Abstract image of a woman sitting on books and studying on a laptop

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit, profile picture
CloudIDSummit

The document discusses Single Sign-On (SSO) and its integration with various applications, emphasizing the need for a unified username and password approach. It outlines the challenges and steps related to 'first mile' and 'last mile' integration, including the necessity of conforming to web SSO standards such as SAML and OpenID Connect. Additionally, it addresses the options available for mobile application SSO and the importance of user experience in managing multiple logins.

Technology
1 of 28
Downloaded 36 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
So you want to SSO … Scott Tomilson John DaSilva
You’ve waited long enough … Copyright © 2015 Cloud Identity Summit. All rights reserved. 2 Mobile AppsWeb Apps SaaS Apps username password username password username password username password username password username password username password username password username password
Copyright © 2015 Cloud Identity Summit .All rights reserved. 3
Copyright © 2015 Cloud Identity Summit .All rights reserved. 4 Integration Kits
It’s time for SSO … … what do you mean by SSO? App Enablement?Session Management? Access Control? Auditing?Authentication Policy? “One Username & Password (or some other form of authentication) just One Time”
It’s time for SSO … … and how will we get SSO? Open Standards?On-Premise ? IdaaS? Agents vs Gateway?App Changes? “Eliminate Unnecessary Passwords” (yes, some work will be needed – but you want to do this the right way)
Copyright © 2015 Cloud Identity Summit .All rights reserved. 7 Access Management ENTERPRISE Federated Identity Management
SSOfor Web Applications Copyright © 2015 Cloud Identity Summit. All rights reserved. 8
“First Mile” / “Last Mile” Integration Federation Server Identity Store Federation Server Target App Identity Provider (IdP) Service Provider (SP) “First Mile” “Last Mile”
“First Mile” Integration •  If you’re using a Federation Server – hopefully this is just a configuration exercise: •  ADconnect (Active Directory) •  PingFederate (Complex AD, LDAP, WAM, etc.) •  PingOne Cloud Directory (IdaaS user/group dir.) •  Worst case – there are Libraries & APIs to help you integrate a custom portal or user store Copyright © 2015 Cloud Identity Summit. All rights reserved. 10
“Last Mile” Integration Here’s where things get interesting … Copyright © 2015 Cloud Identity Summit. All rights reserved. 11
“Last Mile” Integration Question #1: Does your application support Web (federated) SSO standards? (i.e.: SAML, WS-Federation, OpenID Connect) Copyright © 2015 Cloud Identity Summit. All rights reserved. 12
“Last Mile” Integration – with Standards Copyright © 2015 Cloud Identity Summit. All rights reserved. 13 Federation Server Identity Store Target App Identity Provider (IdP) Service Provider (SP) SAML
Copyright © 2015 Cloud Identity Summit. All rights reserved. 14 “Last Mile” Integration – with Standards Your Apps Your Identity Stores / Partners Acme Beta Com SAML SAML SAML Federation Hub
“Last Mile” Integration – with Standards Copyright © 2015 Cloud Identity Summit. All rights reserved. 15 Does your app Web SSO standards? (SAML/WS-Fed/OIDC) Do you prefer IdaaS? No Yes Yes No
“Last Mile” Integration Question #2: Does your application support HTTP header-based SSO? Copyright © 2015 Cloud Identity Summit. All rights reserved. 16
“Last Mile” Integration – with HTTP Headers Federation Server Identity Store Federation Server Target App Identity Provider (IdP) Service Provider (SP) SAML Agent / Gateway HTTP Headers User: joe Email: joe@co.co Group: Sales
“Last Mile” Integration – with HTTP Headers •  Federated SSO •  PingFederate Integration Kits: •  Apache & IIS •  WAM Features (Session Management, URL Authorization & Auditing) •  Gateway (Reverse Proxy) •  Agents: Apache & IIS Copyright © 2015 Cloud Identity Summit. All rights reserved. 18
“Last Mile” Integration – with Standards Copyright © 2015 Cloud Identity Summit. All rights reserved. 19 Does your app support HTTP header based SSO? Do you want WAM features? No Yes Yes No
“Last Mile” Integration Question #3: Can you modify the application? Copyright © 2015 Cloud Identity Summit. All rights reserved. 20
“Last Mile” Integration – with App Changes Copyright © 2015 Cloud Identity Summit. All rights reserved. 21 Features Approach Effort Level Product(s) Federated SSO Implement SAML L n/a Implement OpenID Connect S n/a HTTP Headers XS PingFederate REST API S PingFederate PingOne SSO Integration Kit SDK Library (Java, .NET) S PingFederate WAM Features (Session Management, URL Authorization & Auditing) HTTP Headers XS PingAccess
“Last Mile” Integration Question #4: Did you reach here with 3 NO’s? Copyright © 2015 Cloud Identity Summit. All rights reserved. 22
“Last Mile” Integration – “I’m out of options…” •  PingFederate Integration Kits •  Basic SSO (Password Vaulting) Copyright © 2015 Cloud Identity Summit. All rights reserved. 23 … still lost? Talk to us!
SSOfor Mobile Applications Copyright © 2015 Cloud Identity Summit. All rights reserved. 24
Copyright © 2015 Cloud Identity Summit .All rights reserved. 25 Get Your Time Machines Ready …
SSO for Mobile Applications •  Are multiple logins (with the same creds) OK? •  User experience could be mitigated with long lived refresh tokens •  Shared refresh tokens? (Multiple apps – same dev. signer) •  Shared browser session? •  Centralized broker of OAuth Access Tokens •  Napps – http://openid.net/wg/napps/ •  PingOne Mobile – Early Napps draft support compatible with both PingFederate and PingOneCopyright © 2015 Cloud Identity Summit. All rights reserved. 26
In Closing … Copyright © 2015 Cloud Identity Summit. All rights reserved. 27
Copyright © 2015 Cloud Identity Summit .All rights reserved. 28

