We were thrilled last month when Google selected Keeper SSO Connect, our SAML 2.0 service, as one of just nine third-party apps to be included in the search giant’s pre-integrated SSO Apps Catalog. In an earlier post we told you why Keeper and SSO go so well together. Now we’d like to share the reasons why the Keeper solution is unique enough to earn Google’s endorsement.
Even if you’ve never heard of the term SSO (single sign-on), you’ve undoubtedly used it. Whenever you land on a login page that offers you the option of signing in with Facebook, Google, Twitter or other popular social networks as an alternative to creating an account, you’ve seen SSO at work. One example is Fitbit’s login page.
SSO is one of those rare win-win propositions that not only enhances security but also improves the user experience. When used with protocols such as Kerberos and the security assertion markup language (SAML), SSO takes care of most of the complexity of authentication and user identity management in the background.
And SSO isn’t just for public websites; it is also used extensively behind corporate firewalls. For example, companies may use it to make it easier for their employees to log in to multiple corporate accounts, such as email, financial applications, collaboration software and CRM. By deploying SSO, enterprises can greatly reduce the need for people to have to maintain passwords for each application they use. That means fewer helpdesk calls, fewer resets and less risk of compromise due to password theft. Companies can also monitor user SSO activity both to see how applications are being used and also to look for signs of compromise.
One of the most rewarding aspects of the Google endorsement is that Keeper has only been in this market for about six months. Late last year we were approached by one of our customers that wanted to use SSO internally to permit users to authenticate to their Keeper vault. We had a solution ready early in the new year, and it’s been a hit with customers.
There are two big differences between the Keeper SSO solution and most others. One is our ability to store rich information in the vault, including files, sensitive data and access credentials to restricted systems. Our shared password storage capability is useful to enterprise customers because not all applications support SSO. Keeper gives them the flexibility to keep a shared vault of passwords to non-SSO applications in a single, secure place so users can log into whatever systems they need. In another recent blog post we told you about how much some users value encrypted file storage.
The second big Keeper difference is our zero-knowledge security architecture. The customer maintains full control over encryption and decryption of their data. We have no access to the encryption keys, master passwords or records stored within the Keeper vault. This capability has become particularly important to customers in the wake of the OneLogin breach late last month. In that incident, the credentials of potentially millions of individual users were compromised because the encryption keys were kept on a central server. A breach of that kind could never happen with Keeper because we don’t store any sensitive information. That capability lies solely within the hands of the user.
With its decision to include SSO Connect in its third party apps catalog, Google is making it that much easier for customers to implement SSO and SAML. Our own integration is even more extensive. SSO Connect also works with Microsoft’s Active Directory Federation Services and Azure cloud, F5’s BIG-IP Access Policy Manager, Okta’s Identity Cloud, Centrify identity and access management solutions, OneLogin, Ping Identity and the open-source Central Authentication Service.