Single-sign on (SSO) and federated identity
Enterprise single sign-on (SSO) technologies can help reduce help-desk calls and user mistakes by consolidating credentials into one single password for all applications and services. Read the news and technical advice here to find deployment strategies and practical advice for SSO and federated identity.
Top Stories
-
Feature
30 Jul 2021
Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
-
Feature
30 Jul 2021
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
-
Definition
31 Aug 2021
federated identity management (FIM)
Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks. Continue Reading
-
Feature
30 Jul 2021
Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
-
Feature
30 Jul 2021
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
-
News
24 Jun 2021
Atlassian moves to lock down accounts from takeover bugs
Check Point Research uncovered a set of flaws that, if chained together, would have enabled attackers to hijack accounts with single sign-on enabled. Continue Reading
-
News
04 Mar 2021
Okta acquires identity rival Auth0 for $6.5 billion
Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration. Continue Reading
-
News
28 Oct 2020
Ping Identity launches passwordless authentication system
Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target. Continue Reading
-
Feature
29 Sep 2020
Explore self-sovereign identity use cases and benefits
The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
-
Feature
29 Sep 2020
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading
-
News
10 Jul 2020
Cybercriminals auction off admin credentials for $3,000
Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows. Continue Reading
-
News
08 Aug 2019
'Dupe' there it is: SAML authentication bypass threatens Microsoft
Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key confusion,' which allows threat actors to bypass Microsoft's SAML token validation. Continue Reading
-
News
09 Jul 2019
OneLogin Desktop Pro for Windows reduces password load
By eliminating the need for remote workers to sign into Active Directory to access their network, OneLogin's Desktop Pro for Windows aims to make working remotely easier, according to the vendor. Continue Reading
-
News
01 Jul 2019
IAM market evolves, but at a cost
At a recent security and identity conference, attendees discussed the IAM market in clear terms: Shiny new features might be cool, but practicality reigns. Continue Reading
-
Feature
28 Jun 2019
Identity access management at a crossroads
In this Q&A, Ping Identity CEO Andre Durand explains why identity management is being subsumed by security and how AI and automation will modernize identity management systems. Continue Reading
-
Feature
27 Jun 2019
Words to go: Identity and access management security
IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
-
News
05 Jun 2019
Apple single sign-on option promises privacy for users
Apple is preparing its own single sign-on offering, called Sign In with Apple, which will focus on user privacy. But experts are split on how well this will work. Continue Reading
-
News
08 Feb 2019
Defense Department eyes behavioral biometrics with new contract
The Department of Defense awards a $2.4 million contract to Twosense.AI in order to create a behavioral biometrics system that can replace the current ID card system. Continue Reading
-
Tip
17 Dec 2018
For effective customer IAM, bundle security and performance
CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading
-
Feature
03 Dec 2018
IAM system strategy identifies metrics that work for business
Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
- 03 Dec 2018
-
Feature
16 Aug 2018
OneLogin security chief delivers new security model
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
-
Feature
13 Aug 2018
10 unified access management questions for OneLogin CSO Justin Calmus
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
-
Answer
07 Jun 2018
How does a SAML vulnerability affect single sign-on systems?
Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works. Continue Reading
-
Answer
28 Feb 2018
Single sign-on best practices: How can enterprises get SSO right?
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it. Continue Reading
-
News
27 Feb 2018
New SAML vulnerability enables abuse of single sign-on
Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading
-
Answer
19 Dec 2017
OneLogin data breach: What does the attack mean for SSOs?
A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading
-
Feature
28 Nov 2017
Security Controls Evaluation, Testing, and Assessment Handbook
In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control. Continue Reading
-
Tip
19 Sep 2017
How to balance organizational productivity and enterprise security
It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. Continue Reading
-
Feature
12 Jul 2017
Q&A: Ping CEO on contextual authentication, intelligent identity
Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading
-
News
02 Jun 2017
Users' SSO information at risk after OneLogin security breach
News roundup: OneLogin security breach puts SSO data at risk but is vague about the details. Plus, Gmail boosts its phishing detection features, and more. Continue Reading
-
Answer
05 Apr 2017
Insecure OAuth implementations: How are mobile app users at risk?
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely. Continue Reading
-
Answer
15 May 2014
When single sign-on fails, is a second SSO implementation worthwhile?
After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses. Continue Reading
-
Answer
01 Jun 2007
How to test an enterprise single sign-on login
In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login. Continue Reading
-
Answer
07 Feb 2007
Can single sign-on (SSO) provide authentication for remote logons?
If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A. Continue Reading