Single-sign on (SSO) and federated identity

Enterprise single sign-on (SSO) technologies can help reduce help-desk calls and user mistakes by consolidating credentials into one single password for all applications and services. Read the news and technical advice here to find deployment strategies and practical advice for SSO and federated identity.

February 27, 2018 27 Feb'18
New SAML vulnerability enables abuse of single sign-on

Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords.
July 12, 2017 12 Jul'17
Q&A: Ping CEO on contextual authentication, intelligent identity

Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises.
June 02, 2017 02 Jun'17
Users' SSO information at risk after OneLogin security breach

News roundup: OneLogin security breach puts SSO data at risk but is vague about the details. Plus, Gmail boosts its phishing detection features, and more.
January 12, 2016 12 Jan'16
OAuth vulnerabilities must be fixed in the standard

Researchers in Germany have found two OAuth vulnerabilities, which could allow attackers to break the authorization and authentication standard. And an expert said the fix must be made to the standard itself.

Bring yourself up to speed with our introductory content

employee onboarding and offboarding

Employee onboarding and offboarding are two core HR activities that are gaining in importance. Continue Reading
federated identity management

Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group. Continue Reading
Single sign-on best practices: How can enterprises get SSO right?

Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Top 5 EMM implementation considerations

The wrong move can make or break your enterprise mobility management implementation. Broad device support, automated enrollment and single sign-on are must-have features. Continue Reading
Enterprise identity management tools keep cloud hackers at bay

Bringing new application types and integration points into the enterprise, cloud can complicate user identity management. So, how can you be sure your data is secure? Continue Reading
How to get started with IAM services in the cloud

Security is critical in the cloud, so it isn't surprising that identity and access management services are in high demand. Learn why you need IAM, and what services to consider. Continue Reading

Learn to apply best practices and optimize your operations.

OneLogin security chief delivers new security model

How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
10 unified access management questions for OneLogin CSO Justin Calmus

Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
How does a SAML vulnerability affect single sign-on systems?

Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Insecure OAuth implementations: How are mobile app users at risk?

Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely. Continue Reading
How to mitigate Atlassian Crowd's SSO vulnerability

Network security expert Brad Casey advises how to mitigate the vulnerability in SSO product Atlassian Crowd until an upgrade can be performed. Continue Reading
Types of SSO: Comparing two vendors' approaches to single sign-on

Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO. Continue Reading