Single-sign on (SSO) and federated identity

Enterprise single sign-on (SSO) technologies can help reduce help-desk calls and user mistakes by consolidating credentials into one single password for all applications and services. Read the news and technical advice here to find deployment strategies and practical advice for SSO and federated identity.

Top Stories

Feature 30 Jul 2021
Keycloak tutorial: How to secure different application types

IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
Feature 30 Jul 2021
Secure applications with Keycloak authentication tool

As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading

Definition 31 Aug 2021

federated identity management (FIM)

Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks. Continue Reading
Feature 30 Jul 2021

Keycloak tutorial: How to secure different application types

IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
Feature 30 Jul 2021

Secure applications with Keycloak authentication tool

As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
News 24 Jun 2021

Atlassian moves to lock down accounts from takeover bugs

Check Point Research uncovered a set of flaws that, if chained together, would have enabled attackers to hijack accounts with single sign-on enabled. Continue Reading
News 04 Mar 2021

Okta acquires identity rival Auth0 for $6.5 billion

Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration. Continue Reading
News 28 Oct 2020

Ping Identity launches passwordless authentication system

Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target. Continue Reading
Feature 29 Sep 2020

Explore self-sovereign identity use cases and benefits

The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
Feature 29 Sep 2020

How self-sovereign identity principles suit the modern world

There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading
News 10 Jul 2020

Cybercriminals auction off admin credentials for $3,000

Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows. Continue Reading
News 08 Aug 2019

'Dupe' there it is: SAML authentication bypass threatens Microsoft

Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key confusion,' which allows threat actors to bypass Microsoft's SAML token validation. Continue Reading
News 09 Jul 2019

OneLogin Desktop Pro for Windows reduces password load

By eliminating the need for remote workers to sign into Active Directory to access their network, OneLogin's Desktop Pro for Windows aims to make working remotely easier, according to the vendor. Continue Reading
News 01 Jul 2019

IAM market evolves, but at a cost

At a recent security and identity conference, attendees discussed the IAM market in clear terms: Shiny new features might be cool, but practicality reigns. Continue Reading
Feature 28 Jun 2019

Identity access management at a crossroads

In this Q&A, Ping Identity CEO Andre Durand explains why identity management is being subsumed by security and how AI and automation will modernize identity management systems. Continue Reading
Feature 27 Jun 2019

Words to go: Identity and access management security

IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
News 05 Jun 2019

Apple single sign-on option promises privacy for users

Apple is preparing its own single sign-on offering, called Sign In with Apple, which will focus on user privacy. But experts are split on how well this will work. Continue Reading
News 08 Feb 2019

Defense Department eyes behavioral biometrics with new contract

The Department of Defense awards a $2.4 million contract to Twosense.AI in order to create a behavioral biometrics system that can replace the current ID card system. Continue Reading
Tip 17 Dec 2018

For effective customer IAM, bundle security and performance

CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading
Feature 03 Dec 2018

IAM system strategy identifies metrics that work for business

Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
03 Dec 2018

IAM system strategy identifies metrics that work for business

Continue Reading
Feature 16 Aug 2018

OneLogin security chief delivers new security model

How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
Feature 13 Aug 2018

10 unified access management questions for OneLogin CSO Justin Calmus

Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
Answer 07 Jun 2018

How does a SAML vulnerability affect single sign-on systems?

Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works. Continue Reading
Answer 28 Feb 2018

Single sign-on best practices: How can enterprises get SSO right?

Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it. Continue Reading
News 27 Feb 2018

New SAML vulnerability enables abuse of single sign-on

Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading
Answer 19 Dec 2017

OneLogin data breach: What does the attack mean for SSOs?

A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading
Feature 28 Nov 2017

Security Controls Evaluation, Testing, and Assessment Handbook

In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control. Continue Reading
Tip 19 Sep 2017

How to balance organizational productivity and enterprise security

It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. Continue Reading
Feature 12 Jul 2017

Q&A: Ping CEO on contextual authentication, intelligent identity

Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading
News 02 Jun 2017

Users' SSO information at risk after OneLogin security breach

News roundup: OneLogin security breach puts SSO data at risk but is vague about the details. Plus, Gmail boosts its phishing detection features, and more. Continue Reading
Answer 05 Apr 2017

Insecure OAuth implementations: How are mobile app users at risk?

Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely. Continue Reading
Answer 15 May 2014

When single sign-on fails, is a second SSO implementation worthwhile?

After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses. Continue Reading
Answer 01 Jun 2007

How to test an enterprise single sign-on login

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login. Continue Reading
Answer 07 Feb 2007

Can single sign-on (SSO) provide authentication for remote logons?

If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A. Continue Reading