SSO Benefits are far-reaching - improved security, scalability, and less time spent on onboarding kinks. But how does that mesh with digital asset management (DAM)?
DAM software’s primary purpose is to become a single source of truth for asset management needs. The idea is that whether you need to search, store, distribute or collaborate on assets - DAM should be your one and only stop.
If we twist this phrase a bit, we can say that SSO wants to be the single source of truth for all your user authorization needs…
Does seem like too many “single sources of truth” for one pot, doesn’t it? And in some circumstances, it actually is!
So, in today’s article, I will go over what is SSO, what are its benefits, and when you should consider integrating it into your DAM environment.
What is Single Sign-On Anyway?
When you think about authentication in an office environment, the mind springs to these common suspects:
- Unique ID (username)
- 2FA through a mobile app or a separate dongle
What’s more, these credentials tend to be distinct for each piece of software that the company is using. So, a designer might have one set of credentials for their Adobe Suite, another for things like Slack, etc.
SSO proposes a different option. You have one set of credentials that you can use to access all integrated apps in your ecosystem. Some solutions, like Okta FastPass, go even further proposing passwordless access to authorized users.
So, this seems like a system that we’ve all grown accustomed to, so when SSO barges in and tries to shift the said paradigm, I want to ask - why?
Well, because if you think about it for a moment, the current “industry standard”, if you will, creates many headaches and security risks.
Reasons Why Lack of SSO is Bad
Too Many Credentials = More Chances of Security Breaches
There’s always a probability that a user will misplace or have their credentials stolen. When you have multiples, these odds increase. Although not all credentials are made equal, getting access even to one part of your ecosystem makes it more likely that others will be compromised as well
It Takes Longer to Onboard and Offboard New Users
So when you hire a new employee, you have to give them access to all things that they need for work. Create new credentials, or share existing ones for the circumstances where it is not possible/optimal to do so. While sharing credentials between a few users is always a bad practice, we have to be realistic about it. These things do happen, either to save cost or for convenience.
In consequence, when someone leaves the company, you have to make sure that they no longer have access to all those things and in the scenario of account sharing, you need to change passwords and notify everyone in the team about the change.
Security concerns aside, this constant shuffling also doesn’t happen automatically. Someone has to take the time out of their day to do these things, losing productivity hours.
Users Keep Losing Their Damn Passwords
50% of IT support tickets are about users losing or forgetting their passwords. Granted, you can say that it’s literally it's job to help employees with those things but we don’t throw garbage on the floor just because it’s the janitors’ job to clean, do we?
Conclusion: lack of single sign-on eats at your time and productivity and can cost you a lot of money in the long run. Humans remain the weakest link in the security chain with social hacking, phishing, weak passwords, and user error remaining the top causes behind data breaches.
All in all, the more we can reduce humanity’s propensity to mess things up on accident, the more thorough our security will be.
DAM & SSO: Where Do These Two Intersect?
As I’ve said, DAM means to be a single source of truth for your digital assets. Therein lies a similarity with SSO. Instead of having to remember multiple accounts for Dropbox, Google Drive, and whatever else, you can just log in to Pics.io, and there you’ll have everything you need, as far as asset management is concerned.
Plus, DAM had already figured out how to make sure that security clearances are upheld without human intervention. Users roles & permissions let you dictate which assets each role in your team gets to see and what can they do with those assets. When you invite them to join your DAM team, they already have those permissions pre-configured, so you don’t have to worry about accidentally showing sensitive information to somebody who shouldn’t see it.
So, if both try to reduce the number of moving parts and effort to access things you want, why bother with both?
Well, for one, DAM cannot replace everything. You’ll still need to have a dedicated app for heavy-duty image editing or Slack as your main communication hub, for instance.
Consider that one of the main benefits of cloud-based software is that access from anywhere, at all times as long as you have the correct credentials. So if somebody were to access your team’s DAM through a mobile app, they’ll get exactly the same functionality and capabilities as if they were sitting in the office.
Ensuring that one’s access to DAM remains as secure as possible can save you a lot of headaches. I will add, however, that not every DAM team will benefit from SSO. Let’s take a look at circumstances when you should consider one.
Top 3 Reasons When You Should Consider SSO Integration for your DAM
You have a large team and want scaleability
When you have a tightly-knit team of 10, it isn’t hard to double-check that everyone keeps up with security protocols and doesn’t use bad passwords or unprotected connections to access sensitive data.
With 100 employees and a willingness to add more? Unless you want to dedicate entire weeks to manual check-ups on everyone, a solution that just works will serve you better.
You need better security
With SSO you can create a single point of access to minimize the risks of weak passwords and unauthorized access. Couple SSO with 2FA and RBA and you can almost forget about the mishandling of credentials.
If you’re curious, RBA stands for Risk-based authentication. It means that if the SSO system you’re using detects suspicious activity (a new IP address, new device, etc.) it can lock the account until it gets manually approved by the user or the IT specialist.
Your team has many non-IT employees
Being nerds that they are, engineers tend to have a better grasp on juggling multiple accounts and software apps. People working in marketing, sales, HR, etc. don’t necessarily have that intimate knowledge of their machines, so the more time they have to spend logging in and out of applications can lead to increased frustration and reduced productivity.
Especially with the modern habits of replacing your hardware on the annual basis, a need to re-authorize all apps on your new device sounds doubly so dreadful.
Having a straightforward, single point of entry that you need to activate just once reduces these frustrations and allows your non-tech teams to better focus on things that they know and love.
Bundling these reasons together, I can confidently say that a dedicated SSO integration is an absolute must for large, enterprise-tier teams with 100+ employees. The more people you have, the less time you have to micromanage each one of them, so the need for SSO will grow linearly as your team expands.
If you’re already using Pics.io, we offer a couple of SSO options. Google SSO is available to all plans, while Microsoft Active Directory and recently added Okta integration are not available with Solo plan only.
If you’re not using Pics.io yet and wonder what is digital asset management and why you need to care, make sure to check our write-up on the importance of DAM strategy!