More Related Content

PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
PDF
The Case For Next Generation IAM
Patrick Harding
 
PPTX
DevOps & Apps - Building and Operating Successful Mobile Apps
Apigee | Google Cloud
 
PPTX
Financial services rely on APIs
Rogue Wave Software
 
PPTX
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays
 
PPTX
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
CA API Management
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
The Case For Next Generation IAM
Patrick Harding
 
DevOps & Apps - Building and Operating Successful Mobile Apps
Apigee | Google Cloud
 
Financial services rely on APIs
Rogue Wave Software
 
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
CA API Management
 

What's hot (20)

PPTX
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 
PPTX
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
PPTX
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Ping Identity
 
PDF
CIS14: PingAccess in Action
CloudIDSummit
 
PDF
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Ping Identity
 
PPTX
ForgeRock CTO TECHNOLOGY PREVIEW
ForgeRock
 
PDF
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS
ForgeRock
 
PDF
API Security and OAuth for the Enterprise
CA API Management
 
PPTX
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Ping Identity
 
PDF
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
PPTX
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
 
PDF
Who’s Knocking? Identity for APIs, Web and Mobile
Nordic APIs
 
PPTX
Do we have a round wheel? Thoughts on Identity standards
Ian Glazer
 
PDF
API Security Webinar : Security Guidelines for Providing and Consuming APIs
DevOps Indonesia
 
PDF
Red Hat Summit - OpenShift Identity Management and Compliance
Marc Boorshtein
 
PDF
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
00zzj
 
PPTX
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Ranjan Jain
 
PPTX
Identity Live London 2017 | Daniel Raskin
ForgeRock
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Ping Identity
 
CIS14: PingAccess in Action
CloudIDSummit
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Ping Identity
 
ForgeRock CTO TECHNOLOGY PREVIEW
ForgeRock
 
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS
ForgeRock
 
API Security and OAuth for the Enterprise
CA API Management
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Ping Identity
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
 
Who’s Knocking? Identity for APIs, Web and Mobile
Nordic APIs
 
Do we have a round wheel? Thoughts on Identity standards
Ian Glazer
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
DevOps Indonesia
 
Red Hat Summit - OpenShift Identity Management and Compliance
Marc Boorshtein
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
00zzj
 
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Ranjan Jain
 
Identity Live London 2017 | Daniel Raskin
ForgeRock
 
Ad

Viewers also liked (20)

PDF
CIS 2015 SCIM in the Real World - Kelly Grizzle
CloudIDSummit
 
PDF
CIS 2015- Assessing the Risk of Identity and Access- Venkat Rajaji
CloudIDSummit
 
PDF
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CloudIDSummit
 
PDF
Mobile Persuasion
Bryan Rieger
 
PPTX
Identity assurance & the market for verified attributes
James Varga
 
PPTX
Project Management is the Catalyst to transform India into a Global Leader in...
VSR *
 
PPTX
Digital Rights Management
NextLabs, Inc.
 
