2. Stay connected to Allidm
Find us on Facebook:
http: //www. facebook.com/allidm
Follow us on Twitter:
http: //twitter.com/aidy_idm
Look for us on LinkedIn:
http: //www. linkedin.com/allidm
Visit our blog:
http://www.allidm.com/blog
3. Disclaimer and Acknowledgments
The contents here are created as a own personal endeavor and
thus does not reflect any official stance of any Identity and
Access Management Vendor on any particular technology
4. Contact Us
On this presentation we’ll talk about some useful topics that
you can use no matter which identity and access management
solution or product you are working on.
If you know one that make a big difference please tell us to
include it in the future
aidy.allidm@gmail.com
5. What’s an SSO Solution?
Single sign-on (SSO) is a feature of an information
system that lets a user log in once and gain access to
multiple software systems without being prompted
to log in again.
6. Variations of single sign-on
Web single sign-on, federated single sign-on, and
desktop single sign-on all represent different types of
secure single sign-on.
They each resolve a separate but related security risk
and likewise provide a separate but related return on
investment.
7. Single Sign-On addresses the
problems
Stronger security
Implement policies for secure password management or strong authentication.
Regulatory compliance
New business regulations can be easily implemented and audited, providing
appropriate proof that those procedures are being followed (using reporting and
audit tools).
Reduced support costs
The help desk and systems administrators spend less time with password
problems.
Support costs can typically be reduced by 30 percent
Increased productivity
Users no longer have to remember multiple user names and passwords to access
applications or spend time searching for lost or forgotten passwords.
8. How SSO works
When someone (using a browser) sends an HTTP request
for access to a protected resource, a policy agent
(separately downloaded and installed on the same
machine as the resource you want to protect) intercepts
the request and examines it. If no valid SSO session token
(to provide proof of authentication) is found, the policy
agent contacts the server which then invokes the
authentication and authorization processes
To gain access to a protected resource, the requestor
needs to be authenticated and have the authorization to
access the resource.
9. Why SSO?
Eliminates the requirement for users to remember
multiple usernames and passwords beyond their
initial login.
It helps reduce calls to the Help Desk about locked
accounts and forgotten usernames and passwords.
It provides a single entry point to the corporate
network and its user resources
10. How SSO works
someone (using a browser) sends an
HTTP request
a policy agent intercepts
the request and examines
it
the policy agent contacts the server
which then invokes the authentication
and authorization processes
11. Who serves an SSO Solution?
An SSO solution can server to the customers,
suppliers, employees, and partners.
12. Who serves an SSO Solution?
For the enterprise, network identity enables employees who
have single sign-on (SSO) capability to access disparate
applications, such as benefits registration and provisioning. At
the same time, network identity simplifies integration between
applications, and sets security levels across all of them.
For customer management, network identity can assist in
capturing customer interactions. This ensures tighter one-to-one
relationships, including access to custom offerings, affinity
marketing, and data mining.
For the business partner, network identity helps provide
integrated enterprise relationships with reduced risk of
fraudulent transactions.
13. What look for an SSO Solution
Ease of Deploy
Portability
Open Standards
built using open standards and specifications as far as
possible.
Security Assertion Markup Language (SAML), the Liberty
Alliance Project specifications, and the WS-Security standards.
Ease of Administration
web-based, graphical administration console
command line interfaces
Security
14. What look for an SSO Solution….
Data store Embedded or External
Configuration Data Store
User Data Store
Policy Data Store
Web and Non-Web-Based Resources
SSO for both web and non-web applications
Performance, Scalability and Availability
SSO can be scaled horizontally and vertically to handle
increased
Distributed Architecture
15. What look for an SSO Solution….
Flexibility and Extensibility
Allow expansion of the framework to provide for
specific deployment needs.
Internationalization
Support to implement the solution in different
languages
16. Choosing an SSO Solution
Choose an SSO solutions is not easy with the all offers on
the market, but you need to consider some high level
requirements for your company.
Something like
Password Synchronization
Enterprise Single Sign-On
Web SSO
Federated SSO
Personal SSO: Solutions for Individuals
17. Keys to Successfully Implementing
SSO
Distinguish clearly between requirements.
Involve everyone, from the chief executive to the
users, in the project.
Integrate fully with your directories.
Make sure users are actively involved in the project.
Use SSO as an entry point for facilitating identity and
access management (IAM) projects. .
Use auditing and reporting tools to demonstrate
regulatory compliance.