Information Security as a Public Responsibility: Implementation of MFA, SSO, and RBAC in Building Digital Trust
Keywords:
Multi-Factor Authentication (MFA), Single Sign-On (SSO), Role-Based Access Control (RBAC), System Security Information, Authentication, Control Access, Data ProtectionAbstract
This study discusses the effectiveness of Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control (RBAC) as the main mechanism to improve the security of information systems. Through a literature study sourced from journals, books, and proceedings, this study assesses the ability of the three methods to protect data and prevent unauthorized access. The results show that MFA adds a layer of verification that lowers the risk of account break-in, SSO improves authentication efficiency with a single login for various services, and RBAC regulates access rights in a structured manner based on user roles. The integration of all three is proven to build a more robust and adaptive security architecture. This study confirms that the implementation of MFA, SSO, and RBAC contributes significantly to maintaining the confidentiality, integrity, and availability of data, while still considering the needs and context of each organization.
References
Andriotis, P., Oikonomou, G., & Tryfonas, T. (2023). Multi-factor authentication: A review of current technologies and future trends. Journal of Cybersecurity and Privacy, 3(2), 245–268. https://doi.org/10.3390/jcp3020013
Arianto, R., Witanti, A., & Ashaury, Y. (2025). Risk analysis and mitigation of single point of failure in the implementation of Single Sign-On using Multi-Factor Authentication. Journal of Information and Network Security, 10(1), 115–130. https://doi.org/10.35842/jkij.v10i1.xxxx
Arifin, M. Z., & Rahmah, S. (2023). Implementation of segregation of duties through the RBAC model on company-based web applications. Journal of Information Systems Technology, 9(2), 201–215. https://doi.org/10.26594/jtsi.v9i2.3421
Aziza, N., et al. (2025). Identity theft mitigation strategies through the implementation of Multi-Factor Authentication in the public sector. Journal of Cybersecurity and Information Technology, 8(1), 12-25. https://doi.org/10.31219/osf.io/xxxxx
Badeges, W., & Fauzi, M. N. (2023). Implementation of Multi Factor Authentication on phpMyAdmin to improve database access security. Journal of Informatics and Information Systems Engineering, 10(1), 154-165. https://doi.org/10.35957/jatisi.v10i1.3852
Bonneau, J. (2012). The science of guessing: Analyzing password guessing at scale. 2012 IEEE Symposium on Security and Privacy, 273–287. https://doi.org/10.1109/SP.2012.26
Buana, K. G. J. W., Widyawati, L., & Asroni, O. (2025). Analysis and implementation of authentication security using Multi Factor Authentication (MFA) on web applications. Scientific Journal of Technology and Information, 14(2), 88-102. https://doi.org/10.35842/jtik.v14i2.xxxx
Fauziah, R. (2014). Analysis and implementation of Single Sign On (SSO) using the Central Authentication Service (CAS) protocol on the internal network [Thesis]. Syarif Hidayatullah State Islamic University. http://repository.uinjkt.ac.id/dspace/handle/123456789/24680
Futuh Hilmi, A., Mangkudjaja, A., & Irawan, A. (2020). LDAP-based Single Sign-On (SSO) implementation for identity management efficiency in a centralized network environment. Journal of Computer and Information Technology, 5(2), 78–90. https://doi.org/10.25126/jtiik.2020721890
Habib, M. A. (2011). Role-based access control (RBAC): A comprehensive study on models and implementations. International Journal of Computer Science and Information Security (IJCSIS), 9(4), 112–125.
