Is Windows Application SSO Achievable?

Last Updated:
June 28, 2023

Is Windows Application SSO Achievable?

In 2007, Microsoft® conducted a study that found that typical users had 6.5 passwords to remember. In 2023, NordPass researchers found that the average user had over 100 passwords to remember. This enormous uptick in the number of passwords one end user is expected to remember is the primary reason why Gartner estimates that 30 to 50% of all help deskcalls are for password resets.  

Enter SSO to save the day.

Single Sign-On (SSO) is user authentication that allows users to sign in once and gain access to their applications, data, websites, and workstations with one centrally managed password plus their username.

SSO is a boon to end users, to end user computing (EUC) teams, and to the IT helpdesk. Users only have to remember one password to access everything they need to get to work. EUC teams use SSO to manage identity access, keep applications and data more secure, comply with corporate and regulatory policies, and provide a better user experience. IT helpdesk' benefit from SSO because it reduces password reset calls to the helpdesk, allowing helpdesk personnel to address more knotty and interesting IT problems.

SSO has also made it far easier for companies to move to the cloud because it centralizes secure identity access—and by default centralizes users’ web application access.

Why is Windows SSO Support so Problematic?

There are many times where an organization requires users to use Windows®, not web-based applications. Unfortunately, SSO has only been available to provide secure access to web-based applications. Why? Because Windows requires a username and password to log in to a Windows session.

Authentication events within Windows OS occur through Winlogon, the Windows authentication module that performs interactive logons for a session—where a user logs directly onto the operating system with a username and a password to gain access to Windows applications.

Due to this constraint in the Windows OS, IT cannot include Windows applications in cloud implementations using SSO without a customized credential provider,which is an expensive undertaking. Windows applications delivered to remote users via Microsoft Remote Desktop Protocol (RDS) and accessed through Microsoft Remote Desktop Protocol (RDP) have the same limitations.

Due to this constraint, Windows ISVs have been unable to reap the benefits of SSO—that is, until GO-Global’s support for OpenID Connect became available.

GO-Global Enables SSO for Windows Applications

SSO relies on two computing security standards—authorization and authentication. Authorization is defined as the process of granting user access to computing resources. Authentication is concerned with verifying the identity of a user.

The OAuth 2.0 framework is solely concerned with authorization, i.e., identifying the resources a user is permitted to use. The OpenID Connect protocol is concerned with authorization and user authentication, i.e., verifying that the user is who they say they are. OpenID Connect (OIDC) is built on top of OAuth2.0, allowing third-party applications to verify the identity of the end user and to obtain basic user profile information.

GO-Global’s support for OpenID Connect allows Windows ISVs to use modern identity providers like Okta™, OneLogin, Microsoft Active Directory Federated Services (ADFS), and Microsoft Azure® AD Seamless SSO to enable single sign-on into GO-Global® Windows hosts.

GO-Global allows IT to integrate any identity provider that supports OpenID Connect directly into its hosts, allowing them to share Windows hosts among the users they already authenticate for web applications. GO-Global’s support for OpenID Connect eliminates the need for domain controllers on the corporate network, for custom credential providers for strong authentication, and for interactive logins.

Without GO-Global, Windows ISVs that want to add SSO would have to purchase expensive and complex solutions like Citrix NetScaler® Unified Gateway integrated with Citrix Hypervisor®.

With GO-Global + SSO, Windows ISVs can secure Windows applications at a low price point, improve their customers’ experience, manage identity access, improve application and data security, and ensure corporate and regulatory compliance. ISV customers only have to remember their username and password, which enables the ISV’s IT helpdesk to eliminate password reset calls.

For the GO-Global ISV customers using SSO, the savings on eliminating password reset calls can be significant. One GO-Global ISV customer estimates that by usingGO-Global SSO in 2023, they will eliminate over 9,000 helpdesk calls and reduce the time spent on password reset calls by 46,500 hours.

If you are a Windows ISV that wants to publish applications from any public, private, or hybrid cloud, to any device that supports a browser, and wants to provide SSO to your customers, consider GO-Global + SSO.

To see GO-Global’s concurrent user pricing with SSO, and calculate your estimated GO-Global pricing, click here.

To learn more about GO-Global, request a demo here or download a free 30-day trial.