Google’s new SAML Partial SSO beta enables you to have a more granular approach to SSO

Natalie Willis
  • 7 min read

Organizations are empowered to use a single sign on (SSO) solution as their identity and security source-of-truth for all systems and applications. It is unrealistic to assume, however, that every account within the environment requires SSO. So FINALLY, here comes partial SSO to save the day!

Google’s new SAML Partial SSO feature is here to make the IT professional’s job a little bit easier. Last week, Google launched this feature in beta to give admins more control over how SSO is applied to accounts within their organization. This update is in open beta, which means you have access to it now in your Google admin console without the need to sign up for a specific beta program. Let’s dive into what that means for you, your team, and your organization’s security.

What is SSO and why do you need it?

First things first: what is SSO and why is it important? SSO authenticates users’ logins with a single ID and password to access software systems, usually multiple, independent systems. SSO allows for one single source of truth for security and identity. Because of that, it adds extra security to your organization by reducing the chance that passwords can be stolen in a breach.  

While we’re at it, let’s break down what SAML is, too. Security Assertion Markup Language (SAML) is a standardized process for external applications to verify users are who they say they are. This is what makes SSO possible.

What does the new SAML Partial SSO beta mean for you?

A big bang rollout of a new technology can be an IT nightmare. With the SAML Partial SSO beta, you don’t have to turn on SSO for your entire organization; you can phase the rollout. This allows a core IT team to complete testing and early adopters to help iron out bumps in the road to perfect the rollout plan before a global go-live. A phased rollout helps to avoid disrupting the entire organization.

Another advantage of having this feature is that it allows you to have multiple SSO solutions configured within your environment. If your company is going through a merger or acquisition, perhaps the other company uses a different SSO solution that they want to continue using even after merging into your environment. With partial SSO, one subset of users could use one SSO solution and the rest of the company could use a totally different method.

Partial SSO also allows a tailored approach to handling SSO for different types of accounts that may not require SSO. After organizing new hires, contractors, non-human/service accounts, or conflict accounts into organizational units (OUs), you can keep SSO turned off for those accounts that do not need SSO enabled. In addition to OUs, you can also assign an SSO profile to groups. This allows you to keep your organizational structure flat and still take advantage of partial SSO.

How to get started with partial SSO

For instructions on how to set up SSO via a third-party identity provider, click here. Keep in mind that this feature is currently in beta, and you can keep a lookout in our Visible Changes blog post for its official launch to general availability.

Wursta customers can contact their account manager to learn more about how to take advantage of this feature while it’s still in open beta.

If you’re not a Wursta customer and would like to learn more about how to keep security organized and productively distributed at your organization, reach out to us! We’d love to hear from you and see how we can help.