Single Sign-On when already using LDAP

New Contributor III

Just wondering if there is any benefit to setting up SSO if we are already using LDAP with Active Directory and it has been working fine for years. Any additional functionality? Thanks.


Contributor II

My Understanding is no there really is no benefit. I believe you get more functionality from LDAP integration than SSO

New Contributor

We opted to set up SSO via SAML so that users would have to authenticate using an MFA code in addition to their password.

Valued Contributor

In my eyes it is a huge benefit that users see the organisations login page instead of yet another login page. No need for the user to wonder whether that YALP is trustworthy or not. Each additional login page increases the risk that the user gives his credentials to any site that asks for it.

And I love to just use my kerberos token to authenticate instead of having to type username and password.

Now if JAMF would accept SSO with certificates that would be really nice for the users that don't have a kerberos token at hand.