AUTH-1 Single Sign On (SSO)

What is AUTH-1 Single Sign On (SSO) Control?

Single Sign On (SSO) Control is a best practice recommendation for critical systems but is not mandatory. Therefore, do not panic if you don’t have SSO implemented on all your systems.

An organization requires a unique username and password to authenticate with any system, program, or data. Having SSO is the industry’s best practice and enhances the protection mechanism, but that decision remains at the discretion of each organization.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools, as we haven’t used them.

Authentication Tools

Okta

Duo

Auth0

Azure AD

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• N/A: There is no available template for this control

Control implementation

NOTE: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefits of automation.
To implement this control manually,
Implement SSO configuration settings on each system, especially critical systems. As noted in the above section, this is not mandatory.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Upload a screenshot of the configuration settings that show SSO enabled for all users.

Evidence example

For the suggested action, an example is provided below:

1. Upload a screenshot of the configuration settings that show Single Sign On (SSO) enabled for all users.
   Here are different ways to show this setting.
   The following screenshot shows you can enable SSO settings through “Global SSO Settings”.
   
   The following screenshot shows you can enable SSO settings through “User sign-in”
   
   The following screenshot shows you can enable SSO settings through “User Access”.