Ask the Experts

Ask the Experts

Single-sign on (SSO) and federated identity

• For minimum password length, are 14-character passwords sufficient?

  When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe.  Continue Reading

• What are the key identity and access management benefits?

  Identity and access management benefits range from access control to password management. What are some key advantages of a broad IAM framework?  Continue Reading

• How does a SAML vulnerability affect single sign-on systems?

  Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works.  Continue Reading

• Single sign-on best practices: How can enterprises get SSO right?

  Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it.  Continue Reading

• OneLogin data breach: What does the attack mean for SSOs?

  A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies.  Continue Reading

• Insecure OAuth implementations: How are mobile app users at risk?

  Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely.  Continue Reading

• How has enterprise SSO technology evolved?

  Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.  Continue Reading

• When single sign-on fails, is a second SSO implementation worthwhile?

  After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses.  Continue Reading

• How to mitigate Atlassian Crowd's SSO vulnerability

  Network security expert Brad Casey advises how to mitigate the vulnerability in SSO product Atlassian Crowd until an upgrade can be performed.  Continue Reading

• Types of SSO: Comparing two vendors' approaches to single sign-on

  Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.  Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.  Continue Reading

• Detecting and blocking suspicious logins, unusual login activity in the enterprise

  Randall Gamby dissects the delicate but crucial science of detecting and blocking suspicious logins and unusual login activity in the enterprise.  Continue Reading

• Identity management SSO security: Hardening single sign-on systems

  Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby.  Continue Reading

• Password security vaults: Is SSO authentication better?

  Password security vaults may be able to aid users in remembering many different passwords, but are they the most secure solutions? IAM expert Randall Gamby gives his recommendations on setting password technology policy.  Continue Reading

• How to install a new router to prevent single sign-on problems

  Are you receiving router pop-up messages telling you that it is "Unable to do single sign-on or federation"? In this expert response, learn what you need to do to get your router back on track.  Continue Reading

• How to use single sign-on (SSO) for a server configuration

  Using SSO for a server configuration can be done a few different ways. Learn more in this expert response from Randall Gamby.  Continue Reading

• How to log in to multiple servers with federated single sign-on (SSO)

  Single sign-on is a rapidly evolving technology that, when partnered with federation tools, can offer a greater and greater level of granularity for access control. Learn how from expert Randall Gamby.  Continue Reading

• User provisioning and SSO for PeopleSoft- and Unix-based products

  When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in this IAM expert response.  Continue Reading

• Pre-requisites for implementing enterprise single sign-on (SSO)

  Implementing single sign-on (SSO) in an enterprise involves many security considerations, and there are no universal protocals. Identity access management expert Joel Dubin gives his advice on implementation.  Continue Reading

• Using SSO to authenticate employees on a business partner's training site

  Using SSO integration can be a good choice when concerned with website security. Joel Dubin explains.  Continue Reading

• What type of protections should security question and answer authentication credentials have?

  Identity management and access control expert Joel Dubin discusses how corporations can secure security question and answer authentication credentials.  Continue Reading

• Traditional single sign-on (SSO) products versus federated identities

  Identity management and access control expert Joel Dubin discusses the pros and cons of single sign-on products and federated identities.  Continue Reading

• Does single sign-on (SSO) improve security?

  In this expert response, security pro Joel Dubin discusses the impact that enterprise single sign-on (SSO) can have on a security program.  Continue Reading

• What are the risks of turning off pre-boot authentication?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the dangers associated with turning off pre-boot authentication (PBA)?  Continue Reading

• How to test an enterprise single sign-on login

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login.  Continue Reading

• Can ADFS technology manage multiple-user authentication?

  In this SearchSecurity.com Q&A, Joel Dubin, expert in identity management and access control, addresses multiple aspects of ADFS systems, including the technology's ability to authenticate multiple users to a Web application.  Continue Reading

• Can single sign-on (SSO) provide authentication for remote logons?

  If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A.  Continue Reading

• How to begin identity management and access control implementation

  Looking to build an identity management and access control program from scratch? In this expert Q&A, Joel Dubin explains what you'll need to do first.  Continue Reading

• How do local identity, SSO and federated identity management models differ?

  In many organizations, users have several applications that they need to log on to, each requiring distinct user IDs and passwords. In our expert Q&A, Joel Dubin explains how federated identity management and single sign-on can provide convenient ...  Continue Reading

• What components should an application security management system (ASMS) have?

  Is there one product that will solve all of your ASMS needs? Maybe not, but Identity Management and Access Control expert Joel Dubin reviews the three components that should be included in any application security management system, in this Ask the...  Continue Reading

• How does single sign-on affect compliance efforts?

  In this Identity Management and Access Control Ask the Expert Q&A, resident Joel Dubin examines how using single sign-on influences enterrprise-wide compliance efforts.  Continue Reading

• What is federated identity management?

  A SearchSecurity.com member asks, "What is federated identity management?" Resident identity management and access control expert Joel Dubin tackles this question in this Ask the Expert Q&A.  Continue Reading

• How SSOs differ from login and passwords

  Learn how SSO systems and login and passwords differ, and which systems are more likely to be exploited and why in this Ask the Expert Q&A.  Continue Reading

• What is single sign-on?

  Learn what single sign-on is and how it can help save your enterprise time and money.  Continue Reading

• Expert opinion on the viability of SSO

   Continue Reading

• SSO on client-server applications

   Continue Reading

• Factors to consider before implementing single sign-on

   Continue Reading

• How single sign-on works

   Continue Reading