SlideShare a Scribd company logo

SSO_Good_Bad_Ugly

Download as PPT, PDF
Steve Markey
Steve Markey

This document discusses single sign-on (SSO), including the pros and cons. It outlines different SSO standards and categories like network-based, federated, and outlines who typically owns SSO implementations. It notes that while SSO provides benefits like a consolidated user experience and cost savings, it also presents challenges like being a large effort, requiring flexibility, and creating a single point of failure. The document discusses how SSO requirements can be complex due to a variety of user and application types and factors. It concludes by examining trends like the move to APIs and cloud/mobile and how users want more options, and provides examples of SSO challenges in different industries.

1 of 25
Single Sign-On (SSO): The Good, The Bad & The Ugly Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, Cloud + Principal, nControl, LLC Adjunct Professor
• Presentation Overview – SSO – Pros & Cons – Where Do We Go From Here – Examples SSO: Good, Bad & Ugly
Source: Flickr
Source: Flickr
Source: Flickr
Source: Flickr
• SSO Standards & Categories: – Network: LDAP, Kerberos, RADIUS, RDBMS –e.g., OpenLDAP, AD, Tivoli Access Manager – Federated: SAML, OpenID, OAuth, WS-Federated, XACML –e.g., Keycloak, PingFederate, ADFS, RSA Federated SSO: Good, Bad & Ugly
SSO: Good, Bad & Ugly Source: Microsoft
SSO: Good, Bad & Ugly Source: OASIS
SSO: Good, Bad & Ugly Source: OASIS
• SSO Ownership: – Business App Owners – Ecosystem: Partners / Vendors / Regulators – Centralized CIO / CISO – Decentralized CIO / CISO SSO: Good, Bad & Ugly
• SSO Implementation Pros & Cons: – Pros: –Consolidated & Centralized –Uniform Standards & Reqs –Cost Savings: Support, etc. –Improved User Experience – Cons: –Large Effort –Inflexible Requirements –Vendor Reliance –Single Point of Failure –Coding & Rework SSO: Good, Bad & Ugly Source: TechTarget
• SSO Requirements = Ugly: – Users: –Internal / External –Internal: Function, Role –External: Customers / Partners –On-site / Remote = Jurisdiction – Applications: –Thin / Thick –Internal / External –API / ERP / Office Automation / Cloud / Mobile / OLTP –Old / New –Prod / QA / UAT SSO: Good, Bad & Ugly
• SSO Requirements = Ugly: – Synchronization: –Password –User IDs –Roles –Profile –Security Questions SSO: Good, Bad & Ugly
SSO: Good, Bad & Ugly
• Where Do We Go From Here: – Drive for Cost Savings – Common Standards = Options – Apps  Web APIs • Legacy Apps Will Still Be Around – Cloud & Mobile  SSO Requirements • Blurring Work / Personal Differential – Users Want Options • Customers & Suppliers • Self-service SSO: Good, Bad & Ugly
• Examples: – Financial Services • ICE / NYSE: Multiple M&As, Large Portfolio of Apps – Higher Education • Traditional / Online: Vendor Reliance – Healthcare • HITECH / PPACA “Obamacare”: Digitizing Medical Records SSO: Good, Bad & Ugly
• Questions? • Contact – Email: smarkey@ncontrolsec.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey

Recommended

Presentation
PresentationPresentation
Presentation
Laxman Kumar
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
Sean Xiong
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Phuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0
Mads Toustrup-Lønne
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
VMware Tanzu
 

Recommended

Presentation
PresentationPresentation
Presentation
Laxman Kumar
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
Sean Xiong
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Phuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0
Mads Toustrup-Lønne
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
VMware Tanzu
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Manish Pandit
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio2
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
Haggai Philip Zagury
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
Mobiliya
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
CloudIDSummit
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
Derek Binkley
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
Thorbjørn Værp
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)
Sabino Labarile
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlanner
Tomasz Wójcik
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
gemziebeth
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
WSO2
 
Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1
Steve Markey
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The Things
Alan Williams
 

More Related Content

What's hot

Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
Thorbjørn Værp
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
WSO2
 

What's hot (20)

Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and How
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)e-SUAP - Security - Windows azure access control list (english version)
e-SUAP - Security - Windows azure access control list (english version)
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlanner
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
 

Viewers also liked

Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1
Steve Markey
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
Steve Markey
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
Steve Markey
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
Erin Perkins
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2
Steve Markey
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
Thuyly Vu
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
Steve Markey
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
Steve Markey
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
Steve Markey
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1
Steve Markey
 

Viewers also liked (20)

Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1
 
AD Authenticate All The Things
AD Authenticate All The ThingsAD Authenticate All The Things
AD Authenticate All The Things
 
