Single Sign-On (SSO) is a user authentication tool that allows users to log in to and access multiple applications, websites, data, and workstations using just one centrally managed set of credentials — a username and password.
SSO utilizes the OpenID® Connect (OIDC) identity protocol that works on top of the OAuth 2.0 authorization and authentication framework to enable identity providers (IdPs) to perform this magic.
SSO is a huge benefit to IT and users. Users love it because they only have to remember their username and one password for all their work apps. IT and the members of the corporate security team love it because SSO manages identity access, improves data security, and enables policy compliance without user resistance. The IT helpdesk loves it because many SSO solutions allow end users to reset their own password, eliminating a significant source of helpdesk requests.
Within this love fest, however, lurks an issue—Windows®applications.
SSO has historically only been available to provide secure access to web applications, not Windows applications. Why? Authentication events within Windows OS occur through Winlogon, the Windows authentication module that performs interactive logons for a session—where a user logs directly onto the operating system with a username and a password.
Because Windows requires a username and password to log on, IT cannot include Windows applications in cloud implementations using SSO without a customized Credential Provider, which is an expensive undertaking. Windows applications delivered to remote users via Microsoft® RDS and accessed through Microsoft Remote Desktop Protocol (RDP) have the same limitations.
Due to this constraint, Windows independent software vendors (ISVs) have been unable to reap the benefits of SSO.
GO-Global’s support for OpenID Connect allows Windows ISVs to use modern identity providers like Okta™, OneLogin, Microsoft Active Directory Federated Services (ADFS), and Microsoft®Azure® AD Seamless SSO to enable single sign-on into GO-Global® Windows hosts.
GO-Global enables Windows ISVs to publish their applications from any public, private, or hybrid cloud, to any device that supports a browser. With GO-Global + SSO, users who sign in to an enterprise web application or portal using an identity provider such as Okta or ADFS can access GO-Global Hosts from their browsers without having to re-enter their credentials, enforcing the organization’s authentication policies and reducing lost and forgotten password calls to the helpdesk—allowing Windows ISVs to share the love formerly reserved for web applications only.
Once a user has authenticated via OIDC, GO-Global gives administrators several options for authenticating the user automatically on Windows. For example, if the identify provider is integrated with the organization’s Active Directory, GO-Global can automatically sign the user in to the user’s domain account. Alternatively, if Active Directory integration is not required or desired, GO-Global can automatically create a local Windows account for the user.
Before GO-Global + SSO was introduced, Windows ISVs looking for this type of functionality would have to purchase expensive, complex, and unwieldy solutionslike Citrix® NetScaler® Unified Gateway integrated with Citrix Hypervisor®. Today, GO-Global enables Windows ISVs to easily and quickly deliver applications to customers from the cloud for up to 70% less than Citrix, VMware, and Microsoft RDS…AND use SSO to easily and inexpensively manage identity access and improve data security and policy compliance.
As our ISV customers began adopting SSO, they saw another benefit in addition to improved usability and identity access.