Enable Single Sign-On

Single Sign-On (SSO) is a process whereby a user can gain access into Eclipse PPM after authenticating against a properly configured identity provider. Eclipse PPM and the identity provider must be configured and have established a trusted relationship before this authentication can take place.

When users have too many passwords, they become easy to forget. This causes users to create more common or weak passwords that make it easier for malicious actors to steal data. In fact, approximately 81% of company data breaches occur due to stolen or weak passwords.

Example: Without SSO, a user might have to sign in to multiple applications during the day. Also, they might have to remember a multitude of passwords that must be used for each of these applications, which leads to a higher risk of forgetting certain credentials and getting locked out of applications. They might alternatively create much weaker passwords to make it easier to remember, which can result in stolen data. With SSO, users only need to enter one password to access all of their software applications. This results in a safer, simpler login process.

Eclipse PPM can be enabled for SSO. Administrators should reach out to their Eclipse PPM representative if this is something that they would like to explore.

Tip: If SSO has been enabled for Eclipse PPM, administrators have the choice between allowing users to bypass SSO and enter their own Eclipse PPM credentials or force users to sign in using SSO. See Configure "Hybrid" or "SSO Only" Single Sign On for more information.

Common SSO Problems

SSO provides users with a convenient way to access multiple applications with a single set of login credentials. However, users and administrators should be aware of the errors that commonly occur before deciding to implement it:

Note: These are general issues that may occur with any SSO configuration. Be sure to speak to your trusted SSO provider about more specific issues that could arise.

Expired SSO certificate: Expired certificates are one of the most common reasons that users are prevented from using SSO to sign in to their applications. Strong SSO tools authenticate users through digital certificates. Certificate-based authentication integrates with an SSO solution and provides identity context to help monitor who is connecting to your network using what device. However, these certificates can expire after a set period of time. When this occurs, SSO sign in may fail, citing unsuccessful authentication as the problem. If this occurs, reach out to your Eclipse PPM representative and inquire about the certificate.
Security vulnerabilities: SSO can cause security concerns if not implemented correctly. If a weak SSO process is compromised, an attacker could gain access to multiple applications, increasing the impact of a single security breach. Make sure your organization is using a trusted SSO provider to prevent these attacks from being successful. Also, ensure that each user creates a strong password to prevent attackers from accessing their data.
Provisioning and deprovisioning challenges: Managing user accounts across various applications can be complex. When a user joins or leaves an organization, ensuring proper provisioning and deprovisioning across all integrated applications becomes crucial. Make sure your SSO provider has a process for onboarding and outboarding users.
User education: SSO should ideally enhance the user experience, but if users are not correctly informed about the process, it could lead to confusion or difficulties for users when accessing applications. For example, users might not be used to setting up two-factor authentication on their smartphones. Ensure that users can access informational resources to help them understand how to properly use the SSO configuration.
Single point of failure: Since SSO relies on a central authentication system, any disruption in that system can prevent users from accessing multiple applications. Make sure to use a trusted SSO provider and keep track of when your digital certificates are set to expire.