User Identity and Authentication
|
|
- Cecilia Little
- 8 years ago
- Views:
Transcription
1 User Identity and Authentication WordPress, 2FA, and Single Sign-On Isaac Potoczny-Jones
2 About the Speaker Galois, Inc. Research & Development for computer science and security. 55 employees. Founded Tozny Startup focused on the Tozny mobile authentication factor. Isaac Potoczny-Jones Tozny CEO. BS Computer Science, MS Cybersecurity.
3 Authentication: Proving who you are Something you know. Passwords, PINs, screen patterns, first pet. Something you have. Physical keys, secure tokens, mobile phones. Something you are. Biometrics, facial recognition fingerprints. To guard against inappropriate access to electronic health records, what type of authentication does your organization require for users to gain access while they are on the job at one of your facilities?
4 Single and Multi-Factor Single factor: One authentication method. Classics: Password, keys, keyfobs, keycards. Multi-factor: More than one factor. Get more security by mixing methods. Multi-factor classics. Debit card & PIN. Password & Random # token. The overall Multifactor Authentication Market is increasing with a CAGR of 19.98% from 2014 to In MFA market, two-factor authentications contribute for the largest percentage share, whereas banking & finance is the major application; followed by government and defense. In geographic analysis, North America is the market leader followed by Europe and APAC.
5 Threat Landscape Passwords
6 The Password Conundrum Good passwords are hard to remember. Bad passwords are easy to guess. What s a good password?
7 Massive Database Spills Causing acceleration in understanding of passwords Russian hackers : 1.2B (2014) LinkedIn: 6.5M (2012) Yahoo: 340K (2012) RSA: SecurID token seed-keys stolen (2011) Gawker: 740K (2011) Sony: (2011, 2014) Stratfor: 800K (2011) RockYou: 32M (2009)
8 Brute Force Attacks source: Rob Graham, Errata Security
9 Password Cracking ocl-hashcat Performance benchmarks 1GPU NTLM: Mh/s (~17 Billion) hashes / second) MD5: 8511 Mh/s The old default in WordPress; the current fallback. SHA1: 2722 Mh/s SHA256: 1120 Mh/s Blowfish: 4,000 hash/sec (approx) This is the default hash that WordPress uses under phpass Sources:
10 So what s a good password? Long enough Maybe 9+ characters. Complex enough Pretty much random & large character set. Not reused Or risk the wrath of database spills. But: Average user has 26 accounts* (I have 300) Source: Experian & Deloitte:
11
12 With 26 passwords, it s impossible Let's just admit it: we're asking the impossible. Users can never remember random passwords. Users manage the problem: Reuse is most common users have 5 passwords. reset - I forgot my password. Password managers Firefox, KeePass, etc.
13 Password exploitation cycle is getting faster Custom hardware Huge password database spills New attack heuristics Analysis of how people pick passwords
14 Password exploitation cycle is getting faster Custom hardware Huge password database spills LinkedIn: Yahoo: RockYou: 6.5M 340k 32M New attack heuristics Analysis of how people pick passwords Password Iloveyou qwerty
15 Password exploitation cycle is getting faster Custom hardware Huge password database spills LinkedIn: Yahoo: RockYou: 6.5M 340k 32M Person s name Place name Add 1 to the end Dictionary word New attack heuristics Analysis of how people pick passwords Password Iloveyou qwerty
16 Result: 2 Factor is taking off Major Internet players offer it: Google, Facebook, Twitter, DropBox, etc. It's a good way to protect yourself from: Password reuse by users. Other sites getting hacked. Remote brute force against you or your clients.
17 Solutions
18 Single Sign-on / Identity Federation Service provider (SP): The site you log into. Also called Relying Party or RP. Identity Provider (IdP): The site you log in with. Typical workflow: Visit Yahoo, click login. Get redirected to Google with a session token. Log into Google. Get redirected to Yahoo with proof of login.
19 OpenID 2, OAuth, OpenID Connect OpenID was going to be the SSO of the open web. But not enough relying parties adopted it. Now we have Social Sign-in like Facebook & Google. These use OpenID Connect and are deprecating OpenID 2. OpenID Connect is part of the OAuth 2 standard. OAuth 2 has its problems: It s complex and under-specified.
20 Security Assertion Markup Language (SAML) Seems to be gaining momentum. Federation & SSO InCommon, Education, Enterprise. Also used to share attributes groups, etc. Accepted by Google Apps, Dropbox, Salesforce, etc. Major implementations: Shibboleth (Java), SimpleSamlPHP, Ping Plugins for lots of platforms I audited plugins for Drupal & WordPress. they were very insecure.