Haeruddin, Prasetyo, S. E., & Mindy, A. (2025). Implementation of Multi-Factor Authentication to optimize data access security. Journal of Information Systems and Computers, 12(1), 45-56. https://doi.org/10.32736/siskom.v12i1.xxxx
Hernawan, B., et al. (2024). The application of the principle of least privilege through the Role-Based Access Control model to maintain data integrity in modern information systems. Journal of Digital Science and Technology, 12(3), 445–460. https://doi.org/10.31219/osf.io/jstd.v12i3.xxxx
Hussain, M. I., et al. (2021). AAAA: Implementation of SSO and MFA in Multi-Cloud to mitigate the growing threats and concerns regarding user metadata. IEEE Access, 9, 125433-125445. https://doi.org/10.1109/ACCESS.2021.3111425
Khairi, M., & Alda, M. (2024). Implementation of Role Based Access Control (RBAC) in cooperative information systems to improve the security and privacy of member data. Journal of Information and Communication Technology, 13(1), 45-58. https://doi.org/10.35143/jti.v13i1.6214
Khan, S., Alhumayani, S., & Al-Zahrani, M. S. (2023). Evaluating the impact of multi-factor authentication on organizational security posture. IEEE Access, 11, 14502–14520. https://doi.org/10.1109/ACCESS.2023.3242921
Lynch, J., & Wang, W. (2014). Single Sign-On: Mechanisms and implementation challenges in modern networks. International Journal of Computer Theory and Engineering, 6(4), 312-318. https://doi.org/10.7763/IJCTE.2014.V6.881
Nugroho, P. P. (2012). Implementation of Single Sign-On (SSO) for digital identity management efficiency. Yogyakarta: Andi Offset.
Ometov, A., et al. (2018). Multi-Factor Authentication: A survey. Cryptography, 2(1), 1-22. https://doi.org/10.3390/cryptography2010001
Prasetia, D., & Manongga, D. (2024). Evaluation of user access rights management using the RBAC mechanism in the organization's management information system. Journal of Informatics and Software Engineering, 6(1), 56–70. https://doi.org/10.36499/jinrpl.v6i1.9821
Pratama, A. R., & Wicaksono, H. (2022). Optimize user access rights management through the implementation of Role-Based Access Control (RBAC) for system administration efficiency. Journal of Information Technology Development and Computer Science, 6(11), 5120–5129. https://doi.org/10.31219/osf.io/rtpw2
Raharjo, S., et al. (2017). An analysis of the security of the use of password methods in modern authentication systems. Journal of Information and Communication Technology, 6(2), 88–95. https://doi.org/10.35842/jtik.v6i2.143
Rasaputhra, D., et al. (2024). Cyber attack vectors and hacking methodologies in data security systems: A systematic review. International Journal of Information Security, 23, 112-130. https://doi.org/10.1007/s10207-023-007xx-x
Ruswandi, A., & Alijoyo, A. (2024). Consolidate credentials through central directory-based SSO for enhanced access control and identity governance. Journal of IT Governance and Risk, 7(1), 12–28. https://doi.org/10.22146/jtktr.v7i1.xxxx
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Computer, 29(2), 38–47. https://doi.org/10.1109/2.485845
Saputra, A. (2021). Basics of information system security: Concepts of authentication and access control. Jakarta: Informatics Publisher.
Saputra, R., et al. (2023). Enforcement of security policies and user training in dealing with contemporary cyber threats. Journal of Information Technology Governance, 5(2), 77-89. https://doi.org/10.22146/jktl.v5i2.xxxx
Simons, G. J. (2018). Principles of Information Security: Foundations and concepts. New York: Academic Press.
Stallings, W. (2018). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Addison-Wesley Professional.
Wahyudi, A., et al. (2020). Access control management to maintain the confidentiality, integrity, and availability of data on sensitive information systems. Journal of Integrated Informatics, 6(1), 34-42. https://doi.org/10.54914/jit.v6i1.xxx
Wibowo, A. T., Slamet, Hendra, D., & Pamuji, S. A. (2013). The implementation of the Single Sign On (SSO) system is integrated between the captive portal, STIKOM Apps and Google Apps in the STIKOM Surabaya wireless network. JSIKA Journal, 2(1), 1-10.
