What is sso
1 / 38

What is SSO? - PowerPoint PPT Presentation

  • Uploaded on

What is SSO?. Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.”. Benefits.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' What is SSO?' - akio

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
What is sso
What is SSO?

  • Wikipedia Says…

    “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.”


  • Reduce password fatigue

  • Reduce time spent re-entering passwords

  • Abstract authentication from systems

  • Lower calls to Help Desk about passwords

  • Centralized reporting for compliance

  • Can rationalize multiple authentication methods

  • Improved interaction with 3rd Party

Potential problems
Potential Problems

  • True Single Sign On is often hard to accomplish

  • “keys to the castle”

  • High Availability becomes the new IdM buzzword (well one of them)

Some of the choices
Some of the Choices

  • Jasig CAS

  • CoSign

  • Kerberos

  • OpenSSO


  • Shibboleth

What to look for
What to Look For

  • What protocol do they use?

  • What kind of “clients” do they have?

  • Features:

    • Opt Out of Single Sign On

    • Management

    • Monitoring

    • High Availability / Scalability

    • Flexibility

    • “ClearPass”

  • Deployment/Maintainability

Rolling out sso why
Rolling Out SSO – Why?

  • Its easy! (relatively)

    • Assumes you’ve already solved your ID problem

  • It’s a “big” win

  • Highly visible

  • Oh, and all that stuff listed under Benefits

Getting people to use it
Getting People to Use It

  • Documentation!

  • Present, Present, Present! (Education)

  • A Compelling Reason

    • Features

    • Ease-Of-Use

    • Auditing

    • Superior User Experience

  • Support It!

  • Strong Arm (not a pleasant experience)

What else do you need
What Else Do You Need?

  • Goes well with…

    • Self-Password Reset/Change

    • Lookup Id

    • Profile

  • User Education

  • Help Desk Support

  • Trusted SSL Certificates


  • Single Sign Out

  • OpenID – decentralized authentication system

  • Federation

  • Facebook Connect - API to let user log in via Facebook

  • InfoCards -

What comes next
What Comes Next?

  • Rolling out an SSO will raise some of the following questions/concerns:

    • We can’t use SSO because it doesn’t support all types of guests easily*

    • What’s your SLA?

    • Why does it take so long to get an ID?*

    • What about access control?*

    • What is the password policy?

    • What’s the identifier usage policy?

What does it do
What Does It Do?

  • Store identity data about your people

  • Reconciles different versions

  • Makes (usually) intelligent choices

  • Helps feed other systems

    • Directory builder

    • Provisioning

    • Reporting


  • Not too many!

    • Very few higher education options

    • Most non-Higher Education ones don’t get “higher ed”

      • Multiple sources for a person

      • Multiple possible hierarchies

      • Every university is (slightly) different

Openregistry plug
OpenRegistry Plug!

  • What is OpenRegistry?

    • OpenRegistry is an OpenSource Identity Management System (IDMS). It's a place for data about people affiliated with your organization.

  • Core Functionality

    • Interfaces for web, batch, and real-time data transfer

    • Identity data store

    • Identity reconciliation from multiple systems of record

    • Identifier assignment for new, unique individuals

  • Additional Functionality

    • Data beyond Persons: Groups, Courses, Credentials, Accounts

    • Business Rule based data transformations

    • More than just a Registry, some periphery too

    • Directory Builder

    • Provisioning and Deprovisioning

Changing your idm system
Changing Your IdM System

  • Two Options:

    • “The Big Bang”

    • Transitional

The big bang
“The Big Bang”

  • Benefits

    • Not maintaining two versions for extended period of time

    • Direct Developer Resources towards new project

  • Cons

    • This stuff better work! (or expect some pissed off people)

    • Significant investment in testing phase

    • What’s the back up plan?

    • Restrictions on flexibility


  • Benefits

    • Significant time to test system “in production” with real data

    • Built-in Back Up Plan

    • More flexible scheduling

  • Cons

    • Maintaining multiple systems for extended period

    • Ambiguity about where to go for data

    • In some instances, double the work!

What does rutgers do
What does Rutgers do?

  • We totally confuse the issue

    • We’ve “big banged” ourselves for Dec 2010 (PeopleSoft deployment)

    • We’ve committed to maintaining the legacy system feeds

    • We are gradually rolling it out!

  • Why?

    • It seemed like a good idea at the time!

    • “Big Bang” attachment to PeopleSoft gets IdM on the radar and stresses importance

    • Pilot Groups much earlier!

    • Unfortunately, it puts IdM on the radar

    • With schedule, no time to update all legacy feeds

Bigger than you think
Bigger Than You Think

  • Building a registry is tough!

  • Deploying a registry is tougher!

  • Touches everything!

    • Data is owned by others

    • Policies around accessing data, identifiers, etc.

    • Downstream concerns with new populations

    • Poorly written tools that won’t work with the new system

    • Help Desk Nightmare!

    • Start Looking at EVERYTHING

  • What does it all mean?

  • What is governance
    What is Governance?

    (according to Wikipedia)

    • Governance is the activity of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists either of a separate process or of a specific part of management or leadership processes. Sometimes people set up a government to administer these processes and systems.

    • In the case of a business or of a non-profit organization, governance relates to consistent management, cohesive policies, processes and decision-rights for a given area of responsibility. For example, managing at a corporate level might involve evolving policies on privacy, on internal investment, and on the use of data.

    What does idm governance cover
    What does IdM Governance cover?

    • Policies

    • Responsibility

    • Coordination and Prioritization

    • Compliance

    • Some of them like the details (i.e. text on the page!)  really really annoying

    • Making the Case

    • Communication

    When do you want it
    When do you want it?

    • Not too early

    • But not too late

    • Becomes important when you start depending on others

    What makes a good one
    What Makes a Good One?

    • Some level of actual authority

    • A method for measuring accountability

    • Transparent

    • Leave us better of!

    What happens when it fails
    What Happens When It Fails?

    • Fiefdoms continue to exist

    • Duplicate data everywhere!

    • Duplicate application development

    • Misuse of information


    • None – just like it sounds

    • Explicitly Decentralized

      • High level group sets policy

      • Specialized groups implement policy

    • Centralized

      • Makes just about all the decisions

    • Hybrid

    Levels of maturity
    Levels of Maturity

    (according to Burton)

    1. initial – no process.

    2. repeatable – starting to understand processes

    3. defined – process documented, standardized and integrated.

    4. Managed

    5. optimized

    And we re done with governance
    And We’re Done with Governance

    • Two key points:

      • You need a champion of sufficient authority

      • Feedback mechanism needs to be in place