21 Cloud SSO Services (IdP) Largely based on SAML. Mostly subscription SAAS. Instead of operating your own IdP. They work to integrate service providers. Ping Identity, OneLogin, Okta, Centrify, Symplified, etc. JanRain Social login & user management.
22 Physical Tokens YubiKey Small, uses one-time or fixed passwords. pretends to be a USB keyboard. Implements FIDO. Random number tokens. RSA SecurID. Google Authenticator (soft token App). Lots of similar tokens. Hardware benefits & drawbacks: Benefits: Tamper-proof & can't get viruses. Drawbacks: Can't put 100 of them on your keychain.
23 Mobile Phone Factors Mobile phone factors are a great trade-off! Google Authenticator random number (app). Text message random number. used by Facebook, Twitter, Telesign. In-app push-based notifications. Twitter, DuoSecurity, others. PhoneFactor (Microsoft) Text, Voice, Push. And of course: Tozny!! Focused on ease of use and security.
24 Summary: Each factor has drawbacks Something you know: Basically passwords. Doesn't scale beyond a handful of secure passwords. Something you have: Physical token: Doesn't scale beyond size of your keyring. Mobile phone: Seems most promising to me. Something you are: biometrics are not secret. Federation / SSO: If only we could agree to agree.
25 Options for WordPress
26 Remote brute force attacks Admin is often the root user; you can use something different. WordPress does not enforce strong passwords by default. Security features are usually an ad-on plugin. Tricks with.htaccess (extra passwords, IP address limits, etc.) Fail2ban adds a firewall rule when there are too many attacks. Blacklisting entire countries. Summary: Most of these solutions are pretty bad.
27 Integrating with corporate login LDAP: A standard centralized password and attribute system. Used to log in, get user permissions, names, etc. LDAP has sensitive information and is always behind the firewall. WordPress (Service Provider) 2. Username / Password 3. Login & Attributes LDAP 1. Username / Password User & Browser
28 Identity Federation: SAML Workflow A few can make WordPress into a SAML Relying Party (RP). You ll need a SAML IdP, or the company needs to operate one. SAML is just the SSO mechanism! You still need a way to log in (e.g. LDAP, passwords, Tozny). WordPress (Service Provider) 2. Ask SAML 5. Login & Attributes SAML Identity Provider e.g. Simple SAML PHP 3. Username / Password 4. Login & Attributes 1. Let me in User & Browser
29 SAML & LDAP Combined - Typical SAML is for SSO, meaning you have multiple SPs. Still use LDAP for central identity management. WordPress (Service Provider) Other SPs 2. Ask SAML 7. Login & Attributes SAML Identity Provider e.g. Simple SAML PHP 4. Username / Password 5. Login & Attributes LDAP 3. Username / Password 6. Login & Attributes 1. Let me in User & Browser
30 Social Login: Google, Facebook, Twitter Ties the user s WordPress account to their social profile. Good for the user: They don t need a new username & password. Good for the operator: You can get extra user information. Does your site naturally tie to one social site? A web site about books would naturally tie into Amazon. With multiple buttons, how do users decide which to use? How do they remember which one they used? There are lots of plugins available for social login.
31 Two Factor Auth Something you have in addition to something you know. Prevent lots of types of attacks Brute force, password reuse, database spills, etc. Most 2FA solutions are not highly usable, low user adoption. Also, not much in it for the user; it protects your site. Plugins available for e.g. Google Authenticator free & open source.
32 So you want to replace password login? What to look for in a plugin Let s say you re deploying LDAP, social login, 2FA, etc How does it handle existing users? Do they get locked out? Do they need to use a different PW? How does it handle API / app access? If the password is replaced, can users still access via the app? How does it handle groups? Admin, Editor, Author, Contributor Can these be mapped from e.g. LDAP roles? How does it prevent password login? E.g. replacing the password w/ a random password Has the plugin been security reviewed? Is it recently updated? Does it have a history? Is it used by others in your industry?
33 Summary of login alternatives Internal corporate sites: LDAP, Active Directory, RADIUS, and SAML are typical standards. End-user facing sites: Social login is more the norm. Two-factor authentication: Can prevent brute-force and many other attacks. Seriously consider for admin / author access to important sites. Evaluate plugins carefully: Many do not consider real use cases.
