SlideShare a Scribd company logo

Single sign on (SSO) How does your company apply?

Đỗ Duy Trung
Đỗ Duy Trung

This document discusses Single Sign On (SSO), which allows a user to access multiple services or applications with a single set of login credentials. It describes common SSO protocols like SAML and OpenID Connect and where SSO can be implemented, such as on-premise or in the cloud. Examples of SSO use cases and product categories are provided.

1 of 28
Download to read offline
Single Sign On (SSO) How does your company apply? Do Duy Trung
Who???
Agenda - Overview - What? Why? Where? Which? How? - Q&A
IdM, AIM (Access & Identity Management)
Computing Troika Cloud Computing Social Computing Mobile Computing
We are ... USER password P@ssw0rd account? username? IT where? where? where? PIN ID
???
What is SSO? A session/user authentication process in order to access multiple services/apps → Eliminates login prompts during a particular session. → Reduced Sign On (RSO)
Adv - uniform AaA policies - audit session - not have to understand - desk cost savings Dis-adv - single point of enterprise failure - data integrity
Diagram Sign-On Single Sign-On
User Account Manager OR SSO Product Protocol? Token?
Concepts & Protocols? SAML 2.0 OpenID Connect Others Description - Most widely adopted standard for Web SSO. - XML based. - Most promissing successor to SAML. - JSON based - A profile of OAuth 2. - Promises better support for mobile. - Earlier protocols that are still in use should be deprecated. - Cookie based (LtpaToken, LtpaToken2,...) Relavant jargon - Identity Provider (IdP) - Service Provider (SP) - Attributes - SP Metadata - OpenID Provider (OP) - Relying Party (RP) - User claims - Client Claims Kerberos, RADIUS, LDAP, WS-*, OpenID 2, CAS
Perform where? SP initiated SSO IdP initiated SSO
Examples
Code where?
Store where? - AD - OpenLDAP - Realm - Database
Classification - ESSO (Enterprise SSO) - WSSO (Web SSO) - Cloud SSO - Federated SSO
Classification (cont…) - Cookie based SSO - Token based SSO (XML, JSON) - MVF (multi value factor) authentication
Which products? SaaS Okta, OneLogin, Stormpath, Symplified - No root access to the server. If there's a security breach, it affects everyone - Per user or per application pricing can become costly Open Source Gluu, ForgeRock, CAS, Indepedent integrators and consulting shops - Expensive to design and build - High cost of care and feeding - Hard to support new app integrations Enterprise Software Oracle Access Manager, CA SiteMinder, IBM Tivoli Access Manager, RSA Cleartrust, Microsoft ADFS, Ping Federate,... - Expensive license fees - Vendor lock-in
How to do? - Ask yourself? - Ask your organisation? - Ask your customer? - Ask your partner? - Ask your producer?
Steps for Effective SSO Deployments Step 1. Get power users and executive sponsorship Step 2. Establish deployment goals and priorities Step 3. Understand end user resistance to change Step 4. Include the right people and resources in the project Step 5. Train people at all phases Step 6. Test thoroughly Step 7. Market the solution
Scenarios
Q&A
Thank you very much!
References - http://en.wikipedia.org/wiki/Single_sign-on - http://www.opengroup.org/security/sso/sso_intro.htm - http://searchsecurity.techtarget.com/definition/single-sign-on - http://www.authenticationworld.com/Single-Sign-On-Authentication/ - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.slideshare.net/gluu/sso-101 - http://qualtrics.com/wp-content/uploads/2013/05/SSO-Single-Sign-On-Specification.pdf - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://www.imprivata.com/customer-success/best-practices/7-steps-for-effective-sso-deployments - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://www.authenticationworld.com/Single-Sign-On-Authentication/101ThingsToKnowAboutSingleSignOn.pdf - http://www.timberlinetechnologies.com/products/sso.html
References - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO - http://technet.microsoft.com/en-us/library/cc727987(v=ws.10).aspx - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://wiki.developerforce.com/page/Implementing_Single_Sign-On_Across_Multiple_Organizations - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://blog.empowerid.com/top-5-federated-single-sign-on-sso-scenarios?&__hssc=&__hstc&hsCtaTracking=a388cefe- 1353-4d80-8702-15118a0712c2%7C55b814cc-7c33-4574-baa4-978c98fc8485

Recommended

Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign On
Riddhi Sood
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 

Recommended

Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign On
Riddhi Sood
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
What is SASE
What is SASEWhat is SASE
What is SASE
Adi Ruppin
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 

More Related Content

What's hot

Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
What is SASE
What is SASEWhat is SASE
What is SASE
Adi Ruppin
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 

What's hot (20)

Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
What is SASE
What is SASEWhat is SASE
What is SASE
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 

Viewers also liked

Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Single Sign-On (SSO) for Cloud Based Applications
Single Sign-On (SSO) for Cloud Based ApplicationsSingle Sign-On (SSO) for Cloud Based Applications
Single Sign-On (SSO) for Cloud Based Applications
arj_presenter
 
