SlideShare a Scribd company logo

SSO_Good_Bad_Ugly

Download as PPT, PDF
Steve Markey
Steve Markey

This document discusses single sign-on (SSO), including the pros and cons. It outlines different SSO standards and categories like network-based, federated, and outlines who typically owns SSO implementations. It notes that while SSO provides benefits like a consolidated user experience and cost savings, it also presents challenges like being a large effort, requiring flexibility, and creating a single point of failure. The document discusses how SSO requirements can be complex due to a variety of user and application types and factors. It concludes by examining trends like the move to APIs and cloud/mobile and how users want more options, and provides examples of SSO challenges in different industries.

1 of 25
Single Sign-On (SSO): The Good, The Bad & The Ugly Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, Cloud + Principal, nControl, LLC Adjunct Professor
• Presentation Overview – SSO – Pros & Cons – Where Do We Go From Here – Examples SSO: Good, Bad & Ugly
Source: Flickr
Source: Flickr
Source: Flickr
Source: Flickr
• SSO Standards & Categories: – Network: LDAP, Kerberos, RADIUS, RDBMS –e.g., OpenLDAP, AD, Tivoli Access Manager – Federated: SAML, OpenID, OAuth, WS-Federated, XACML –e.g., Keycloak, PingFederate, ADFS, RSA Federated SSO: Good, Bad & Ugly
SSO: Good, Bad & Ugly Source: Microsoft
SSO: Good, Bad & Ugly Source: OASIS
SSO: Good, Bad & Ugly Source: OASIS
• SSO Ownership: – Business App Owners – Ecosystem: Partners / Vendors / Regulators – Centralized CIO / CISO – Decentralized CIO / CISO SSO: Good, Bad & Ugly
• SSO Implementation Pros & Cons: – Pros: –Consolidated & Centralized –Uniform Standards & Reqs –Cost Savings: Support, etc. –Improved User Experience – Cons: –Large Effort –Inflexible Requirements –Vendor Reliance –Single Point of Failure –Coding & Rework SSO: Good, Bad & Ugly Source: TechTarget
• SSO Requirements = Ugly: – Users: –Internal / External –Internal: Function, Role –External: Customers / Partners –On-site / Remote = Jurisdiction – Applications: –Thin / Thick –Internal / External –API / ERP / Office Automation / Cloud / Mobile / OLTP –Old / New –Prod / QA / UAT SSO: Good, Bad & Ugly
• SSO Requirements = Ugly: – Synchronization: –Password –User IDs –Roles –Profile –Security Questions SSO: Good, Bad & Ugly
SSO: Good, Bad & Ugly
• Where Do We Go From Here: – Drive for Cost Savings – Common Standards = Options – Apps  Web APIs • Legacy Apps Will Still Be Around – Cloud & Mobile  SSO Requirements • Blurring Work / Personal Differential – Users Want Options • Customers & Suppliers • Self-service SSO: Good, Bad & Ugly
• Examples: – Financial Services • ICE / NYSE: Multiple M&As, Large Portfolio of Apps – Higher Education • Traditional / Online: Vendor Reliance – Healthcare • HITECH / PPACA “Obamacare”: Digitizing Medical Records SSO: Good, Bad & Ugly
• Questions? • Contact – Email: smarkey@ncontrolsec.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey

Recommended

Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 

Recommended

Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0Haggai Philip Zagury
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On ConsiderationsVenkat Gattamaneni
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)Sabino Labarile
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerTomasz Wójcik
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Steve Markey
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The ThingsAlan Williams
 

More Related Content

What's hot

Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)Sabino Labarile
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerTomasz Wójcik
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 

What's hot (20)

Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and How
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlanner
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
 

Viewers also liked

Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Steve Markey
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The ThingsAlan Williams
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaYoshimasa Tanabe
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedagEsther Mallant
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5Steve Markey
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneERAUWebinars
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsSteve Markey
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015Erin Perkins
 
Maotchitim
MaotchitimMaotchitim
Maotchitimjoliff
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Steve Markey
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnlThuyly Vu
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014ERAUWebinars
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friendERAUWebinars
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Steve Markey
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Steve Markey
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartERAUWebinars
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Steve Markey
 

Viewers also liked (20)

Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The Things
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷java
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedag
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the Capstone
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
 
MARIA AUXILIADORA
MARIA AUXILIADORAMARIA AUXILIADORA
MARIA AUXILIADORA
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
 
Maotchitim
MaotchitimMaotchitim
Maotchitim
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friend
 
Cryptov2 v1
Cryptov2 v1Cryptov2 v1
Cryptov2 v1
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia Earhart
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1
 

Similar to SSO_Good_Bad_Ugly

Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCloudIDSummit
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCloudIDSummit
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSmart ERP Solutions, Inc.
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)ForgeRock
 
