Why I decided to enforce Single Sign-On (SSO) at Sendmarc

I’ve been incredibly fortunate to build a few businesses from the ground up during my career, and each of these journeys was unique. Because of my history and being the co-founder of a leading cybersecurity company, I feel confident sharing my experiences with my peers.

At Sendmarc, a key ingredient to our success has always been to embrace a modern cloud workspace and third-party applications to boost productivity and speed, which has led to us incorporating a number of external cloud applications in our organization.

As a cybersecurity solutions provider with a DMARC management platform, we take security very seriously – Sendmarc is even ISO 27001 certified and nearly SOC 2 compliant with Vanta (which I highly recommend). I believe we get all the basics right, along with multiple advanced security practices.

That said, something that has often felt a little frustrating to me is using Single Sign-On (SSO) when accessing external services.

What is Single-Sign-On (SSO)

Single Sign-On (SSO) allows users to log in once using a centralized Identity Provider (IdP) like Microsoft Entra/365, Google Workspace, or Okta, which then provides access to various applications. It eliminates the need to log in numerous times and keep track of multiple sets of credentials.

I understand the benefits of SSO, but the extra two clicks, the IdP pass-through, and the seconds wasted each time I attempted to log in irritated me.

So, in Sendmarc’s early days, we didn’t require single sign-on when accessing external applications – it was optional. This worked as we were a smaller company consisting of engineers using password managers and Multi-Factor Authentication (MFA); our main goal was enhancing our DMARC management platform. But something made me seriously reconsider my decision.

My Single Sign-On (SSO) experience

Back when Sendmarc was just getting started, we were already using over 50 external applications.

Every time we brought on a new hire, we had to manually set up logins for each application. Then, when someone left, we had to go back and log in to every service to delete their accounts. With so many applications and constant changes to our team, this quickly turned into a big headache. It was clear we needed a better way to manage this.

Luckily, during Sendmarc’s ISO27001 Certification, a hypothetical situation I could highly relate to was introduced to me:

An employee’s last day at a company is a Friday. As part of their role, they had access to multiple approved third-party applications.

The offboarding process went smoothly, and there were no bad relations. But, on this particular Friday, the employee responsible for offboarding left early and was unavailable during the weekend. Before they left, the organization disabled their internal accounts and remotely wiped their PC. While these actions were successful, the process wasn’t fully complete.

The employee’s access to external applications, such as project management or marketing tools, was not automatically revoked. This meant the individual could still access those applications until their accounts were manually disabled.

If the organization had been using SSO, a single removal of the user from the IdP would mean the employee no longer has access to any of the other third-party applications – it’s efficient, seamless, and immediate.

For me, this was the point that made SSO adoption a no-brainer.

The benefits of Single Sign-On (SSO)

Implementing SSO has benefits that go beyond my initial frustrations. Here’s why it’s so important:

Streamlined user experience

SSO reduces the need to remember multiple passwords, making workflows more efficient. Employees can quickly access the tools they need without wasting time on repeated logins.

Enhanced security

By centralizing authentication, SSO minimizes the risk of password reuse across platforms—one of the leading causes of data breaches. Pairing SSO with solutions like MFA can further enhance security.

Centralized access control (my favorite)

SSO makes it easy to control who has access to what. With an IdP, administrators can provide or revoke access to multiple applications in one place. This is useful for compliance, onboarding new employees, or quickly responding to security threats.

Simplified password management

With SSO, password policies—such as complexity requirements and regular resets—are controlled centrally. This reduces users’ responsibility while assisting in meeting compliance with organizational security standards.

Improved productivity & cost savings

Reducing credential-related support tickets, such as password resets, saves time and money for IT teams. And fewer login interruptions mean employees stay productive for longer periods.

Audit & compliance

SSO solutions provide logging and reporting capabilities, offering insights into user activity and assisting in complying with regulatory requirements.

DMARC management platform with Single Sign-On (SSO)

Sendmarc’s DMARC management platform supports Single Sign-On (SSO), integrating with the following Identity Providers (IdPs):

1. Microsoft Entra/365 Single Sign-On (SSO)

2. Google Workspace Single Sign-On (SSO)

3. Okta Single Sign-On (SSO)

If you’d like to see us integrate with any other IdPs, reach out to us at [email protected].

I’ll leave you with my final thoughts on the subject: Single Sign-On (SSO) can be frustrating to some, but it’s become a necessity for modern organizations. For me and my company, the ability to centrally manage access and simplify password complexity has been game-changing. It’s not just about making life easier; it’s about finding ways to work smarter and safer. If you haven’t implemented SSO yet, now’s the time to explore its benefits.