All articles

Understanding SSO with Google: The Advantages & Challenges

3 min. read

Shelby Lee Neubeck

Shelby Lee Neubeck

27 June, 2023

Understanding SSO with Google

When it comes to your security and data privacy, passbolt doesn’t play around. That’s why the options for Single Sign-On (SSO) are expanding. Release 4.0: Get Up, Stand Up introduced SSO with Google to the mix, raising concerns among some passbolt users. Of course, you’re never forced into using any of passbolts SSO features; they’re completely optional. But let’s look at what’s involved in using Google as an SSO option and how it all works behind the scenes.

The Benefits

With the power of passbolt and Google SSO, you can use your existing Google credentials to log into passbolt. No more fumbling around with passphrases to access your sensitive information stored in passbolt. This saves you and your team time and frustration. If your users can log in using SSO, they’re less likely to forget another password, reducing the need for account recovery assistance.

Google has a massive user base and many companies use Google Workspace, so your users may already have credentials. Passbolt can now leverage this existing infrastructure. In the future, as passbolt improves SSO features, onboarding will be simplified and friction reduced. Passbolt is committed to providing a convenient experience for its users, while maintaining a high level of security.

Futurama gif — bender neat

Maintaining Your Data Privacy and Security

Integrating Google SSO doesn’t compromise security; rather, it complements passbolt’s robust GPGAuthentication process. By logging in using Google, users unlock a key stored on the server-side, essential for decrypting their secret key. This allows secure authentication without giving users another set of login credentials. Passbolt is dedicated to protecting user data and implementing comprehensive security measures. Part of that is adhering to the best practices and regularly conducting security audits to promptly address any issues. You can find the security consideration and residual risk notes in the developer documentation.

Addressing Privacy Concerns

Integrating a third-party authentication method always raises concerns about privacy and security. And when it involves a tech giant like google it can bring up even more concerns. Rest assured, passbolt prioritises your privacy. When you use SSO with Google, passbolt doesn’t receive any personally identifiable information (PII) from google. The information shared is limited to what’s necessary for user authentication, passbolt maintains a strict focus on data minimization and privacy protection.

Defying Google’s Data Collection

Understandably, privacy-conscious users may worry about Google’s extensive data collection practices. It’s important to note that when using Google SSO, passbolt does not grant Google access to your passwords or personal information. The integration serves authentication purposes only, allowing passbolt to validate users’ identities without compromising the privacy and security of their sensitive data.

The Security Behind Google SSO

SSO with Google relies on industry-standard protocols like OAuth 2.0 and OpenID Connect. These protocols ensure the security and integrity of user data. OAuth 2.0 provides a secure authorisation framework, authenticating users without directly handling their sensitive credentials. OpenID Connect enhances this framework by adding an additional layer of identity verification. Together, these protocols enable passbolt to authenticate users via Google SSO securely and reliably, minimising the risk of unauthorised access.

And you benefit from additional security from your Google accounts sophisticated security mechanisms: multi-factor authentication, suspicious activity detection, and encryption. By using SSO with Google, you can help protect your login credentials and sensitive information against unauthorised access.

More SSO Providers On The Roadmap

At passbolt, the overall goal is to optimise the user experience. With the addition of SSO with google, passbolt has started expanding authentication options. Currently, you can use SSO with Microsoft Azure and as mentioned, Google. There are more options on the horizon, such as GitHub and Okta. As a result, this flexibility empowers admins to choose the provider that aligns with their organisational requirements and helps with compliance.

SSO Settings menu including “coming soon” providers

An Era of Seamless Authentication

Administrators of passbolt pro can find out more about setting up Google SSO in our recent video or follow the written guide to configuring SSO with Google.

SSO simplifies the Passbolt login process, providing a convenient approach to access management while maintaining the robust security measures you’ve come to expect. Learn more about passbolt’s implementation of SSO and how it works, you can read “Everything you need to know about passbolt’s new SSO feature.” We’d love to hear from you! You can join the passbolt community forum to stay updated, request an SSO provider, or hang out and chat. We’d love to hear from you!