Tag Archive for: SSO

Federated Authentication vs. SSO: What’s the Difference?

/in


If you’ve ever deployed a new application for your organization, you know first-hand the grumbling and security headaches that can come with it. It’s one more sign-on and password for your users to remember (or – more likely – write on a post-it and leave in their desk drawer for anyone to stumble across).

Did you know that over 40% of employees have admitted to using the same two to four passwords for all of their accounts? Even if you try to combat this with 90-day password requirements, it usually ends with numbered variations of the same password, which is a security nightmare.

So how can you combat password fatigue and poor security practices without putting the onus on your users? That’s where tools like federated authentication and single sign-on (SSO) come in. These authentication methods streamline the sign-in process and make it easier for your users to access the necessary applications and sites.

Which one is right for your organization? Read on to learn more about federated authentication vs. SSO and what implications the nuances between them have for your organization.

What Is Federated Authentication?

Federated authentication, or federated identity management (FIM), is a model of authentication developed to address an early problem of the internet where users on one domain could not access information from other domains. This was especially difficult for organizations whose operations were spread across multiple domains. It created a very disjointed and frustrating user experience.

FIM was developed as a solution to this problem. It started as a list of agreements and standards that allowed organizations to share user identities. This is the type of agreement that allows you to sign-in to Paramount Plus with your Amazon account or into Spotify with your Google account information.

But no matter where you’re signing in or with which credentials, it’s not the applications themselves that are reviewing or authenticating user credentials. Instead, an identity provider (IdP) reviews them and validates (or doesn’t). This often requires the use of open-sourced Security Assertion Markup Language like OAuth or OpenID Connect. These are open standards that…

Source…

Secure SSO for Cloud Applications using existing on premise Active Directory Identities

/in


single sign on userlock

The new release of UserLock 11 provides existing on-premise Active Directory (AD) Identities with secure Single Sign-On (SSO) access to both the corporate network and multiple cloud applications, from wherever they are working. In combination with Multi-Factor Authentication (MFA) it enables on-premise AD identities to securely access Microsoft 365 and other leading cloud applications.

  • For maximum security and ease, Userlock SSO maintains Windows Server Active Directory as the authoritative user directory and extends it to work with the cloud.
  • Given the increased vulnerability of corporate passwords for all organizations, UserLock’s granular Multifactor Authentication (MFA) provides the SSO protection you need without unnecessarily impeding employees.
  • New MFA enhancements have been added to help organizations scale MFA across all employees.

 

Today’s modern hybrid organization relies on Active Directory and the cloud to operate. With the demand for remote work at an unprecedented scale, IT teams need to streamline access to both the corporate network and cloud application from wherever employees are working.

This change in user access requirements creates new security risks that can often lead organizations to adopt either complex, costly or disruptive changes.” said François Amigorena, President & CEO of IS Decisions.

With UserLock, organizations can benefit from an easy-to-use, non-disruptive and affordable SSO solution that leverage’s their existing investment in Active Directory to effectively secure employees access to both the corporate network and multiple cloud applications.”

On-site Federated Authentication

Installed in minutes on a standard Windows server, UserLock SSO supports SAML 2.0 protocol to enable federated authentication of cloud applications. Each user needs to log in only once with their existing AD credentials (and a second factor if required), to seamlessly access all cloud resources.

  • Secure on site authentication is retained, even for remote access
  • Accounts, services, roles and group policies continue to be enforced
  • No need to create and manage a new directory for user ID’s
  • No change or provisioning needed for existing access to…

Source…