Stop treating your customers like your employees
Stop treating your customers like your employeesStop treating your customers like your employees
Stop treating your customers like your employeesIan Glazer
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmontscm24
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
An approach to app security - For beginners
An approach to app security - For beginnersAn approach to app security - For beginners
An approach to app security - For beginnersvodQA
 
Co builder - Enterpreneur Mobile Companion
Co builder - Enterpreneur Mobile CompanionCo builder - Enterpreneur Mobile Companion
Co builder - Enterpreneur Mobile CompanionSCALE
 
Salesforce1 Platform: Data Model, Relationships and Queries Webinar
Salesforce1 Platform: Data Model, Relationships and Queries WebinarSalesforce1 Platform: Data Model, Relationships and Queries Webinar
Salesforce1 Platform: Data Model, Relationships and Queries WebinarSalesforce Developers
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...Jean-François LOMBARDO
 
Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSmart ERP Solutions, Inc.
 

Similar to SSO_Good_Bad_Ugly (20)

Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
 
Customer Story: Aire
Customer Story: Aire Customer Story: Aire
Customer Story: Aire
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
 
Stop treating your customers like your employees
Stop treating your customers like your employeesStop treating your customers like your employees
Stop treating your customers like your employees
 
Create Your Own CRM Roadmap
Create Your Own CRM RoadmapCreate Your Own CRM Roadmap
Create Your Own CRM Roadmap
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
An approach to app security - For beginners
An approach to app security - For beginnersAn approach to app security - For beginners
An approach to app security - For beginners
 
Co builder - Enterpreneur Mobile Companion
Co builder - Enterpreneur Mobile CompanionCo builder - Enterpreneur Mobile Companion
Co builder - Enterpreneur Mobile Companion
 
Salesforce1 Platform: Data Model, Relationships and Queries Webinar
Salesforce1 Platform: Data Model, Relationships and Queries WebinarSalesforce1 Platform: Data Model, Relationships and Queries Webinar
Salesforce1 Platform: Data Model, Relationships and Queries Webinar
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
 
Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinar
 

SSO_Good_Bad_Ugly

  • 1. Single Sign-On (SSO): The Good, The Bad & The Ugly Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, Cloud + Principal, nControl, LLC Adjunct Professor
  • 2.
  • 3. • Presentation Overview – SSO – Pros & Cons – Where Do We Go From Here – Examples SSO: Good, Bad & Ugly
  • 8.
  • 9. • SSO Standards & Categories: – Network: LDAP, Kerberos, RADIUS, RDBMS –e.g., OpenLDAP, AD, Tivoli Access Manager – Federated: SAML, OpenID, OAuth, WS-Federated, XACML –e.g., Keycloak, PingFederate, ADFS, RSA Federated SSO: Good, Bad & Ugly
  • 10. SSO: Good, Bad & Ugly Source: Microsoft
  • 11. SSO: Good, Bad & Ugly Source: OASIS
  • 12. SSO: Good, Bad & Ugly Source: OASIS
  • 13.
  • 14. • SSO Ownership: – Business App Owners – Ecosystem: Partners / Vendors / Regulators – Centralized CIO / CISO – Decentralized CIO / CISO SSO: Good, Bad & Ugly
  • 15. • SSO Implementation Pros & Cons: – Pros: –Consolidated & Centralized –Uniform Standards & Reqs –Cost Savings: Support, etc. –Improved User Experience – Cons: –Large Effort –Inflexible Requirements –Vendor Reliance –Single Point of Failure –Coding & Rework SSO: Good, Bad & Ugly Source: TechTarget
  • 16. • SSO Requirements = Ugly: – Users: –Internal / External –Internal: Function, Role –External: Customers / Partners –On-site / Remote = Jurisdiction – Applications: –Thin / Thick –Internal / External –API / ERP / Office Automation / Cloud / Mobile / OLTP –Old / New –Prod / QA / UAT SSO: Good, Bad & Ugly
  • 17. • SSO Requirements = Ugly: – Synchronization: –Password –User IDs –Roles –Profile –Security Questions SSO: Good, Bad & Ugly
  • 18.
  • 19. SSO: Good, Bad & Ugly
  • 20. • Where Do We Go From Here: – Drive for Cost Savings – Common Standards = Options – Apps  Web APIs • Legacy Apps Will Still Be Around – Cloud & Mobile  SSO Requirements • Blurring Work / Personal Differential – Users Want Options • Customers & Suppliers • Self-service SSO: Good, Bad & Ugly
  • 21.
  • 22.
  • 23.
  • 24. • Examples: – Financial Services • ICE / NYSE: Multiple M&As, Large Portfolio of Apps – Higher Education • Traditional / Online: Vendor Reliance – Healthcare • HITECH / PPACA “Obamacare”: Digitizing Medical Records SSO: Good, Bad & Ugly
  • 25. • Questions? • Contact – Email: smarkey@ncontrolsec.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey