It's increasingly challenging to manage multiple identities of an individual and it's operational overhead to the organizations.
Implementing the Single sign-on solution in an organization to authenticate and SSO'ing for applications access within an enterprise will reduce operational overhead and cost to the organization.
Traditionally, there is header based Single Sign-On as it's still out there lingering in the market. In Early 2000's, it's noted that SAML is widely accepted mechanism for SSO requirements. Later in the game, late 2000's where mobile applications and API based designs came into the picture there comes OAuth authorization mechanism.
The goal of each SSO mechanism is very simple "One login to multiple applications". Well, definitely it's not that easy to enable SSO as stated.
When it comes to the recommendation on Single Sign-On to an enterprise application, I would suggest considering below list of choices and take the wise decision to implementing Single Sign-On.
Option 1: Legacy application with no delegated authentication capability to external authentication engine with Header based authentication. Note that this approach needs code change in the application authentication mechanism.
Option 2: Application that's fitted of delegating authentication to SAML Identity provider (IDP) then just go with it without further thought.
Option 3: Planning for developing a new application and studying about the authentication mechanisms in architecture then consider Open ID / OAuth (3 legged )as a primary option.
It's recommended to read and understand each Single Sign-On mechanism before going to the implementation phase.
Happy SSO'ing.
Thanks.