PPTX
Taste of Failure is Key for Sustainable Success
VSR *
 
PPTX
Responsible Global Spend - Sample Program and Timeline
Bill Kohnen
 
PDF
AGLEA SAP Security Analyzer SoD Remediation SoX authorization
Massimo Manara
 
PPTX
Cloud & Mobility Goldmines
VSR *
 
PDF
TechNight #12: Cloud Identity Summit 2014 @ Monteray 概要と主要トピック
Daisuke Fuke
 
PDF
CIS13: Next Generation Privileged Identity Management: A Market Overview
CloudIDSummit
 
PPTX
Advanced Authorization for SAP Global Deployments Part III of III
NextLabs, Inc.
 
PDF
OpenID TechNight - Ping Identity 製品紹介
Daisuke Fuke
 
PPTX
OpenID Connect Demo at OpenID Tech Night
Daisuke Fuke
 
PPT
SharePoint Business Track Part 1 of 2
NextLabs, Inc.
 
PDF
Digital in store for dummies
Paolo Maioli
 
PPTX
Colin Glynn, Rolls-Royce plc Presentation
Amy Jacobs MA BA Hons
 
PDF
CIS13: Intelligence-Driven IAM: The Next Generation of Identity and Access Go...
CloudIDSummit
 
CIS 2015 SCIM in the Real World - Kelly Grizzle
CloudIDSummit
 
CIS 2015- Assessing the Risk of Identity and Access- Venkat Rajaji
CloudIDSummit
 
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CloudIDSummit
 
Mobile Persuasion
Bryan Rieger
 
Identity assurance & the market for verified attributes
James Varga
 
Project Management is the Catalyst to transform India into a Global Leader in...
VSR *
 
Digital Rights Management
NextLabs, Inc.
 
Taste of Failure is Key for Sustainable Success
VSR *
 
Responsible Global Spend - Sample Program and Timeline
Bill Kohnen
 
AGLEA SAP Security Analyzer SoD Remediation SoX authorization
Massimo Manara
 
Cloud & Mobility Goldmines
VSR *
 
TechNight #12: Cloud Identity Summit 2014 @ Monteray 概要と主要トピック
Daisuke Fuke
 
CIS13: Next Generation Privileged Identity Management: A Market Overview
CloudIDSummit
 
Advanced Authorization for SAP Global Deployments Part III of III
NextLabs, Inc.
 
OpenID TechNight - Ping Identity 製品紹介
Daisuke Fuke
 
OpenID Connect Demo at OpenID Tech Night
Daisuke Fuke
 
SharePoint Business Track Part 1 of 2
NextLabs, Inc.
 
Digital in store for dummies
Paolo Maioli
 
Colin Glynn, Rolls-Royce plc Presentation
Amy Jacobs MA BA Hons
 
CIS13: Intelligence-Driven IAM: The Next Generation of Identity and Access Go...
CloudIDSummit
 
Ad

Similar to CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva (20)

PDF
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
DOCX
School of Computer & Information SciencesITS-532 Cloud C.docx
jeffsrosalyn
 
PDF
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
CA Technologies
 
PPT
Up 2011-ken huang
Ken Huang
 
PDF
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CloudIDSummit
 
PDF
Anil saldhana oasisid_cloud
Anil Saldanha
 
DOCX
Directions Answer each question individual and respond with full .docx
mariona83
 
PDF
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CloudIDSummit
 
PDF
CIS14: Identity at Scale: Next Gen Federation Architectures
CloudIDSummit
 
PDF
CIS 2015-API's & Identity: Enabling the Business to Become the Cloud- Carlos ...
CloudIDSummit
 
