AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- SSO and LDAP
- SSO Strategy and Policies
- SSO Business Case
- SSO Software
- SSO Management
- SSO Federation
- Enterprise Single Sign On
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Biometric Authentication
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Single Sign On Management
Getting the single sign on system operational is only the beginning of the challenges. I can guarantee that no vendor sales agent will be focusing on this when they are trying to sell you the software. Their adage usually is "the SSO software will take care of it".
Unfortunately, the SSO software won't take care of many essential things that the enterprise must address. These include:
- How to move applications between the single sign on environments (usually Development, Test, QA, Pre-production and Production)
- When you have hundred or several hundred applications in SSO how do you find the security rules pertaining to each application?
- What are the environment policies pertaining to each SSO environment?
- What can the application owner do and not do in each SSO environment?
- What is the migration business and technical processes for SSO migration?
- What are the processes to create a "Single Sign On Factory"?
- How long is it going to take to integrate several hundred or thousand applications into the environment?
- What is the business approvals required?
- How much of the process can be automated?
- What is the labor cost per application to be integrated?
- What is the governing body for the SSO system?
- Who approves what type of authentication strength the enterprise will support in SSO?
- What are the change management processes for implementing routine maintenance?
- How are application owners informed of upcoming SSO feature enhancements?
- What is the management approval process for implementing a SSO hotfix?
- What is the governing body for enterprise user data?
- An enterprise identity data governance body needs to regulate how changes are made by the authoritative sources to those attributes used by enterprise systems
- You need to avoid having systems come crashing down when an authoritative source makes an unannounced change to an identity attribute resulting in other systems, like SSO, crashing when a new unexpected value shows up in the user attributes
- What are the SSO monitoring systems deployed?
- This must include dashboard real time reporting for web and application servers, load balancers used in front of security and directory servers, security servers and directory servers.
- What is your uptime allowance for SSO?
- If it is very high, then how will your failover strategy keep it up?
- Has it been tested?
- What is your strategy for doing routine maintenance on the SSO and directory servers?
- Will this impede availability?
- What are your disaster recovery processes for the SSO system?
- Will this provide for real time disaster recovery or, will it take 24-96 hours?
- Does the CEO realize the implications to their enterprise if the SSO system goes down?
A knowledgeable SSO consultant can help address and plan for the above in the early stages, thus avoiding addressing these problems after the deployment team has left and significant problems have occurred
Single Sign On Underneath the Hood
Single Fail-On
SSO Federation
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
