Flexera logo
Image: Why Single Sign On (SSO) Isn’t Ideal for SaaS Management

What are You Betting Your SaaS On?

So you’ve invested in single sign on (SSO) capabilities to give your employees a convenient way to log into the most used company apps. Great job. Now, you’ll finally be able to see who is logging into those apps so you can understand what apps are really being used. In theory, this would be helpful information to drive better SaaS management and save costs.

In theory.

The problem is, as much as SSO can benefit the organization, it provides only the most basic data on your SaaS usage. Here’s why:

  • Shadow IT Isn’t Monitored. SSO is helpful to show you who has logged into the apps under IT management, but it ignores any SaaS apps IT doesn’t know about, which are often many. If you don’t think anyone in your organization is using a cloud app without telling IT, you’re in for a surprise. If you’re in IT, you may be sighing with recognition.

In a Symantec poll, 37 percent of respondents believe users or business units at their organizations are frequently or occasionally deploying cloud applications or putting data in the cloud without consulting IT. Based on my experience and other reports I have read, this may be a highly conservative number, particularly for organizations without a strong (or any) governance policies in place. The Symantec poll found 31 percent of organizations lack even the most fundamental cloud security policies, procedures or tools.

  • Logins ≠ Utilization. The nature of SSO means employees are automatically logged into a series of corporate apps with one username and password, whether these employees actually use every app or not. This means your reports aren’t really showing utilization, only logins.

To confuse matters more, login statistics may be redundant. IT may frequently set timeout rules when implementing SSO, making employees log in each time or once every several of hours. Obviously, this will skew any metrics and are not an actual reflection of cloud app utilization.

  • How Apps Are Being Used Is Ignored. SSO does not tell you what users are actually doing in each app, which features are being utilized and which are a waste of money. SSO only gives you marginal data on who logged in (intentionally or by default), but it can’t tell you what your users did once they got into the apps.

SaaS contracts are often tiered, with companies paying higher costs for more features and additional users. If you don’t know what features are being used and who is really using them (not simply logging in), how can you negotiate the best contracts and fees? Exactly. You can’t.

Companies who really want to understand SaaS utilization so they can right-size their contracts, waste less money, reduce risk with improved security, and gain control over their SaaS landscape MUST do more than simply track misleading logins from SSO software. They absolutely have to gain visibility into the entire IT landscape, identifying all cloud apps in their ecosystem, including those rogue apps of which IT wasn’t informed. Anything less is a half-assed, or should I say, “half-SaaSed” approach to management.

Integrate, Integrate, Integrate.

SSO attracts users because of the promise of integrations. SSO vendors survive based on their pre-built connections to thousands of on-premise and cloud vendors. While these integrations are a critical link, SSO only passes along login credentials to those apps with which IT is familiar. What about the dozens, even hundreds, of shadow cloud apps that aren’t a part of the big, happy family? What’s integrating to those and measuring their logins, users, utilization and fees?

Fortunately, there is hope for stressed out IT leaders. You can get the enterprise transparency you want and need for effective SaaS management. There is one caveat, however. You aren’t going to get it from SSO alone.

True SaaS management demands integrations with cloud vendors and SSO vendors alike. Here’s how it should work:

First, in order to find all cloud software being used, you must be able to analyze expenses and financial records along with SSO. This isn’t as difficult as it may sound. Flexera works with SSO vendors while also continually expanding our own database of cloud vendors. This ensures we can easily pair up SSO data with charges for subscriptions to apps and quickly identify shadow IT.

The result? Users have real-time access to an interactive catalog of every SaaS vendor in their IT ecosystem, based not only on what employees admit using but on what may be hidden in “miscellaneous items” on expense reports. SSO doesn’t come close to this level of detail.

Second, once each SaaS vendor has been identified, it’s all about reporting to give you the information you really need to make the best decisions. Flexera SaaS Manager integrates with your SSO and each of your cloud vendors for more detailed, accurate user login information, including how the products are being used.

Why does this matter? Because with this data, you can easily identify where you are overspending on licenses and features. You can leverage volume discounts, scale back on underutilized features, eliminate redundant subscriptions, and right-size every contract. With SSO, you only get unreliable login data.

Is SSO Even Needed?

SSO is a powerful backend function that provides a seamless front-end experience for employees. It reduces login time as well as the costs and time associated with employees calling a help desk for password resets. It is enjoyed by many for the time it saves. It also gives companies some sense of control over the apps authorized by IT. Is that enough? Resoundingly, no.

Partial control is really no control at all. Use SSO to make it easier for employees to get their day started with one username and password to remember. They and your IT help desk will appreciate it, I am sure. However, if you are using it to reduce all costs associated with SaaS apps and improve security, you’re using the wrong tool.

SSO doesn’t go far enough by missing all of the shadow IT and it doesn’t go deep enough by not providing the required level of detail leaders need to make better decisions. SSO is really meant for one thing: convenience. It does this well and for that reason, it’s worth consideration.

IT Asset Management icon

IT Asset Management

It all starts with knowing what’s in your IT ecosystem. Flexera One discovers even the most elusive assets whether on-prem, SaaS, cloud, containers and more.

SaaS Management = Visibility

True SaaS management, which should be on every company’s priority list, is all about transparency. If you can’t see it, you can’t monitor it, protect it or manage it.

With more software moving to the cloud, the demand for better, more comprehensive SaaS management will continue to grow. Are you ready? Do you have a 360-degree view of your enterprise applications? Are your SaaS vendor contracts right-sized for your current needs or are you paying for future needs that may or may not ever evolve? Are the right people accessing the right cloud apps?

If you’re only relying on SSO, you likely answered no to those questions, or worse, have no idea. It’s okay. You aren’t alone. This is new territory for many and wrangling it all into a manageable view hasn’t been easy until now. The cloud has transformed our software and how we work. Thankfully, modern tools are available to make sense of it all. Use the right ones and this SaaS management thing won’t be so hard.