34 Tozny Demo:
35 Tozny Summary Easier and more secure than passwords. Your phone is the key. Replace passwords, use after passwords, has a built-in 2 nd factor. WordPress plugin available. Also integrates with: SAML, PHP, Node, Scala, Java, PAM, Rust,
36 Thank You! Isaac Potoczny-Jones
The Password Problem Will Only Get Worse
The Password Problem Will Only Get Worse New technology for proving who we are Isaac Potoczny-Jones Galois & SEQRD ijones@seqrd.com @SyntaxPolice Goals & Talk outline Update the group on authentication
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationHow To Use Salesforce Identity Features
Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationI D C V E N D O R S P O T L I G H T
I D C V E N D O R S P O T L I G H T E n f o r c i n g I dentity a nd Access Management i n C l o u d a n d Mobile Envi r o n m e n t s November 2012 Adapted from Worldwide Identity and Access Management
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationWHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES
WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES Executive Overview U.S. Federal mandates dictates that personal with defense related initiatives must prove access
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationBiometric SSO Authentication Using Java Enterprise System
Biometric SSO Authentication Using Java Enterprise System Edward Clay Security Architect edward.clay@sun.com & Ramesh Nagappan CISSP Java Technology Architect ramesh.nagappan@sun.com Agenda Part 1 : Identity
More informationSAML single sign-on configuration overview
Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationIncrease the Security of Your Box Account With Single Sign-On
A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability
More informationWHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)
WHITEPAPER NAPPS: A Game-Changer for Mobile Single Sign-On (SSO) INTRODUCTION The proliferation of mobile applications, including mobile apps custom to an organization, makes the need for an SSO solution
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationBuilding Secure Multi-Factor Authentication
Building Secure Multi-Factor Authentication Three best practices for engineering and product leaders Okta Inc. I 301 Brannan Street, Suite 300 I San Francisco CA, 94107 info@okta.com I 1-888-722-7871 Introduction
More informationEgnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationWHITEPAPER. Identity Access Management: Beyond Convenience
WHITEPAPER Identity Access Management: Beyond Convenience INTRODUCTION Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationIt may look like this all has to do with your password, but that s not the only factor to worry about.
Account Security One of the easiest ways to lose control of private information is to use poor safeguards on internet accounts like web-based email, online banking and social media (Facebook, Twitter).
More informationIdentity Access Management: Beyond Convenience
Identity Access Management: Beyond Convenience June 1st, 2014 Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are looking
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES
CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationIdentity Implementation Guide
Identity Implementation Guide Version 37.0, Summer 16 @salesforcedocs Last updated: May 26, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationSafewhere*Identify 3.4. Release Notes
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationSecurity in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)
Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationCompTIA Security+ Certification SY0-301
CompTIA Security+ Certification SY0-301 Centro Latino, Inc. Computer Technology Program Prof: Nestor Uribe, nuribe@centrolatino.org www.centrolatino.org 267 Broadway, Chelsea, MA 02150 Tel. (617) 884-3238
More informationTechnology Day 2015 Xylos
Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)
More informationHOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO
E-Guide HOW MICROSOFT AZURE AD USERS CAN EMPLOY SearchSecurity HOW MICROSOFT AZURE AD USERS CAN EMPLOY T echnology journalist David Strom explaims how to use Azure Active Directory and Azure Multifactor
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationConfiguring. Moodle. Chapter 82
Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationPassword Manager with 3-Step Authentication System
Password Manager with 3-Step Authentication System Zhelyazko Petrov, Razvan Ragazan University of Westminster, London z.petrov@my.westminster.ac.uk, razvan.ragazan@my.westminster.ac.uk Abstract: A big
More informationGuide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation
Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication Mobile App Activation Before you can activate the mobile app you must download it. You can have up to
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationWho Moved My Secure Perimeter?
WHITE PAPER Who Moved My Secure Perimeter? Six risks and opportunities to strengthen security using Identity-as-a-Service WWW.CENTRIFY.COM Who Moved My Secure Perimeter? Contents Introduction 3 Risk #1:
More informationMulti-Factor Authentication
Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationSecure Access Control for Mobile, Cloud, and Web Apps
Secure Access Control for Mobile, Cloud, and Web Apps SecureAuth IdP is a revolutionary platform that provides flexible and secure access control through strong authentication, single sign-on, and user
More informationSP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.
Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated
More informationWHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT
WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT Executive Overview SAML (Security Assertion Markup Language) is a standard that facilitates the exchange of security information. Developed by
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Virtualization, Cloud and Security Mgr. Michael Grafnetter Agenda Virtualization Security Risks and Solutions Cloud Computing Security Identity Management Virtualization
More informationMoving Beyond User Names & Passwords Okta Inc. info@okta.com 1-888-722-7871
Moving Beyond User Names & Passwords An Overview of Okta s Multifactor Authentication Capability Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 Moving Beyond
More informationYubiKey Authentication Module Design Guideline
YubiKey Authentication Module Design Guideline Yubico Application Note Version 1.0 May 7, 2012 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationAutomating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc. 400 2nd Street Suite 350 San Francisco CA, 94107
OKTA WHITE PAPER Automating User Management and Single Sign-on for Salesforce.com Okta Inc. 400 2nd Street Suite 350 San Francisco CA, 94107 info@okta.com 1-888-722-7871 Table of Contents 1 The Growth
More informationMOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com
MOBILITY Transforming the mobile device from a security liability into a business asset. pingidentity.com Table of Contents Introduction 3 Three Technologies That Securely Unleash Mobile and BYOD 4 Three
More informationWhy Centralized Cloud ID Management Is Crucial For The Enterprise
Why Centralized Cloud ID Management Is Crucial For The Enterprise Executive Overview It is well established that we are experiencing a radical model shift in enterprise computing to hybrid-cloud models.
More informationIntegrating Single Sign-on Across the Cloud By David Strom
Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio
More informationConfiguration Guide - OneDesk to SalesForce Connector
Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationowncloud Architecture Overview
owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data
More informationFrom the Intranet to Mobile. By Divya Mehra and Stian Thorgersen
ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password
More informationFlexible Identity Federation
Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationHow to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment
WHITEPAPER How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment www.onelogin.com 150 Spear Street, Suite 1400, San Francisco, CA 94105 855.426.7272 EXECUTIVE SUMMARY
More informationThe Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits
The Devil is Phishing: Rethinking Web Single Sign On Systems Security Chuan Yue USENIX Workshop on Large Scale Exploits and Emergent Threats (LEET 2013) Web Single Sign On (SSO) systems Sign in multiple
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationUNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution
UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS Single Sign-On (SSO) Solution For University Information Systems (UIS) May 9, 2013 2 University of Colorado
More informationMulti Factor Authentication API
GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...
More informationDIGIPASS as a Service. Google Apps Integration
DIGIPASS as a Service Google Apps Integration April 2011 Table of Contents 1. Introduction 1.1. Audience and Purpose of this Document 1.2. Available Guides 1.3. What is DIGIPASS as a Service? 1.4. About
More informationNetIQ Advanced Authentication Framework
NetIQ Advanced Authentication Framework Security Officer Guide Version 5.2.0 1 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Authenticators Management 4 Card 8 Email OTP
More informationPingFederate. SSO Integration Overview
PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,
More informationThe PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition
The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition Find out what organizations need to know to compare two-factor vendors and check
More informationSwivel Secure and the Cloud
Swivel Secure and the Cloud Authentication for Cloud Application Abstract This document describes the issues relating to authenticating to cloud applications and how the Swivel authentication platform
More informationService Updates and Enhancements
Service Updates and Enhancements May 8, 2013 McAfee understands that providing the tools for a trusted communication environment is our primary directive. Accomplishing this goal requires listening to
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationFederated Identity for Cloud Computing and Cross-organization Collaboration
Federated Identity for Cloud Computing and Cross-organization Collaboration Steve Moitozo Strategy and Architecture SIL International 20110616.2 (ICCM) Follow me @SteveMoitozo2 2 Huge Claims You want federated
More informationEXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationActive Directory Integration WHITEPAPER
Active Directory Integration WHITEPAPER Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role
More informationHOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services
1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationAuthentication: Password Madness
Authentication: Password Madness MSIT 458: Information Security Group Presentation The Locals Password Resets United Airlines = 83,000 employees Over 13,000 password reset requests each month through the
More informationNOK NOK LABS AUTHENTICATION & OTT SERVICES
NOK NOK LABS AUTHENTICATION & OTT SERVICES RAJIV DHOLAKIA VP PRODUCTS & BUSINESS DEVELOPMENT 1 NOK NOK LABS The authentication challenge A DILEMMA UNTIL WE CAN TRULY RECOGNIZE PEOPLE ONLINE, IN REAL TIME...
More informationAn Overview of Samsung KNOX Active Directory-based Single Sign-On
C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationINTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationSecuring e-government Web Portal Access Using Enhanced Two Factor Authentication
Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication
More informationPrivacy and Security Advantages of Social Login. White Paper
Privacy and Security Advantages of Social Login White Paper User Management Platform for the Social Web white paper Privacy and Security Advantages of Third-Party Authentication The practice of implementing
More information