Single Sign-on and Federated Identity Management
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Intermediate
Video Transcription
00:00
>> We're going to talk about
00:00
single sign-on and federated identity management.
00:00
These are important authorization concepts to
00:00
understand when it comes
00:00
to managing access in Cloud-based environments,
00:00
especially in the context of development.
00:00
In this lesson, we're going to talk about
00:00
the use of single sign-on,
00:00
we'll talk about the use cases for
00:00
federated identity management and
00:00
then also talk about the benefits
00:00
and limitations of each.
00:00
Overall, both techniques are used to provide
00:00
authorization across or within
00:00
devices within the platform or
00:00
within a group of organizations.
00:00
One of the problems that comes with
00:00
added security is that it becomes cumbersome
00:00
to the user or someone who's
00:00
working within a Cloud-based platform to continually
00:00
have to go through the IAM process for
00:00
every different application or server they access.
00:00
Although it's very secure,
00:00
it impedes the operational efficiency in
00:00
the real business case for
00:00
having many of these items in the first place.
00:00
Thankfully, there is a solution,
00:00
single sign-on is used typically to
00:00
the means of one authentication server or service
00:00
to authenticate a user across all the applications
00:00
or websites typically within one organization.
00:00
Now as you can expect,
00:00
although this saves a lot of time in terms of
00:00
the user continually had to
00:00
identify themselves and authenticate it.
00:00
It increases security risks.
00:00
>> If a user's credentials were compromised,
00:00
>> those same credentials can be used
00:00
>> to authenticate across
00:00
>> a whole organization suite of applications and servers.
00:00
Now, the important thing to think about is that, well,
00:00
that means we had to have stricter IAM process.
00:00
We've talked about the
00:00
>> use of multi-factor authentication
00:00
>> as another control that can be put in place to
00:00
further strengthen and mitigate
00:00
the risks that a user's credentials become compromised.
00:00
Federated identity management is
00:00
really taking that single sign-on notion of
00:00
identity management and pushing
00:00
it out between multiple organizations.
00:00
There is two different distinct roles
00:00
within federated identity management,
00:00
the identity provider and then the service provider.
00:00
The organizations themselves is
00:00
the acting as the identity provider.
00:00
They are authenticating the user,
00:00
based on their credentials that they
00:00
are in fact authenticated user,
00:00
and then the trust that exists between
00:00
that entity provider and the service providers,
00:00
what enables multiple different organizations to share
00:00
their credential or share
00:00
user access rights amongst them.
00:00
Now, with that trust comes great responsibility.
00:00
You really had to do due diligence through
00:00
third-party vetting that the organizations that you're
00:00
trusting either to accept
00:00
your user's authenticated credentials or if you are
00:00
accepting their users authenticated credentials,
00:00
that they have adequate policies and procedures and
00:00
controls in place to
00:00
monitor those credentials for compromise.
00:00
Because in a federated system,
00:00
you're not only getting access to
00:00
potentially assets within one organization,
00:00
you're getting assets of
00:00
the data and processing within multiple organizations.
00:00
That expands the scope and
00:00
many famous breaches have occurred through
00:00
third parties being vulnerable,
00:00
not necessarily through a failure
00:00
in federated authentication,
00:00
but whenever there's reliance on
00:00
third party and you can't think about
00:00
or analyze their controls or get
00:00
access to their system to audit it,
00:00
that increases the risk that
00:00
comes with relying on that third party.
00:00
All right, quiz question. Trust between which
00:00
parties makes federated identity management possible?
00:00
Between identity providers, between service providers,
00:00
or between the identity provider
00:00
and the service provider.
00:00
If you said between the identity provider and
00:00
the service provider, that's correct.
00:00
Now, in the theoretical contexts,
00:00
either organization could be
00:00
the identity provider or the service provider.
00:00
It's really the trust between those two in
00:00
those various roles that makes federated identity work,
00:00
that enables multiple organizations to accept
00:00
the authentication of one user to grant
00:00
access across the different organizations.
00:00
In summary, we talked about the use of single sign-on.
00:00
We talked about the use of federated identity management.
00:00
Both are decreasing the need
00:00
to identify and authenticate,
00:00
basically the IAM burden that comes
00:00
with users using cloud-based systems.
00:00
Now, reducing that burden by
00:00
allowing one authorization to count and be
00:00
mutually accepted by multiple systems
00:00
or multiple organizations is great for
00:00
improving operational efficiency and
00:00
decreasing the burden of
00:00
individuals login over and over again.
00:00
But it comes with increased security concerns
00:00
within an organization,
00:00
as well as increased security when it
00:00
comes to the trust between multiple organizations.
00:00
You'll have to rely on your own security controls
00:00
potentially in the SSOs situation,
00:00
implementing multi-factor authentication or having
00:00
really extensive vendor risk management when it
00:00
comes to federated identity using third parties.
00:00
All right, I'll see you in the next lesson.
Up Next
Federation Standards
Application Programming Interfaces (APIs)
API Approval and Management
Open-Source Software
Sandboxing
Instructed By
Similar Content