Keycloak で SSO #渋谷java
Keycloak で SSO #渋谷javaKeycloak で SSO #渋谷java
Keycloak で SSO #渋谷java
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedag
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the Capstone
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
 
MARIA AUXILIADORA
MARIA AUXILIADORAMARIA AUXILIADORA
MARIA AUXILIADORA
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
 
Maotchitim
MaotchitimMaotchitim
Maotchitim
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friend
 
Cryptov2 v1
Cryptov2 v1Cryptov2 v1
Cryptov2 v1
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia Earhart
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1
 

Similar to SSO_Good_Bad_Ugly

Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
Smart ERP Solutions, Inc.
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
ForgeRock
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
scm24
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinar
Smart ERP Solutions, Inc.
 

Similar to SSO_Good_Bad_Ugly (20)

Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
 
Customer Story: Aire
Customer Story: Aire Customer Story: Aire
Customer Story: Aire
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
 
Stop treating your customers like your employees
Stop treating your customers like your employeesStop treating your customers like your employees
Stop treating your customers like your employees
 
Create Your Own CRM Roadmap
Create Your Own CRM RoadmapCreate Your Own CRM Roadmap
Create Your Own CRM Roadmap
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
An approach to app security - For beginners
An approach to app security - For beginnersAn approach to app security - For beginners
An approach to app security - For beginners
 
Co builder - Enterpreneur Mobile Companion
Co builder - Enterpreneur Mobile CompanionCo builder - Enterpreneur Mobile Companion
Co builder - Enterpreneur Mobile Companion
 
Salesforce1 Platform: Data Model, Relationships and Queries Webinar
Salesforce1 Platform: Data Model, Relationships and Queries WebinarSalesforce1 Platform: Data Model, Relationships and Queries Webinar
Salesforce1 Platform: Data Model, Relationships and Queries Webinar
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
 
Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinar
 

SSO_Good_Bad_Ugly

  • 1. Single Sign-On (SSO): The Good, The Bad & The Ugly Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, Cloud + Principal, nControl, LLC Adjunct Professor
  • 2.
  • 3. • Presentation Overview – SSO – Pros & Cons – Where Do We Go From Here – Examples SSO: Good, Bad & Ugly
  • 8.
  • 9. • SSO Standards & Categories: – Network: LDAP, Kerberos, RADIUS, RDBMS –e.g., OpenLDAP, AD, Tivoli Access Manager – Federated: SAML, OpenID, OAuth, WS-Federated, XACML –e.g., Keycloak, PingFederate, ADFS, RSA Federated SSO: Good, Bad & Ugly
  • 10. SSO: Good, Bad & Ugly Source: Microsoft
  • 11. SSO: Good, Bad & Ugly Source: OASIS
  • 12. SSO: Good, Bad & Ugly Source: OASIS
  • 13.
  • 14. • SSO Ownership: – Business App Owners – Ecosystem: Partners / Vendors / Regulators – Centralized CIO / CISO – Decentralized CIO / CISO SSO: Good, Bad & Ugly
  • 15. • SSO Implementation Pros & Cons: – Pros: –Consolidated & Centralized –Uniform Standards & Reqs –Cost Savings: Support, etc. –Improved User Experience – Cons: –Large Effort –Inflexible Requirements –Vendor Reliance –Single Point of Failure –Coding & Rework SSO: Good, Bad & Ugly Source: TechTarget
  • 16. • SSO Requirements = Ugly: – Users: –Internal / External –Internal: Function, Role –External: Customers / Partners –On-site / Remote = Jurisdiction – Applications: –Thin / Thick –Internal / External –API / ERP / Office Automation / Cloud / Mobile / OLTP –Old / New –Prod / QA / UAT SSO: Good, Bad & Ugly
  • 17. • SSO Requirements = Ugly: – Synchronization: –Password –User IDs –Roles –Profile –Security Questions SSO: Good, Bad & Ugly
  • 18.
  • 19. SSO: Good, Bad & Ugly
  • 20. • Where Do We Go From Here: – Drive for Cost Savings – Common Standards = Options – Apps  Web APIs • Legacy Apps Will Still Be Around – Cloud & Mobile  SSO Requirements • Blurring Work / Personal Differential – Users Want Options • Customers & Suppliers • Self-service SSO: Good, Bad & Ugly
  • 21.
  • 22.
  • 23.
  • 24. • Examples: – Financial Services • ICE / NYSE: Multiple M&As, Large Portfolio of Apps – Higher Education • Traditional / Online: Vendor Reliance – Healthcare • HITECH / PPACA “Obamacare”: Digitizing Medical Records SSO: Good, Bad & Ugly
  • 25. • Questions? • Contact – Email: smarkey@ncontrolsec.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey