Security Operations: Examining Sing Sign-on Flashcards
What is SSO?
SSO is an authentication process that uses technologies that enable users to access multiple applications, services, and resources by using a single set of login credentials.
Benefits of SSO?
Benefits of SSO include:
Eliminating the need for users to enter multiple usernames and passwords, which simplifies the user experience.
Providing centralized access control to multiple services.
Providing increased security with multifactor authentication (MFA) and conditional access, such as attribute-based access control.
What is Identity federation?
Identity federation is a mechanism that allows users to access multiple systems, applications, or resources using a single set of login credentials, reducing the burden of authentication and improving user experience.
What is an IdP?
An identity provider (IdP) is a trusted entity that authenticates users and provides identity information to a service provider. IdPs can be:
Internal, such as Active Directory Domain Service (AD DS) or a lightweight directory access protocol (LDAP) server.
External, such as large service providers such as Google, Facebook, and Microsoft.
What are the benefits of IdP?
Being commonly used. We use them daily on the web, and in applications, the cloud, and on-premises.
Providing centralized management.
Offering familiarity: They provide a better user experience.
Enabling seamless, secure access to various resources with a single login.
Providing large user-identity databases for a fee. This applies to external IdPs.
What Other SSO technologies are there available?
SAML
OAuth2.0
OpenID
Kerberos
What is SAML?
SAML: Security Assertion Markup Language - A standardized, XML-based way to communicate authentication data once and then reuse that information across multiple resources.
Authentication & Authorization
what is OAuth?
OAuth: An authorization framework, as opposed to a protocol, in SSO implementations that enables IdPs to limit access permissions. It:
Is presented to a Service Provider (SP), typically a web app, on behalf of a user, allowing seamless access to protected resources without sharing the user’s login credentials.
Separates the authorization service and API server, the latter of which only receives OAuth tokens.
What is OpenID?
OpenID: Adds an identity layer to OAuth2.0, providing information about the user. It enables client login sessions.
Uses ID Token for Authentication
What is Kerberos?
Kerberos: A network authentication protocol enabling secure authentication between clients and servers within a network, thereby facilitating SSO and data encryption for enhanced security.
Provides TGT’s when you need to access a fileserver Kerberos provides session ticket it does not use TGT to access file server it uses the session ticket to gain access to the file server.
