SSO Management (Process - IAM)

Owned by David Doret
Last updated: 02-58-2020
1 min read

Parent Process

https://open-measure.atlassian.net/wiki/spaces/PROC/pages/76021841

Title

SSO Management

Status

1.0 Draft

Domain

IAM

Goals

Objective

Streamline the authentication process by enabling reuse of authentication results across multiple systems thus enhancing user experience, reducing efforts from relying parties and strengthening security

Inputs

  • Organization policies

  • IT Systems

  • IT Change Management

  • IT Project Management

Activities

  • Design SSO

  • Deploy SSO

  • Maintain SSO

  • Optimize SSO

Outputs

IT Systems that reuse centralized or federated authentication

Indicators

  • SSO Deployment Level

  • SSO Deployment Ratio

Scopes

At the level of an organization entity, program or project, the process scope may be defined using the scope dimensions listed below. But at the organization level, the scope must be embraced holistically to effectively manage revocation risks and consider all of these scope dimensions .

  • User populations: permanent employees, contractors, partners, customers, consumers, authorities

  • Identity categories: humans, robots, processes

  • Principal categories: user accounts, technical accounts, service accounts

  • Access type: logical, physical ()

  • IT Systems (business applications, infrastructure, …)

  • Organizational scope (region, division, unit, …)

Risks

  • The deployment of SSO reinforces security, even though it may marginally increase risk in certain circumstances, e.g. when an identity is compromised (). This risk is typically offset by the concomitant implementation of MFA.

  • Sloppily implemented SSO may weaken security.

Sources

 

See Also

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.