PDF
Identity as a Service: a missing gap for moving enterprise applications in In...
Hoang Tri Vo
 
PPTX
Identity as a Matter of Public Safety
Adam Lewis
 
PPTX
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
PPTX
The Future of Enterprise Identity Management
OneLogin
 
PDF
CIS13: Identity at Scale
CloudIDSummit
 
PDF
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CloudIDSummit
 
PPTX
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
PDF
CIS 2015 Extreme OAuth - Paul Meyer
CloudIDSummit
 
PDF
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CloudIDSummit
 
PPTX
Intel IT's Identity and Access Management Journey
Intel IT Center
 
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
School of Computer & Information SciencesITS-532 Cloud C.docx
jeffsrosalyn
 
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
CA Technologies
 
Up 2011-ken huang
Ken Huang
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CloudIDSummit
 
Anil saldhana oasisid_cloud
Anil Saldanha
 
Directions Answer each question individual and respond with full .docx
mariona83
 
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CloudIDSummit
 
CIS14: Identity at Scale: Next Gen Federation Architectures
CloudIDSummit
 
CIS 2015-API's & Identity: Enabling the Business to Become the Cloud- Carlos ...
CloudIDSummit
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Hoang Tri Vo
 
Identity as a Matter of Public Safety
Adam Lewis
 
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
The Future of Enterprise Identity Management
OneLogin
 
CIS13: Identity at Scale
CloudIDSummit
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CloudIDSummit
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
CIS 2015 Extreme OAuth - Paul Meyer
CloudIDSummit
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CloudIDSummit
 
Intel IT's Identity and Access Management Journey
Intel IT Center
 

More from CloudIDSummit (20)

PPTX
CIS 2016 Content Highlights
CloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
PDF
CIS 2015 The Ethics of Personal Data - Robin Wilton
CloudIDSummit
 
PDF
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
 
PDF
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CloudIDSummit
 
PDF
DIRECTORY CIS 2015 - Eric Fazendin
CloudIDSummit
 
PDF
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CloudIDSummit
 
PDF
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CloudIDSummit
 
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CloudIDSummit
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CloudIDSummit
 
DIRECTORY CIS 2015 - Eric Fazendin
CloudIDSummit
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CloudIDSummit
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CloudIDSummit
 

Recently uploaded (20)

PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
What is a Computer? Input Devices /output devices
GulJan8
 
