[csben]

My experience is completely opposite of the author's. I sign on once a day when I access a service that uses my firm's SSO solution. I'm then automatically signed in to all other services as I use them. It's quite seamless. I have no complaints about the SSO setup in my firm.

[throwawayboise]

So your company doesn't have certain functions where someone has said "this is really critical so we'll force a sign-in even if the SSO token is already there" because that happens to me 10 times a day at my work.

[derekp7]

I see this in situations similar to sudo where you need to make sure it is the same user that signed on when elevating privileges, vs letting in anyone who sits down at an unlocked user's terminal.

[wyattpeak]

If I had to wait for several hundred network requests to complete and one or two pages to render every time I sudo'ed I'd complain about that too.

[Spivak]

Which is silly because if you do that you're basically admitting that your SSO isn't fulfilling its promise of identifying the user. If you are having the thought, "what if the user I authed isn't the user anymore" then you should be reauthing them for any service at that point.

[seanp2k2]

Almost as fun as when TSA uses logic like “we thought you were going to hijack a plane using those nail clippers, but now that we’ve made you throw them away, you can board with no further scrutiny! Crisis averted!”

[csben]

Yes, this does happen. Especially for HR related matters. But that's definitely more of an exception than the rule. For most services that I use on a day-to-day basis, the experience is seamless.

[pyrale]

I would say that's not really a SSO issue so much as it's an obnoxious session duration policy.

[grogers]

Honestly I don't mind this too much as long as it's yubikey only, that literally is just reach up, tap, hit enter: 1-2 seconds if you know it's coming. If they require to reenter a password it's more like 10-30 seconds depending on if I mistype anything. That's just setting the wrong incentive to have a weak password that is easy to type.

[Too]

Same here. If anyone has different experience you should file a bug on your IT department.

The example from the article looks terrible and should not be seen as representative for how SSO can work.

That said, it’s still not the sign on nirvana we all want to have, browsers and OS still have a lot of areas for improvement here.