Authentication Management (Process - IAM)

SSO Management

1.0 Draft

IAM

• Improved User Experience (IAM Goal) +++

• Costs Efficiency (IAM Goal) ++

• Information Security Resilience (IAM Goal) ++

• Productivity Gains (IAM Goal) ++

Streamline the authentication process by enabling reuse of authentication results across multiple systems thus enhancing user experience, reducing efforts from relying parties and strengthening security

• Organization policies

• IT Systems

• IT Change Management

• IT Project Management

• Design SSO

• Deploy SSO

• Maintain SSO

• Optimize SSO

IT Systems that reuse centralized or federated authentication

• SSO Deployment Level

• SSO Deployment Ratio

At the level of an organization entity, program or project, the process scope may be defined using the scope dimensions listed below. But at the organization level, the scope must be embraced holistically to effectively manage revocation risks and consider all of these scope dimensions .

• User populations: permanent employees, contractors, partners, customers, consumers, authorities

• Identity categories: humans, robots, processes

• Principal categories: user accounts, technical accounts, service accounts

• Access type: logical, physical (https://open-measure.atlassian.net/wiki/spaces/QUOT/pages/67568001)

• IT Systems (business applications, infrastructure, …)

• Organizational scope (region, division, unit, …)

• The deployment of SSO reinforces security, even though it may marginally increase risk in certain circumstances, e.g. when an identity is compromised (https://open-measure.atlassian.net/wiki/spaces/QUOT/pages/76021898). This risk is typically offset by the concomitant implementation of MFA.

• Sloppily implemented SSO may weaken security.

• Enterprise Single Sign-On (Dictionary Entry)

• Federated SSO (Dictionary Entry)

• Multidomain Single Sign-On (Dictionary Entry)

• Single Sign-On (Dictionary Entry)

• Web-based Single Sign-On (Dictionary Entry)