Sso cases Experience
Sso cases ExperienceSso cases Experience
Sso cases ExperienceVu Tran 14
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
AGILE IoT
 
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta ChauhanBuild Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
WithTheBest
 
CIO Executive breakfast session - box - okta
CIO Executive breakfast session - box - oktaCIO Executive breakfast session - box - okta
CIO Executive breakfast session - box - okta
IDGnederland
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data Blueprint
 
Single sign on
Single sign onSingle sign on
Single sign on
Rob Fitzgibbon
 
SSO - SIngle Sign On
SSO - SIngle Sign OnSSO - SIngle Sign On
SSO - SIngle Sign On
Tomasz Wójcik
 
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Leonardo De Moura Rocha Lima
 
Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?
OCTO Technology Suisse
 
Company and Market Overview
Company and Market OverviewCompany and Market Overview
Company and Market Overview
Okta-Inc
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
Pat Patterson
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign On
Gabriella Davis
 
How Okta Created a Customer Community To Drive Engagement and Manage Support ...
How Okta Created a Customer Community To Drive Engagement and Manage Support ...How Okta Created a Customer Community To Drive Engagement and Manage Support ...
How Okta Created a Customer Community To Drive Engagement and Manage Support ...
7Summits
 
Radiografía de un bibliotecario innovador
Radiografía de un bibliotecario innovadorRadiografía de un bibliotecario innovador
Radiografía de un bibliotecario innovador
Nieves Gonzalez
 

Viewers also liked (19)

Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Single Sign-On (SSO) for Cloud Based Applications
Single Sign-On (SSO) for Cloud Based ApplicationsSingle Sign-On (SSO) for Cloud Based Applications
Single Sign-On (SSO) for Cloud Based Applications
 
Sso cases Experience
Sso cases ExperienceSso cases Experience
Sso cases Experience
 
Single Sign on e OpenID
Single Sign on e OpenIDSingle Sign on e OpenID
Single Sign on e OpenID
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
 
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta ChauhanBuild Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
 
CIO Executive breakfast session - box - okta
CIO Executive breakfast session - box - oktaCIO Executive breakfast session - box - okta
CIO Executive breakfast session - box - okta
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
 
Single sign on
Single sign onSingle sign on
Single sign on
 
SSO - SIngle Sign On
SSO - SIngle Sign OnSSO - SIngle Sign On
SSO - SIngle Sign On
 
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
 
Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?
 
Company and Market Overview
Company and Market OverviewCompany and Market Overview
Company and Market Overview
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign On
 
How Okta Created a Customer Community To Drive Engagement and Manage Support ...
How Okta Created a Customer Community To Drive Engagement and Manage Support ...How Okta Created a Customer Community To Drive Engagement and Manage Support ...
How Okta Created a Customer Community To Drive Engagement and Manage Support ...
 
Ahp calculations
Ahp calculationsAhp calculations
Ahp calculations
 
Radiografía de un bibliotecario innovador
Radiografía de un bibliotecario innovadorRadiografía de un bibliotecario innovador
Radiografía de un bibliotecario innovador
 

Similar to Single sign on (SSO) How does your company apply?

Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
e-Xpert Solutions SA
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentation
danhsmith
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2
Kallex
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일Cana Ko
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
ForgeRock
 
Exploiting Critical Attack Vectors to Gain Control of SAP Systems
Exploiting Critical Attack Vectors to Gain Control of SAP SystemsExploiting Critical Attack Vectors to Gain Control of SAP Systems
Exploiting Critical Attack Vectors to Gain Control of SAP Systems
Onapsis Inc.
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinha
Somnath Sinha
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
Adam Lewis
 
SalesLogix Roadmap 2008 11 01
SalesLogix Roadmap 2008 11 01SalesLogix Roadmap 2008 11 01
SalesLogix Roadmap 2008 11 01
Customer FX Corporation
 
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
AuraPlayer
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
Kai Wähner
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
ALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile SecurityALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile Security
BetterCloud
 
Concurrency Technology Roadmap
Concurrency Technology Roadmap Concurrency Technology Roadmap
Concurrency Technology Roadmap
Concurrency, Inc.
 
Achieve quick wins in your organization with Power Automate
Achieve quick wins in your organization with Power AutomateAchieve quick wins in your organization with Power Automate
Achieve quick wins in your organization with Power Automate
Paras Dodhia
 
Keynote Speaker James Staten, Microsoft
Keynote Speaker James Staten, Microsoft Keynote Speaker James Staten, Microsoft
Keynote Speaker James Staten, Microsoft
Hostway|HOSTING
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 

Similar to Single sign on (SSO) How does your company apply? (20)

Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentation
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
 
