Manage

Single sign on SSO and federated identity

• Even with a roadmap, zero-trust model an ongoing process

  Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises. Continue Reading

• For minimum password length, are 14-character passwords sufficient?

  When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe. Continue Reading

• IAM system strategy identifies metrics that work for business

  Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading

• OneLogin security chief delivers new security model

  How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading

• 10 unified access management questions for OneLogin CSO Justin Calmus

  Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading

• federated identity management

  Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group.Continue Reading

• How does a SAML vulnerability affect single sign-on systems?

  Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works.Continue Reading

• Single sign-on best practices: How can enterprises get SSO right?

  Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it.Continue Reading

• OneLogin data breach: What does the attack mean for SSOs?

  A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies.Continue Reading

• How to balance organizational productivity and enterprise security

  It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction.Continue Reading

• How to make single sign-on simple and secure

  Single sign-on (SSO) has a complicated history filled with frustration and failure. Look at it just from a protocol point of view: OpenID, Security Assertion Markup Language (SAML), OAUTH, YAML, Shibboleth and so on. Of course some enterprises took ...Continue Reading

• When single sign-on fails, is a second SSO implementation worthwhile?

  After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses.Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.Continue Reading

• Identity management SSO security: Hardening single sign-on systems

  Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby.Continue Reading

• How to use single sign-on (SSO) for a server configuration

  Using SSO for a server configuration can be done a few different ways. Learn more in this expert response from Randall Gamby.Continue Reading

• Changing times for identity management

  Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.Continue Reading

• Kerberos configuration as an authentication system for single sign-on

  Looking to implement single sign-on in your enterprise, but have a lot of custom applications that don't seem compatible? In this tip, IAM expert David Griffeth takes a look at Kerberos, a non-proprietary IAM tool, as a solution to network ...Continue Reading

• Sun launches open source OpenSSO for identity management

  Sun integrates access management, federation and secure Web services in its new OpenSSO EnterpriseContinue Reading

• SaaS Offering Handles SSO

  TechFocus: New Password Hell?Continue Reading

• Logical, physical security integration challenges

  Integrating physical and IT security can reap considerable benefits for an organization, including enhanced efficiency and compliance plus improved security. But convergence isn't easy. Challenges include bringing the physical and IT security teams ...Continue Reading

• Can ADFS technology manage multiple-user authentication?

  In this SearchSecurity.com Q&A, Joel Dubin, expert in identity management and access control, addresses multiple aspects of ADFS systems, including the technology's ability to authenticate multiple users to a Web application.Continue Reading

• DigitalPersona Workstation Pro and Server for Biometric Authentication

  This review evaluates DigitalPersona Pro, a single sign-on (SSO) software suite that allows an enterprise to replace passwords with biometric fingerprint readers or provide dual-factor authentication.Continue Reading

• How to begin identity management and access control implementation

  Looking to build an identity management and access control program from scratch? In this expert Q&A, Joel Dubin explains what you'll need to do first.Continue Reading

• How do local identity, SSO and federated identity management models differ?

  In many organizations, users have several applications that they need to log on to, each requiring distinct user IDs and passwords. In our expert Q&A, Joel Dubin explains how federated identity management and single sign-on can provide convenient ...Continue Reading

• Enhanced Identity and Access Management

  From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls.Continue Reading

• What components should an application security management system (ASMS) have?

  Is there one product that will solve all of your ASMS needs? Maybe not, but Identity Management and Access Control expert Joel Dubin reviews the three components that should be included in any application security management system, in this Ask the...Continue Reading

• Imprivata's OneSign ENA product review

  Product review of Imprivata's OneSign ENA cost effective network authentication tool, which manages USB tokens, smartcards, OTPs and fingerprint biometrics.Continue Reading

• Single Sign-On Explained

  SPECIAL Managing identity and access can be as easy as 1, 2, 3.
  1 is the loveliest numberContinue Reading

• Identity and Access Management Services, Systems and Technologies

  Government regulations and the convenience of federated identities have made identity management and access control a priority for many enterprises. This Identity and Access Management Services, Systems and Technologies Security School explores ...Continue Reading

• What is federated identity management?

  A SearchSecurity.com member asks, "What is federated identity management?" Resident identity management and access control expert Joel Dubin tackles this question in this Ask the Expert Q&A.Continue Reading

• Cheat sheet: Access management solutions and their pros and cons

  A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization.Continue Reading

• Imprivata's OneSign 2.8 - Single Sign-On

  Imprivata's OneSign 2.8Continue Reading

• Checklist for meeting the PCI Data Security Standard

  Contributor Diana Kelley summarizes the best ways to meet the PCI Data Security Standard.Continue Reading

• Delivering SSO: Postal Service simplifies passwords

  Nobody likes passwords: not employees, and certainly not infosec teams. Not only are passwords often difficult to remember (leading to employees writing them down and possibly lose them -- a huge security risk), but they are also cumbersome due to ...Continue Reading

• Password security issues: How enterprise single sign-on can help

  Learn how the U.S. Postal Service has reduced password security issues and improved productivity by leveraging enterprise single sign-on.Continue Reading

• Review: RSA ClearTrust 5.5 secure federated identity management system

  RSA ClearTrust 5.5 eases the administration of securing Web services identity management across business partners' systems.Continue Reading