Collaborate Disseminate
I’m trying to implement SSO between a custom app and Microsoft 365 so that when the users hit any link to Teams o SharePoint Online in the Liferay app, ADFS doesn’t ask for credentials. Context:
ADFS is owned by corp global IT team and c… Continue reading Implement SSO between a custom app and Microsoft 365 with custom identity provider [migrated]
In the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have scaled down workforces in favor of automation, moved their servers and networks off-premises, and transferred their data to the cloud, but mos… Continue reading Are your cybersecurity investments making you less resilient?
My company has one SSO provider that we use for our back office apps. We’re looking at tightening security for our SaaS offering. We have a fork in the road for implementation – we can either continue using non-SSO (Spring Security) and … Continue reading Is using the same SSO for dev and prod considered safe?
Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight.
The post How to protect your organization’s single sign-on credentials from compromise appeared first … Continue reading How to protect your organization’s single sign-on credentials from compromise
We are implementing SAML/OIDC-based SSO across our enterprise and wanted to get a feel for best practices when it comes to using Personal/Signer Certificates within our IdP.
Historically we’ve utilised the personal certificate that came wi… Continue reading IdP Personal/Signer Certificates
I’m studying a lot about SSO but still having difficultly in understanding which flows need certificates and at which end(SP or IdP). Currently in my system, Salesforce is used as SP and Azure AD is used as IdP.
I understand IdP needs to s… Continue reading Using Certificates between IdP and SP
Our company’s customers can use our IdP to sign-in into about a dozen various service providers we make available. All are third parties running their own sites/domains. We periodically get complaints that signing into Service A doesn’t au… Continue reading Automatic single sign-on for multiple providers
We are using Forgerock OpenAM for managing authentication and authorization and I was wondering if it is possible to use this configuration:
Domain 1 -> App 1 -> Use SAML2
Domain 1 -> App 2 -> Use OpenID Connect
Domain 2 ->… Continue reading Can I combine OpenID Connect and SAML2 protocols in OpenAM
I have 2 websites: a.com and b.com
To avoid using SAML for Single-Sign-On and making things complicated, I’ve taken this approach:
a.com is the identity provider. All users will be asked to sign in on a.com
b.com will receive information f… Continue reading Is is safe to pass an API key in a HMAC hash?
Why are we still talking about passwords? We already have single sign-on (SSO), and passwordless is the new buzzword everyone is talking about, but when you put yourself in the shoes of someone who is responsible for the overall security of an organiza… Continue reading Why are many businesses still not using a password manager?