This is not a question that can be easily or quickly answered, as you must be able to computer the cost of implementing the solution with the benefits. Cost and benefits may vary. For example, if you use products that can work in a Windows Active Directory environment and utilize Windows for authentication -- you already have a single sign-on experience. If you are looking for, or developing new products, if they also can leverage this environment, that's another benefit. If however, you have products that cannot, you may need to purchase an alternative product that can integrate them with AD, or another directory/single sign-on product that can incorporate many of our application needs.
Some benefits of single-sign on are obvious but you may not immediately be able to put a monetary value on them. For example, with single sign on users only have to remember a single user ID and password for multiple applications. This means they will be less likely to write down passwords, and therefore there will be less chance of someone finding the password. It also means they can use a stronger password, since one password that may not be as easy to remember is ok, 20 is impossible. This means less possibility of successful computer attacks. How can you put a monetary value on that? That can be hard. However, it also means less help desk costs. When users forget passwords and have to call the help desk to get them reset, this can become expensive. It's also something you can track, before and after single sign on, for example, to measure the benefit. In addition to the cost, you may also want to consider that it may not be possible to find a product that can integrate enough of your environment to make a difference. Trying to make it work may be costly as well. Do necessary product research before spending money and time.
Don't forget that in addition to the cost to implement single sign on, the savings it may produce and the additional security benefits; there is also a security downside. When a user has multiple ids and passwords, if I obtain, or crack his password, I only gain access to a small number of resources. I must crack multiple passwords in order to access everything the user can. However, with single-sign on, I need only one and I have access to everything.
Dig Deeper on Windows 10 security and management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.