Section 17.161 Single Sign-On (SSO) Flashcards
Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity. Objectives 4.6 Given a scenario, you must be able to implement and maintain identity and access management.
Single Sign-On (SSO)
Authentication process allowing users to access multiple applications with one set of credentials
■ Simplifies the user experience and enhances productivity by reducing the need to remember multiple p[asswords for various applications
■ Trusted relationship between applications and Identity Providers (IdP)
How SSO Works
SSO works based on a trusted relationship that is established between an appliation and an Identity Provider (IdP)
■ User logs into the primary identity provider (IdP): such as windows domain controller
■ Accesses a secondary application or website configured for SSO
■ The secondary application verifies the user’s identity with the IdP’s assertion
■ Once authenticated, access to the secondary application is granted
Identity Provider (IdP)
The identity provider is a system
that creates, maintains, and manages identity information
for principals while providing authentication services to relying applications within a federation or distributed network.
Benefits of SSO
■ Improved user experience (only remember one set of credentials)
■ Increased productivity (save time not signing in)
■ Reduced IT support costs (service desk password reset is most common call)
■ Enhanced security, encouraging stronger passwords
To enable and support SSO there are Protocols in place:
LDAP (Lightweight Directory Access Protocol)
Used to access and maintain distributed directory information services over an Internet protocol network
● Supports central repository for authentication and authorisation
● Can be secured using LDAPS (LDAP over SSL or StartTLS)
● LDAP stores user data for authorisation, like group memberships and roles
To enable and support SSO there are Protocols in place:
OAuth (Open Authorization)
Open standard for token-based authentication and authorisation that allows third-party services to access user account information without exposing passwords
● Often used in RESTful APIs for secure sharing of user profile data: The client app or service registers with the authorisation server, provides a redirect URL and gets an ID and secret
● Uses JSON Web Tokens (JWT) for data transfer
To enable and support SSO there are Protocols in place:
SAML (Security Assertion Markup Language)
Standard for logging users into applications based on sessions in another context.
Redirects users to an identity provider for authentication
● Eliminates the need for services to authenticate users directly
● Decouples services from identity providers, enhancing security and flexibility
