Skip to end of banner
Go to start of banner

Manage SSO (Process - IAM)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Parent Process

Authentication (Process - IAM)

Title

Manage SSO

Status

1.0 DRAFT

Domain

IAM

Goals

Objective

Streamline the authentication process by enabling reuse of authentication results across multiple systems thus enhancing user experience, reducing efforts from relying parties and strengthening security

Inputs

  • Organization policies

  • IT Systems

  • IT Change Management

  • IT Project Management

Activities

  • Design SSO

  • Deploy SSO

  • Maintain SSO

  • Optimize SSO

Outputs

IT Systems that reuse centralized or federated authentication

Indicators

Scopes

At the level of an organization entity, program or project, the process scope may be defined using the scope dimensions listed below. But at the organization level, the scope must be embraced holistically to effectively manage revocation risks and consider all of these scope dimensions .

  • User populations: permanent employees, contractors, partners, customers, consumers, authorities

  • Identity categories: humans, robots, processes

  • Principal categories: user accounts, technical accounts, service accounts

  • Credential categories: passwords, certificates

  • Access type: logical, physical (/wiki/spaces/QUOT/pages/67568001)

  • Security session mechanisms or not (account lockout policies)

  • IT Systems (business applications, infrastructure, …)

  • Organizational scope (region, division, unit, …)

Risks

  • The deployment of SSO reinforces security, even though it may marginally increase risk in certain circumstances, e.g. when an identity is compromised (/wiki/spaces/QUOT/pages/76021898). This risk is typically offset by the concomitant implementation of MFA.

  • Sloppily implemented SSO may weaken security.

Sources

See Also

  • No labels