Modernising the Digital Integration Hub
Daniel Toomey
 
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

  • 1. So you want to SSO … Scott Tomilson John DaSilva
  • 2. You’ve waited long enough … Copyright © 2015 Cloud Identity Summit. All rights reserved. 2 Mobile AppsWeb Apps SaaS Apps username password username password username password username password username password username password username password username password username password
  • 3. Copyright © 2015 Cloud Identity Summit .All rights reserved. 3
  • 4. Copyright © 2015 Cloud Identity Summit .All rights reserved. 4 Integration Kits
  • 5. It’s time for SSO … … what do you mean by SSO? App Enablement?Session Management? Access Control? Auditing?Authentication Policy? “One Username & Password (or some other form of authentication) just One Time”
  • 6. It’s time for SSO … … and how will we get SSO? Open Standards?On-Premise ? IdaaS? Agents vs Gateway?App Changes? “Eliminate Unnecessary Passwords” (yes, some work will be needed – but you want to do this the right way)
  • 7. Copyright © 2015 Cloud Identity Summit .All rights reserved. 7 Access Management ENTERPRISE Federated Identity Management
  • 8. SSOfor Web Applications Copyright © 2015 Cloud Identity Summit. All rights reserved. 8
  • 9. “First Mile” / “Last Mile” Integration Federation Server Identity Store Federation Server Target App Identity Provider (IdP) Service Provider (SP) “First Mile” “Last Mile”
  • 10. “First Mile” Integration •  If you’re using a Federation Server – hopefully this is just a configuration exercise: •  ADconnect (Active Directory) •  PingFederate (Complex AD, LDAP, WAM, etc.) •  PingOne Cloud Directory (IdaaS user/group dir.) •  Worst case – there are Libraries & APIs to help you integrate a custom portal or user store Copyright © 2015 Cloud Identity Summit. All rights reserved. 10
  • 11. “Last Mile” Integration Here’s where things get interesting … Copyright © 2015 Cloud Identity Summit. All rights reserved. 11
  • 12. “Last Mile” Integration Question #1: Does your application support Web (federated) SSO standards? (i.e.: SAML, WS-Federation, OpenID Connect) Copyright © 2015 Cloud Identity Summit. All rights reserved. 12
  • 13. “Last Mile” Integration – with Standards Copyright © 2015 Cloud Identity Summit. All rights reserved. 13 Federation Server Identity Store Target App Identity Provider (IdP) Service Provider (SP) SAML
  • 14. Copyright © 2015 Cloud Identity Summit. All rights reserved. 14 “Last Mile” Integration – with Standards Your Apps Your Identity Stores / Partners Acme Beta Com SAML SAML SAML Federation Hub
  • 15. “Last Mile” Integration – with Standards Copyright © 2015 Cloud Identity Summit. All rights reserved. 15 Does your app Web SSO standards? (SAML/WS-Fed/OIDC) Do you prefer IdaaS? No Yes Yes No
  • 16. “Last Mile” Integration Question #2: Does your application support HTTP header-based SSO? Copyright © 2015 Cloud Identity Summit. All rights reserved. 16
  • 17. “Last Mile” Integration – with HTTP Headers Federation Server Identity Store Federation Server Target App Identity Provider (IdP) Service Provider (SP) SAML Agent / Gateway HTTP Headers User: joe Email: [email protected] Group: Sales
  • 18. “Last Mile” Integration – with HTTP Headers •  Federated SSO •  PingFederate Integration Kits: •  Apache & IIS •  WAM Features (Session Management, URL Authorization & Auditing) •  Gateway (Reverse Proxy) •  Agents: Apache & IIS Copyright © 2015 Cloud Identity Summit. All rights reserved. 18
  • 19. “Last Mile” Integration – with Standards Copyright © 2015 Cloud Identity Summit. All rights reserved. 19 Does your app support HTTP header based SSO? Do you want WAM features? No Yes Yes No
  • 20. “Last Mile” Integration Question #3: Can you modify the application? Copyright © 2015 Cloud Identity Summit. All rights reserved. 20
  • 21. “Last Mile” Integration – with App Changes Copyright © 2015 Cloud Identity Summit. All rights reserved. 21 Features Approach Effort Level Product(s) Federated SSO Implement SAML L n/a Implement OpenID Connect S n/a HTTP Headers XS PingFederate REST API S PingFederate PingOne SSO Integration Kit SDK Library (Java, .NET) S PingFederate WAM Features (Session Management, URL Authorization & Auditing) HTTP Headers XS PingAccess
  • 22. “Last Mile” Integration Question #4: Did you reach here with 3 NO’s? Copyright © 2015 Cloud Identity Summit. All rights reserved. 22
  • 23. “Last Mile” Integration – “I’m out of options…” •  PingFederate Integration Kits •  Basic SSO (Password Vaulting) Copyright © 2015 Cloud Identity Summit. All rights reserved. 23 … still lost? Talk to us!
  • 24. SSOfor Mobile Applications Copyright © 2015 Cloud Identity Summit. All rights reserved. 24
  • 25. Copyright © 2015 Cloud Identity Summit .All rights reserved. 25 Get Your Time Machines Ready …
  • 26. SSO for Mobile Applications •  Are multiple logins (with the same creds) OK? •  User experience could be mitigated with long lived refresh tokens •  Shared refresh tokens? (Multiple apps – same dev. signer) •  Shared browser session? •  Centralized broker of OAuth Access Tokens •  Napps – http://openid.net/wg/napps/ •  PingOne Mobile – Early Napps draft support compatible with both PingFederate and PingOneCopyright © 2015 Cloud Identity Summit. All rights reserved. 26
  • 27. In Closing … Copyright © 2015 Cloud Identity Summit. All rights reserved. 27
  • 28. Copyright © 2015 Cloud Identity Summit .All rights reserved. 28