Customers are increasingly vigilant about purchasing products and services whose features fit seamlessly into their own security infrastructure. With data breaches in the news daily, organizations have a critical responsibility to protect the confidentiality, integrity, and availability of the data they store and process from threats of theft and unauthorized access.

Having security controls in place to minimize these risks are not just important for protection, they’re an invaluable part of building and maintaining customer trust. That’s where SSO for your Twilio SendGrid account comes in. 

What is SSO?

Single Sign-On (SSO) is an authentication method built on trust. It provides users the ability to securely access multiple applications after authenticating their identity with a single login. This simplifies the experience for users by eliminating the need to remember and re-enter individual passwords for various applications. 

How does SSO work?

User credentials are stored and managed by a centralized system called an Identity Provider (IdP). When a user submits their login credentials the IdP authenticates their identity. Once validated, the information is securely shared across applications and/or service providers at once to authorize access.

The many benefits of SSO

Manually managing individual user access and permissions at scale can be challenging and risky. That’s where SSO comes in. Centrally managed access provides a strong foundation for effective access controls, enforcement of secure password/passphrase use, improvement of user experience, and can reduce the risk of account compromise.

Implementing an SSO solution facilitates the development of robust role-based access controls (RBAC) and/or team-based access controls (TBAC) that are enforced across devices. Additionally, SSO helps simplify onboarding new hires, offboarding departures, supporting internal transfers, and regular auditing of user access and permissions in order to mitigate internal risk.

The benefits of SSO are enhanced when combined with the use of multi-factor authentication (MFA). Combining the factors of knowledge (user credentials) with possession (i.e an authenticator app, like Authy) makes it a lot more challenging for anyone to gain unauthorized access even if they have the username and password to an account.

SSO and your account security 

When accounts are not centrally managed, users are required to remember usernames and passwords for every application/system they access. Users are then more likely to choose and reuse insecure passwords, which can leave accounts vulnerable to avoidable cyber threats.

Manual processes for managing user permissions as their statuses change are time-consuming and less effective than adopting SSO. Without SSO, a simple oversight could result in assigning users inappropriate levels of access to sensitive systems. Or worse, offboarded users may inadvertently retain access after their departure. 

Account takeovers (ATO) are commonly a direct result of cyber threat actors exploiting leaked user account credentials like passwords or API keys that are in use for more than one application or system. The information is then used to perform credential stuffing attacks, where credentials are rapidly tested against multiple systems in an attempt to either gain unauthorized access to the user account or, in the case of an exposed API key, bypass the authorization process entirely. 

An account takeover can lead to account fraud that is not only costly but potentially damaging to an organization’s reputation. Implementing secure authentication controls like SSO and ensuring that API keys are not hard-coded into anything can dramatically reduce the risk of an account takeover.

The use of SSO, backed by a strong password policy and multi-factor authentication (MFA) is a powerful strategy for reducing the attack surface susceptible to the most widespread cyberattack, phishing.

Minimizing the number of user credentials available for compromise while simultaneously creating a failsafe to lock attackers out in the event a phishing attack is successful. These controls easily mitigate a significant amount of the risk posed by phishing attacks upfront.

For more account security best practices, read our article, 7 Best Practices to Protect Your Twilio SendGrid Account and Sending Reputation

Set up SSO for your Twilio SendGrid account

SSO for Twilio SendGrid is in open beta and will be made available to Marketing Campaigns Advanced Plans, Email API Pro, Premier, and Custom plans on a rolling basis over the course of the next few weeks.  

Twilio SendGrid SSO is a session and user authentication service that empowers customers to take the security of their account access management into their own hands. Leveraging Security Assertion Markup Language (SAML) 2.0, a widely adopted XML-based standard for authentication, all compliant IdPs should work with Twilio SendGrid, including Okta, Duo, Microsoft Azure Active Directory, and Auth0.

Twilio SendGrid customers will be able to integrate and manage Twilio SendGrid accounts alongside the other applications with one secure password. To join the open beta and set up SSO for your Twilio SendGrid account, go to SendGrid’s SSO docs page

Shamika Abraham
Shamika Abraham works as Program Manager on the Twilio Cybersecurity team. Her current role is piloting a cybersecurity rotation initiative where she is responsible for delivering projects that support the growth of cyber threat intelligence, security incident response, cloud security, and vulnerability management programs. Shamika is from Oakland, enjoys sunshine, brunch, learning, and international travel.