process. It offers guidelines for choosing a cloud SSO
solution that meets your business needs.
Solution Architecture
The first question to ask is the architecture question. Do you want to go old-school with on-
premise software? If you have existing Identity and Access Management (IAM) software in-
house, can you easily extend it to handle cloud applications? Or do you want to look to the
cloud for your cloud SSO solution?
> If you have an existing on-premise IAM solution, you may have options for extending it to
the cloud.
> A new generation of cloud-based SSO solutions, themselves delivered from the cloud,
offer the rapid deployment and low maintenance costs that you love about cloud
applications.
Security Considerations
Security is one of the biggest reasons people turn to cloud SSO, so be sure to look closely at
how the SSO solution handles the big issues:
> Data security in transit and at rest: How are your application credentials encrypted in
transit? How are they stored in the SSO application? Who can access those credentials
outside of your business? Who has access to the encryption key?
> Cloud application security: Does the solution give you control over application access?
For example, can you get people running without actually giving them the logins to your
Salesforce or HR applications?
> Phishing and identity theft protection: What kind of protection do you get from data
breaches or phishing?
> Two-factor authentication: Can you add a second factor to the SSO login so you don’t
rely on passwords alone? If so, what factors can you use?

4. Whitepaper
4
> SSO provider security: Take a close look at the vendor. What kind of industry standing
do they have? Does the data center hosting the service meet high standards for security
and availability? Can the provider’s employees ever access your credentials?
Compliance Requirements
If you’ve got people responsible for compliance, they’ll be interested in the security questions
above, as well as some of their own concerns:
> Audit/reporting: Can you audit all access to business applications? Is it easy to run
reports on access?
> Password policies: Can you set and enforce password policies for the individual
applications? For the SSO portal?
> Deprovisioning: When someone leaves, how quickly and completely can you remove their
access to business applications?
Total Cost of Ownership
No decision guide is complete without a consideration of total cost. Don’t look just at the
purchase (or subscription) cost. Consider the total cost of ownership.
> Subscription/licensing cost: If you’re looking at on-premise software, what are the one-
time licensing costs and ongoing maintenance costs? For a cloud-based solution, what is
the subscription model – per application, per user, some combination of the above?
Model your anticipated business and application growth against the subscription model to
determine actual pricing.
> Deployment cost: How much work will it take to implement the solution with your
existing applications? Are you going to need to hire expensive consultants to make it
work? Do you need to install any software on your own equipment? And how well will the
service provide support you during the deployment?
> Legacy or non-standard application costs: Are there extra costs associated with
supporting that home-grown application, or that strange app that your researchers love
and no one else uses?
> Training costs: How hard is it to use – are you going to have to train people? If so,
what’s the cost of training?
> Two-factor authentication: If the solution offers two-factor authentication, what factors
does it support? How much will it cost to outfit business users with the authentication
factors (tokens, cards, software)?

5. Whitepaper
5
> Administrative costs: How much administrator time does the solution require on a daily,
weekly and monthly basis? Who handles SSO password or authentication problems?
What’s involved in adding new users or removing access when people leave?
Business Fit
You’re probably interested in helping people be more productive. For that, you need to
understand how well the SSO solution fits your current business.
> Application fit: Does it work with the applications you use? Does it require a lot of work
to support custom or new apps?
> Directory integration: Can you link the SSO solution to your existing Active Directory (or
other directory). Directory integration gives you one place to manage user identities.
> Identity federation: Which federation standards (if any) does the solution support? For
example, Salesforce and Google Apps both support SAML federation; if you use those
apps, you might want SAML support. Can the solution support SSO to federated
applications alongside applications that use only username and password?
> User management: Can you speed up setting up new users by creating application
profiles for different user roles?
> Application management: Can you track application usage across all your cloud apps?
> Mobile Support: Does the SSO application work with mobile browsers on tablets? Smart
phones? Can people access the same applications easily when they switch between
devices?
> SSO service availability: What service level guarantees does the provider offer?
About CloudEntr by Gemalto
CloudEntr by Gemalto gives businesses a simple and secure way to manage cloud application
access. Using CloudEntr, businesses regain control of their trust networks and cloud
applications, while offering users convenient one-click access for all web applications in a
single interface. CloudEntr reduces complexity while helping businesses operate anywhere,
anytime, and at the right scale. Gemalto’s security and authentication expertise is trusted by
many of the world’s largest financial institutions and governments.
For whitepapers, videos or ebooks, visit www.cloudentr.com/latest-resources.