Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Similar documents
Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

The Top 5 Federated Single Sign-On Scenarios

Mobile Security. Policies, Standards, Frameworks, Guidelines

managing SSO with shared credentials

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

NCSU SSO. Case Study

Adding Stronger Authentication to your Portal and Cloud Apps

Getting Started with AD/LDAP SSO

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

Identity. Provide. ...to Office 365 & Beyond

SECUREAUTH IDP AND OFFICE 365

SAML SSO Configuration

Interoperate in Cloud with Federation

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Integrating Single Sign-on Across the Cloud By David Strom

Extend and Enhance AD FS

Introduction to SAML

Increase the Security of Your Box Account With Single Sign-On

Google Identity Services for work

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

WHITE PAPER Usher Mobile Identity Platform

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

HP Software as a Service. Federated SSO Guide


Cisco Software-as-a-Service (SaaS) Access Control

Mid-Project Report August 14 th, Nils Dussart

SAML Security Option White Paper

Speeding Office 365 Implementation Using Identity-as-a-Service

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

The increasing popularity of mobile devices is rapidly changing how and where we

STRONGER AUTHENTICATION for CA SiteMinder

Perceptive Experience Single Sign-On Solutions

JumpCloud is your Directory-as-a-Service. A fully managed directory to rule your infrastructure whether on-premise or in the cloud.

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Six Best Practices for Cloud-Based IAM

PowerSchool. Parent Single Sign-On (SSO)

Five Reasons It s Time For Secure Single Sign-On

Single Sign On. SSO & ID Management for Web and Mobile Applications

Public Key Applications & Usage A Brief Insight

SAML-Based SSO Solution

Table of Content Cloud Computing Tutorial... 2 Audience... 2 Prerequisites... 2 Copyright & Disclaimer Notice... 2 Cloud Computing - Overview...

Connecting Users with Identity as a Service

Improving Security and Productivity through Federation and Single Sign-on

Final Project Report December 9, Cloud-based Authentication with Native Client Server Applications. Nils Dussart

Evaluating IaaS security risks

USING FEDERATED AUTHENTICATION WITH M-FILES

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

Flexible Identity Federation

OpenLogin: PTA, SAML, and OAuth/OpenID

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Cloud Computing Tutorial

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Contents. BBS Software as a Service (SaaS),7. EH introducing aoudco.pu.ing 1. Distinguishing Cloud Types 4. Exploring

IBM Tivoli Federated Identity Manager

OpenID and identity management in consumer services on the Internet

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

I D C V E N D O R S P O T L I G H T

a best practices guide Six Best Practices for Cloud-Based Identity Management Services Making Identities Work Securely in the Cloud

T his feature is add-on service available to Enterprise accounts.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Cybersecurity and Secure Authentication with SAP Single Sign-On

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

SAML 101. Executive Overview WHITE PAPER

SINGLE SIGN ON FOR HEALTHCARE PROVIDERS AND CONSUMERS

HEALTHCARE & SECURITY OF DATA IN THE CLOUD

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Client Security Guide

DIGIPASS as a Service. Google Apps Integration

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Modern two-factor authentication: Easy. Affordable. Secure.

Single Sign On for ShareFile with NetScaler. Deployment Guide

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

SAML-Based SSO Solution

OpenHRE Security Architecture. (DRAFT v0.5)

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Domain 12: Guidance for Identity & Access Management V2.1

Whitepaper: Centeris Likewise Identity 3.0 Security Benefits

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

White paper December Addressing single sign-on inside, outside, and between organizations

Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

expanding web single sign-on to cloud and mobile environments agility made possible

The Primer: Nuts and Bolts of Federated Identity Management

McAfee Cloud Single Sign On

Google Apps Deployment Guide

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

The Florida Department of Education s Single Sign-On Solution. July - August 2012

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

A Survey on Cloud Security Issues and Techniques

Linux Single Sign-on: Maximum Security, Minimum Cost

Transcription:

Cloud Computing Chapter 5 Identity as a Service (IDaaS)

Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of IDaaS solutions. Discuss IDaaS solutions offered by various companies.

IDaaS Defined Identity (or identification) as a service (IDaaS) Cloud-based approaches to managing user identities, usernames passwords access Also sometimes referred to as identity management as a service.

Single Sign-On (SSO) Single sign-on (SSO) PA process that allows a user to log into a central authority and then access other sites and services for which he or she has credentials.

Advantages of SSO Fewer username and password combinations for users to remember and manage Less password fatigue caused by the stress of managing multiple passwords Less user time consumed by having to log in to individual systems Fewer calls to help desks for forgotten passwords A centralized location for IT staff to manage password compliance and reporting

Disadvantages of SSO A single source of failure. If the authentication server fails, users will not be able to log in to other servers. Hence, a cloud-based authentication server with system redundancy reduces the risk of system unavailability.

How SSO Works

Federated ID Management (FIDM) FIDM describes the technologies and protocols that combine to enable a user to bring security credentials across different security domains (different servers running potentially different operating systems).

Security Assertion Markup Language (SAML) Behind the scenes, many FIDM systems use the Security Assertion Markup Language (SAML) to package a user s security credentials.

Account Provisioning The process of creating a user account on a system is called account provisioning. different employees may need different capabilities, and the provisioning process can be complex. When an employee leaves the company, a deprovisioning process must occur to remove the user s accounts.

Deprovisioning Problem Unfortunately, the IT staff is not always immediately informed that an employee no longer works for the company, or the IT staff misses a server account and the user may still have access to one or more systems.

4 A s of Cloud Identity Authentication: The process of validating a user for on-site and cloud-based solutions. Authorization: The process of determining and specifying what a user is allowed to do on each server. Account management: The process of synchronizing user accounts by provisioning and deprovisioning access. Audit logging: The process of tracking which applications users access and when.

Real World: Ping Identity IDaaS Ping Identity provides cloud-based ID management software that supports FIDM and user account provisioning. Federated ID Management (FIDM)

Real World: PassworkBank IDaaS PasswordBank provides an IDaaS solution that supports on-site and cloud-based system access. Its FIDM service supports enterprise-wide SSO (E- SSO) and SSO for web-based applications (WebSSO). The PasswordBank solutions perform the FIDM without the use of SAML. PasswordBank solutions support a myriad of devices, including the iphone. Single sign-on (SSO) Security Assertion Markup Language (SAML)

OpenID OpenID allows users to use an existing account to log in to multiple websites. more than 1 billion OpenID accounts exist and are accepted by thousands of websites. Google, Yahoo!, Flickr, Myspace, WordPress.com, and more support OpenID.

Advantages of Using OpenID Increased site conversion rates (rates at which customers choose to join websites) because users do not need to register Access to greater user profile content Fewer problems with lost passwords Ease of content integration into social networking sites

Mobile ID Management Threats to mobile devices include the following: Identity theft if a device is lost or stolen Eavesdropping on data communications Surveillance of confidential screen content Phishing of content from rogue sites Man-in-the-middle attacks through intercepted signals Inadequate device resources to provide a strong security implementation Social attacks on unaware users that yield identity information

Key Terms

Chapter Review 1. Define and describe SSO. 2. Define and describe IDaaS. 3. Define SAML and describe its purpose. 4. Define and describe provisioning. 5. Define and describe FIDM. 6. List factors that make mobile ID management difficult.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information