Collaborate Disseminate
Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight.
The post How to protect your organization’s single sign-on credentials from compromise appeared first … Continue reading How to protect your organization’s single sign-on credentials from compromise
We are implementing SAML/OIDC-based SSO across our enterprise and wanted to get a feel for best practices when it comes to using Personal/Signer Certificates within our IdP.
Historically we’ve utilised the personal certificate that came wi… Continue reading IdP Personal/Signer Certificates
I’m studying a lot about SSO but still having difficultly in understanding which flows need certificates and at which end(SP or IdP). Currently in my system, Salesforce is used as SP and Azure AD is used as IdP.
I understand IdP needs to s… Continue reading Using Certificates between IdP and SP
Our company’s customers can use our IdP to sign-in into about a dozen various service providers we make available. All are third parties running their own sites/domains. We periodically get complaints that signing into Service A doesn’t au… Continue reading Automatic single sign-on for multiple providers
We are using Forgerock OpenAM for managing authentication and authorization and I was wondering if it is possible to use this configuration:
Domain 1 -> App 1 -> Use SAML2
Domain 1 -> App 2 -> Use OpenID Connect
Domain 2 ->… Continue reading Can I combine OpenID Connect and SAML2 protocols in OpenAM
I have 2 websites: a.com and b.com
To avoid using SAML for Single-Sign-On and making things complicated, I’ve taken this approach:
a.com is the identity provider. All users will be asked to sign in on a.com
b.com will receive information f… Continue reading Is is safe to pass an API key in a HMAC hash?
Why are we still talking about passwords? We already have single sign-on (SSO), and passwordless is the new buzzword everyone is talking about, but when you put yourself in the shoes of someone who is responsible for the overall security of an organiza… Continue reading Why are many businesses still not using a password manager?
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on (SSO) technology, rese… Continue reading Account pre-hijacking attacks possible on many online services
Torii announced a report revealing that 69% of tech executives believe shadow IT is a top concern related to SaaS – or cloud application – adoption. The majority of respondents have made exceptions to their SaaS security protocols, with 80% doing so be… Continue reading Shadow IT is a top concern related to SaaS adoption
We are trying to set up(I am not part of the setting up process) an SSO based login for an ITSM application. Our organisation has some users working for us although they use their own organisation email address to log in. We use OKTA as ou… Continue reading How does the SAML based SSO differ for Internal (employees) and External users (external resources)?