What is sso
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

What is SSO? PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on
  • Presentation posted in: General

What is SSO?. Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.”. Benefits.

Download Presentation

What is SSO?

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


What is sso

What is SSO?

  • Wikipedia Says…

    “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.”


Benefits

Benefits

  • Reduce password fatigue

  • Reduce time spent re-entering passwords

  • Abstract authentication from systems

  • Lower calls to Help Desk about passwords

  • Centralized reporting for compliance

  • Can rationalize multiple authentication methods

  • Improved interaction with 3rd Party


Potential problems

Potential Problems

  • True Single Sign On is often hard to accomplish

  • “keys to the castle”

  • High Availability becomes the new IdM buzzword (well one of them)


Some of the choices

Some of the Choices

  • Jasig CAS

  • CoSign

  • Kerberos

  • OpenSSO

  • JOSSO

  • Shibboleth


What to look for

What to Look For

  • What protocol do they use?

  • What kind of “clients” do they have?

  • Features:

    • Opt Out of Single Sign On

    • Management

    • Monitoring

    • High Availability / Scalability

    • Flexibility

    • “ClearPass”

  • Deployment/Maintainability


Rolling out sso why

Rolling Out SSO – Why?

  • Its easy! (relatively)

    • Assumes you’ve already solved your ID problem

  • It’s a “big” win

  • Highly visible

  • Oh, and all that stuff listed under Benefits


Getting people to use it

Getting People to Use It

  • Documentation!

  • Present, Present, Present! (Education)

  • A Compelling Reason

    • Features

    • Ease-Of-Use

    • Auditing

    • Superior User Experience

  • Support It!

  • Strong Arm (not a pleasant experience)


What else do you need

What Else Do You Need?

  • Goes well with…

    • Self-Password Reset/Change

    • Lookup Id

    • Profile

  • User Education

  • Help Desk Support

  • Trusted SSL Certificates


Related

Related

  • Single Sign Out

  • OpenID – decentralized authentication system

  • Federation

  • Facebook Connect - API to let user log in via Facebook

  • InfoCards -


What comes next

What Comes Next?

  • Rolling out an SSO will raise some of the following questions/concerns:

    • We can’t use SSO because it doesn’t support all types of guests easily*

    • What’s your SLA?

    • Why does it take so long to get an ID?*

    • What about access control?*

    • What is the password policy?

    • What’s the identifier usage policy?


The person registry

The Person Registry


It can help with those d ones

It can help with those *’d ones


You probably already have one

You Probably Already Have One!

(but it sucks!)


What does it do

What Does It Do?

  • Store identity data about your people

  • Reconciles different versions

  • Makes (usually) intelligent choices

  • Helps feed other systems

    • Directory builder

    • Provisioning

    • Reporting


Choices

Choices?

  • Not too many!

    • Very few higher education options

    • Most non-Higher Education ones don’t get “higher ed”

      • Multiple sources for a person

      • Multiple possible hierarchies

      • Every university is (slightly) different


Openregistry plug

OpenRegistry Plug!

  • What is OpenRegistry?

    • OpenRegistry is an OpenSource Identity Management System (IDMS). It's a place for data about people affiliated with your organization.

  • Core Functionality

    • Interfaces for web, batch, and real-time data transfer

    • Identity data store

    • Identity reconciliation from multiple systems of record

    • Identifier assignment for new, unique individuals

  • Additional Functionality

    • Data beyond Persons: Groups, Courses, Credentials, Accounts

    • Business Rule based data transformations

    • More than just a Registry, some periphery too

    • Directory Builder

    • Provisioning and Deprovisioning


Changing your idm system

Changing Your IdM System

  • Two Options:

    • “The Big Bang”

    • Transitional


The big bang

“The Big Bang”

  • Benefits

    • Not maintaining two versions for extended period of time

    • Direct Developer Resources towards new project

  • Cons

    • This stuff better work! (or expect some pissed off people)

    • Significant investment in testing phase

    • What’s the back up plan?

    • Restrictions on flexibility


Transitional

Transitional

  • Benefits

    • Significant time to test system “in production” with real data

    • Built-in Back Up Plan

    • More flexible scheduling

  • Cons

    • Maintaining multiple systems for extended period

    • Ambiguity about where to go for data

    • In some instances, double the work!


What does rutgers do

What does Rutgers do?

  • We totally confuse the issue

    • We’ve “big banged” ourselves for Dec 2010 (PeopleSoft deployment)

    • We’ve committed to maintaining the legacy system feeds

    • We are gradually rolling it out!

  • Why?

    • It seemed like a good idea at the time!

    • “Big Bang” attachment to PeopleSoft gets IdM on the radar and stresses importance

    • Pilot Groups much earlier!

    • Unfortunately, it puts IdM on the radar

    • With schedule, no time to update all legacy feeds


Bigger than you think

Bigger Than You Think

  • Building a registry is tough!

  • Deploying a registry is tougher!

  • Touches everything!

    • Data is owned by others

    • Policies around accessing data, identifiers, etc.

    • Downstream concerns with new populations

    • Poorly written tools that won’t work with the new system

    • Help Desk Nightmare!

    • Start Looking at EVERYTHING

  • What does it all mean?


  • Rutgers account tools

    Rutgers Account Tools


    Rutgers account tools1

    Rutgers Account Tools


    Rutgers netid activation

    Rutgers NetID Activation


    Rutgers netid activation1

    Rutgers NetID Activation


    Rutgers password management

    Rutgers Password Management


    Rutgers password management1

    Rutgers Password Management


    Rutgers netid management

    Rutgers NetID Management


    Rutgers netid management1

    Rutgers NetID Management


    Governance

    Governance


    What is governance

    What is Governance?

    (according to Wikipedia)

    • Governance is the activity of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists either of a separate process or of a specific part of management or leadership processes. Sometimes people set up a government to administer these processes and systems.

    • In the case of a business or of a non-profit organization, governance relates to consistent management, cohesive policies, processes and decision-rights for a given area of responsibility. For example, managing at a corporate level might involve evolving policies on privacy, on internal investment, and on the use of data.


    What does idm governance cover

    What does IdM Governance cover?

    • Policies

    • Responsibility

    • Coordination and Prioritization

    • Compliance

    • Some of them like the details (i.e. text on the page!)  really really annoying

    • Making the Case

    • Communication


    When do you want it

    When do you want it?

    • Not too early

    • But not too late

    • Becomes important when you start depending on others


    What makes a good one

    What Makes a Good One?

    • Some level of actual authority

    • A method for measuring accountability

    • Transparent

    • Leave us better of!


    What happens when it fails

    What Happens When It Fails?

    • Fiefdoms continue to exist

    • Duplicate data everywhere!

    • Duplicate application development

    • Misuse of information


    Models

    Models

    • None – just like it sounds

    • Explicitly Decentralized

      • High level group sets policy

      • Specialized groups implement policy

    • Centralized

      • Makes just about all the decisions

    • Hybrid


    Levels of maturity

    Levels of Maturity

    (according to Burton)

    1. initial – no process.

    2. repeatable – starting to understand processes

    3. defined – process documented, standardized and integrated.

    4. Managed

    5. optimized


    And we re done with governance

    And We’re Done with Governance

    • Two key points:

      • You need a champion of sufficient authority

      • Feedback mechanism needs to be in place


  • Login