Re-evaluating Single Sign-On System Design Risks: An Activity Theoretic Approach

Single Sign-On (SSO) systems provide users the convenience of accessing multiple applications and systems while having to provide credentials only once. Organizations across industries have started to evaluate and deploy Single Sign-On systems in their environment. SSO systems provide a range of benefits including improved productivity, reduced complexity, improved user convenience, facilitated business and improved compliance to security policies. While SSO systems have shown to provide many economic benefits, there are inherent risks that arise from the fact that in SSO environment, only one password or one set of authentication factor is needed. This creates a situation typically understood as ‘single-point of failure’. In an event the SSO password is breached, all of the applications covered under SSO will be exposed to huge risks. We use activity theory principles to understand how applications should be categorized to design SSO systems. The research develops a process guided by activity theory to unravel some of the hidden design tenets that should guide SSO deployments.