Integrate Office365 login but allow only users from one specific organisation [migrated]

I’m member of an association that uses Microsoft Office 365. I’m not an administrator.
Now I’m creating a small web application and this is hosted totally independent of our association (diffent hosting, different domain name).
The intenti… Continue reading Integrate Office365 login but allow only users from one specific organisation [migrated]

A website asks you to enter a Microsoft/Google/Facebook password. How do you know it is safe?

A website prompts me to log in to my Microsoft Account. In order to perform my task, it requires me to enter that password.
How does the "average user" avoid giving all their login details to a malicious website? What would you… Continue reading A website asks you to enter a Microsoft/Google/Facebook password. How do you know it is safe?

How hybrid workforces are reshaping authentication strategies

In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometric… Continue reading How hybrid workforces are reshaping authentication strategies

Reducing credential complexity with identity federation

In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances… Continue reading Reducing credential complexity with identity federation

What are the downsides of matching by email in SSO logins (e.g. Google, Facebook, Apple, Microsoft)?

Context
I’ve read somewhere that one should not match by email (e.g. the email given by the Google JWT token) when using SSO (e.g. OpenID Connect) but it’s not clear to me why.
The recommended approach seems to be using aud and sub claims … Continue reading What are the downsides of matching by email in SSO logins (e.g. Google, Facebook, Apple, Microsoft)?