In the world of identity and access management (IAM), single sign-on (SSO) continues to be one of the most popular tools used by organizations all over the world. There are approximately 15,000 SaaS companies in the United States alone — with thousands more in other countries (Statista). Based on this, it’s safe to say there are more web-based applications available than IT admins and users know what to do with. It also explains the interest in SSO and identity management.

However, it’s important to distinguish between SSO and IAM. SSO is one important subset of IAM, but it does not make for a complete IAM strategy on its own. Yet, many organizations only use single sign-on to connect end users to web applications in their IT environment and call it an identity management strategy, which is incorrect. If anything, it’s a fragmented identity management strategy, and every resource aside from web applications is left unmanaged (or managed with different, unconnected solutions). Whereas, a complete IAM strategy involves understanding, controlling, and managing user identities and access to all IT resources holistically.

Read more at – securityboulevard: SSO Isn’t Identity Management