AAAI-01

Does your solution support single sign-on (SSO) protocols for user and administrator authentication?

Explanation

This question is asking whether your software solution supports Single Sign-On (SSO) protocols for both regular users and administrators. SSO is an authentication method that allows users to access multiple applications with one set of credentials. It eliminates the need for users to maintain and remember multiple passwords. Why it's being asked: Security assessments include this question because SSO: 1. Reduces password fatigue and related security risks 2. Centralizes authentication controls, making them easier to manage 3. Enables stronger authentication methods like multi-factor authentication across all connected systems 4. Provides better audit trails of user access 5. Simplifies user provisioning and deprovisioning The question specifically requires that BOTH user AND administrator authentication support SSO. This is important because administrator accounts have elevated privileges and should have at least the same security controls as regular users. Common SSO protocols include SAML, OAuth, OpenID Connect, and LDAP. Your solution should support at least one of these industry-standard protocols to be considered compliant. To best answer this question: - Be specific about which SSO protocols your solution supports - Confirm that both user and administrator authentication can use SSO - If you only support SSO for one type of user (regular or admin), you must answer "no" - If possible, mention any identity providers you integrate with (Okta, Azure AD, etc.)

Guidance

Answer "yes" only if user AND administrator authentication is supported. If partially supported, answer "no." Ensure you respond to any guidance in the Additional Information column.

Example Responses

Example Response 1

Yes Our solution fully supports Single Sign-On (SSO) for both regular users and administrators through industry-standard protocols including SAML 2.0 and OpenID Connect We integrate with major identity providers including Microsoft Azure AD, Okta, Google Workspace, and OneLogin All authentication flows, including those for administrative access, can be configured to use the customer's existing identity provider Our implementation includes support for Just-in-Time (JIT) provisioning and role mapping from identity provider attributes.

Example Response 2

Yes Our application supports SSO authentication for all user types, including administrators We implement SAML 2.0 as our primary SSO protocol, with OAuth 2.0 available as an alternative option Administrator accounts can be fully managed through the same SSO configuration as regular users, with role assignment handled through group memberships or claims passed from the identity provider We maintain detailed authentication logs that track all SSO authentication events, and our system enforces session timeouts and other security controls consistently across all authentication methods.

Example Response 3

No While our solution does support Single Sign-On (SSO) via SAML 2.0 for regular users, our administrative portal currently requires direct authentication using username/password credentials specific to our application We maintain separate authentication systems for administrators to provide an additional security boundary We recognize this limitation and have SSO support for administrative accounts on our product roadmap for implementation within the next two quarters.

Context

Tab: Product
Category: Authentication, Authorization, and Account Management