Exploiting Critical Attack Vectors to Gain Control of SAP Systems
Exploiting Critical Attack Vectors to Gain Control of SAP SystemsExploiting Critical Attack Vectors to Gain Control of SAP Systems
Exploiting Critical Attack Vectors to Gain Control of SAP Systems
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinha
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
SalesLogix Roadmap 2008 11 01
SalesLogix Roadmap 2008 11 01SalesLogix Roadmap 2008 11 01
SalesLogix Roadmap 2008 11 01
 
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
ALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile SecurityALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile Security
 
Concurrency Technology Roadmap
Concurrency Technology Roadmap Concurrency Technology Roadmap
Concurrency Technology Roadmap
 
Achieve quick wins in your organization with Power Automate
Achieve quick wins in your organization with Power AutomateAchieve quick wins in your organization with Power Automate
Achieve quick wins in your organization with Power Automate
 
BA Resume
BA ResumeBA Resume
BA Resume
 
Keynote Speaker James Staten, Microsoft
Keynote Speaker James Staten, Microsoft Keynote Speaker James Staten, Microsoft
Keynote Speaker James Staten, Microsoft
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 

Single sign on (SSO) How does your company apply?

  • 1. Single Sign On (SSO) How does your company apply? Do Duy Trung
  • 3. Agenda - Overview - What? Why? Where? Which? How? - Q&A
  • 4. IdM, AIM (Access & Identity Management)
  • 5. Computing Troika Cloud Computing Social Computing Mobile Computing
  • 7. ???
  • 8. What is SSO? A session/user authentication process in order to access multiple services/apps → Eliminates login prompts during a particular session. → Reduced Sign On (RSO)
  • 9. Adv - uniform AaA policies - audit session - not have to understand - desk cost savings Dis-adv - single point of enterprise failure - data integrity
  • 11. User Account Manager OR SSO Product Protocol? Token?
  • 12. Concepts & Protocols? SAML 2.0 OpenID Connect Others Description - Most widely adopted standard for Web SSO. - XML based. - Most promissing successor to SAML. - JSON based - A profile of OAuth 2. - Promises better support for mobile. - Earlier protocols that are still in use should be deprecated. - Cookie based (LtpaToken, LtpaToken2,...) Relavant jargon - Identity Provider (IdP) - Service Provider (SP) - Attributes - SP Metadata - OpenID Provider (OP) - Relying Party (RP) - User claims - Client Claims Kerberos, RADIUS, LDAP, WS-*, OpenID 2, CAS
  • 13. Perform where? SP initiated SSO IdP initiated SSO
  • 16. Store where? - AD - OpenLDAP - Realm - Database
  • 17. Classification - ESSO (Enterprise SSO) - WSSO (Web SSO) - Cloud SSO - Federated SSO
  • 18. Classification (cont…) - Cookie based SSO - Token based SSO (XML, JSON) - MVF (multi value factor) authentication
  • 19. Which products? SaaS Okta, OneLogin, Stormpath, Symplified - No root access to the server. If there's a security breach, it affects everyone - Per user or per application pricing can become costly Open Source Gluu, ForgeRock, CAS, Indepedent integrators and consulting shops - Expensive to design and build - High cost of care and feeding - Hard to support new app integrations Enterprise Software Oracle Access Manager, CA SiteMinder, IBM Tivoli Access Manager, RSA Cleartrust, Microsoft ADFS, Ping Federate,... - Expensive license fees - Vendor lock-in
  • 20.
  • 21. How to do? - Ask yourself? - Ask your organisation? - Ask your customer? - Ask your partner? - Ask your producer?
  • 22. Steps for Effective SSO Deployments Step 1. Get power users and executive sponsorship Step 2. Establish deployment goals and priorities Step 3. Understand end user resistance to change Step 4. Include the right people and resources in the project Step 5. Train people at all phases Step 6. Test thoroughly Step 7. Market the solution
  • 24.
  • 25. Q&A
  • 26. Thank you very much!
  • 27. References - http://en.wikipedia.org/wiki/Single_sign-on - http://www.opengroup.org/security/sso/sso_intro.htm - http://searchsecurity.techtarget.com/definition/single-sign-on - http://www.authenticationworld.com/Single-Sign-On-Authentication/ - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.slideshare.net/gluu/sso-101 - http://qualtrics.com/wp-content/uploads/2013/05/SSO-Single-Sign-On-Specification.pdf - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://www.imprivata.com/customer-success/best-practices/7-steps-for-effective-sso-deployments - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://www.authenticationworld.com/Single-Sign-On-Authentication/101ThingsToKnowAboutSingleSignOn.pdf - http://www.timberlinetechnologies.com/products/sso.html
  • 28. References - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO - http://technet.microsoft.com/en-us/library/cc727987(v=ws.10).aspx - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://wiki.developerforce.com/page/Implementing_Single_Sign-On_Across_Multiple_Organizations - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://blog.empowerid.com/top-5-federated-single-sign-on-sso-scenarios?&__hssc=&__hstc&hsCtaTracking=a388cefe- 1353-4d80-8702-15118a0712c2%7C55b814cc-7c33-4574-baa4-978c98fc8485