4.15 Managing SSO in the Cloud

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
all right. Now, our next section here managing single sign on in the cloud. What we're trying to do is to might make life easier on our users.
Because if I were to ask you guys, how many of you have 10 different user names and passwords? You have to keep up with how many of you raise your hand.
You might as well all raise your hand cause I know we've got a lot of user accounts and passwords
and then when you think about every count you've ever created, even if they're ones you don't use any more, you know, kind of like orphaned accounts we just, you know, created for one time use or whatever. So we've got tons of user names and passwords, and you know where I'm going with This
is when you have tons of user names and passwords, you either write them down or you constantly forget have to constantly reset that to constantly remember. It's just a hassle. So what we want to do is we want to make life easier, and we want to use Federated Trusts
Thio implement a streamlined process of single sign on in the cloud
well in order to make this work, we're gonna have to have several different pieces. We're gonna have to have our accounts provisioned again. Talked about that in chapter one. So go back and review. If you don't already remember what s PML and what skim do for us?
All right, then we go to authentication. How do I prove I am who I say I am?
But even beyond that, because that piece we can talk about in chapter one, how do I authenticate a single time for accessing multiple resource is right? Multiple cloud acts rather than having to keep providing my credentials. That's gonna come to us through open I d connect or sample.
Look at those in a few minutes and then authorization. There's a framework called oh off to which is currently what we're using
that actually includes open. I'd connect for authentication, but ultimately it's a framework in which we can design for authorization to happen.
All right, so let's talk about the three main I Triple A service is when we talk about federation's when we talk about and again were kind of thinking about cloud service providers today. All right, so when we think about authentication providers or authentication mechanisms.
The 1st 3
ws fed Samel open I d connect.
All right now Oh, off to again is more of a framework that will also provide for authorization. So it's different nature. Part of it will include open I d connect. Hopefully office will make sense Now. W s Fed is more for Windows based idea in systems.
Samel is open, so that's very beneficial.
But those were a little bit older techniques. Part of the reason for that is there slower. They have more overhead. If you look at sample and you see that XML based framework, you know, XML has a lot of overhead,
so open I d connect steps in and essentially provides the same type of authentication and very comparable fashion. But it does so using different formats other than the XML based form. All right, so these are primarily what we're gonna focus on.
We're gonna focus on samel open. I d connect and go off to
across the next handful of slides.
All right, so when we talk about single sign on again, the idea is I get the credentials that I need. You know, I verify my identity. I say I am Kelly Hander Han, and then I want to be able to take that, you know, authentication. And I want to use that same authentication at multiple
locations. I don't wanna have to keep bringing in all my information. So this a little example for those of you that have been to college?
Um, whether you know, uh, you probably were in an environment where you had to get a student I d match. Okay, so let's take this example. So I show up first day of school. I'm at the University of North Carolina, Greensboro A, um,
and I show up,
I register, I stand in line for 800 hours, fill out all my paperwork. Boom. I am enrolled, I and good to go.
So I feel like, Hey, hey, let's go out and let's take care of a few other errands today. So I go to the library because Or you could say that student bookstore, but apples? How? They're the library. Got a set of books. I mean, so I show up at the library and I tell the library Hey, I need these folks. The library need this set of books
well, the library says, Who are you?
I say, Well, I'm Kelly Hander Hand. I'm a member of this fine university and they say Prove it And I say, Oh,
they say, Look, here's what you need to do I know you've gone through the university and you've registered, But you have to take that paperwork down to the student center and you go to student center and they'll give you a student. I D badge. That's what you have to have to check out books.
OK, so I tried to get my resource at the library. The library kills may go to the students,
go to the student center. I provide the information that I got when I registered and a stand in line again.
And in exchange for that, I get my student 90. Now, the thing about the student I D badge is I no longer have to carry around all that paperwork. I don't have to submit it anymore. I have my student I D badge, which is a token
that shows I am who I say I am, and I'm a legitimate student at the university.
Okay, so I go back to the library
and I showed him my badge, the library, they look at my badge. And because that token is good throughout the environment that's trusted, I'm able to get my books now. What we can also do with that little token of my student I d. Is. Maybe it shows that I'm enrolled in cyber security forces.
So based on that attribute, this is where attributes based access control comes into play. Based on the attributes of the program, which I'm enrolled,
I get a specific set of books, right so Samuel can play in through the use of attributes with authorization as well.
I get my books now. The beautiful thing about that student I d. Is when I go to the cafeteria, do I have to show them all my registration paperwork again? No. Right showing my student batch. Now I want to go get a discount at the student Prince center
or doesn't even have to be. The university service is a lot of the local areas in grades were a lot of the stores will give discounts to students and so on and so forth. So the idea is by getting that token, I don't have to provide all these credentials again and again. I have something portable that's easy to use,
and because trusts are set up
based on that token that I'm able to access, the resource is that I want. So single sign on is immensely helpful to users. And if you just take that and can kind of imagine that in an online environment which we're gonna walk through in just a minute, you can see how that makes life he's.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By