4.16 SSO with SAML

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
All right. So let's look at Samuel and Samuel, of course. Stands for security assertion, markup language. And, like, we've just said, what our goal is is single sign on
aren't so the idea to start this whole process. We've set up active directory, of course, in conjunction with an identity provider in the D M Z.
Okay, And the service of skim or s PML is gonna be used to sync up and provisioned accounts at the identity provider.
Right? So once Kelly hinder him, gets added to your organization, that information gets sync up. My identity provider has the current and up to date listing off users. All right, now, Kelly Agents Library
decides to go access office 3 65 or WebEx or any of those eight zillion cloud service providers. And that's what they're called by the way service providers SP.
All right, now, because I sign on his Kelly agent Cybertron heads. I bury cyber very dot i t the service provider recognizes cyber dot i t. And it says, Oh, I know who the identity provider for that is and then sends the request down.
All right? I D provider says, Yeah, Kelly handwritten can access, um,
outlook and or, you know, whatever the application is and sends back a token, a sample token. That's the assertion that says, Yeah, she's legitimate. She's an employee she should have access to these resource is
and Samuel. Tokens can also include attributes on which decisions can be made, like only specific features of applications based on job, role or whatever that may be.
So ultimately. And I'll tell you, Samuel can also work with browser redirects. That's a very common way. So is where I have it in this screen shot. You know where the service provider queries the I. D. P. That's possible. But many times what happens is the service provider sends back a redirect
to the client, and the client has to go to the I. D. P to get the token. And if you ever do that, you'll notice. Like, for instance, if you goto access a resource out on the Web and it says, Hey, would you like to log on with your Facebook account? If you say yes, you'll see it redirects your browser, the Facebook. You're not seeing the Facebook,
you know, screen or anything, unless you haven't logged in. But if you watch those redirects, you'll see exactly what's happened. So that's with Samuel, and I have kind of the step by step here again,
these steps or with the redirect the image I showed you before. That's what the service provider going directly to the I. D. P. This next step is with the redirects, where the client's browser does that. Either way, that's not a criteria of Samuel one or the other. You can configure both ways,
Um, and again, look, it's another picture off that process. Flow again with the redirects.
Now the problem with Samel is that sample Security association mark up language. There's that M l again that we've been talking about that means were based on XML.
Any time we have our service is based on XML. That's tricky in today's environment because there's so much overhead. Remember, we're looking to use the small, portable smart devices to authenticate today where we worked 10 years ago, 15 years ago.
So where is Samel is tried and true, its standards based, It's been around forever.
It still has too much overhead, so that's where open I'd connect is gonna come in in just a moment
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By