Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Published byBrandon Simpson Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us."— Presentation transcript:

1 Identity Management in Education

2 Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us

3 Topics Define the issue Discuss authentication mechanisms Using a 10,000’ overview approach

4 The Problem Cloud based systems benefits Google Apps Thousands of frequently changing users Multiple accounts Multiple passwords … multiple headaches

5 Remember When… Software for learning installed locally Users authenticate locally once, access multiple applications Well, most of the time.

6 Local Supported Apps Pros: o Users are already “trusted” o LDAP can be used for authentication Cons: o Technology department responsible for install, operation, and updates o Sometimes requires its own hardware or server Bottom line, it can be expensive

7 Shift Towards SaaS Pros: o Software provider is in charge of install, operation and maintenance o Fixed cost Cons: o School is in charge of providing authentication

8 Authentication Nightmares Some sites are one user name full access Others are locked by IP address More and more are needing username and password information

9 Does the Shoe Fit? There is no one size fits all solution yet Providing user information per system Single Sign-on o OpenID o SAML2

10 Creating Users by Hand Local access to resources – LDAP Access remote systems, eg. Google Apps Create and manage accounts by “hand” Accounts are managed one by one Usually same password on all accounts What happens when a password is compromised?

11 Creating Accounts SiS administrator Local / LDAP Library Google Apps Online Learning On… and On… Network Admin

12 Managing Users Local / LDAP Library Google Apps Online Learning On… and On… Admin / Media Spec. / Para

13 Provisioning Tool Local / LDAP LibraryGoogle Apps Other

14 Managing Users Local / LDAP LibraryGoogle Apps Other Happy!!

15 What About SIF? Designed to send student data between SiS providers One way Adoption by developers of online software? What about staff? Each SiS company has a slightly different implimentation

16 Single Sign-on One password all systems Sign-on once, use many

17 Methods Form Auth Provider OpenID SAML2

18 Form Auth Federate username and password to remote system Form auth username password through local HTML link

19 Form Auth Pros: o Simple o Will work on systems that don’t support other methods Cons: o “Connectors” o Accounts still need to be created o Passwords are still maintained remotely one by one o Forms change, connectors break o Usually pay by the “connector”

20 OpenID and SAML2 Both provide token identifiers for authentication OpenID being pushed by Google SAML is another open standard with slightly more security (Security Assertion Markup Language)

21 SSO Primer Local Auth DB (LDAP) User Remote Service Provider SSO Portal

22 OpenID vs SAML2 OpenIDSAML2 HTTP Binding of request Service Providers loosely coupled IdP Identifier is global Does NOT support single sign out Multiple methods including HTTP Service Providers tightly coupled IdP valid for provider only Supports single sign out

23 SSO Issues Remote provider must support SSO method Weak passwords = quick access for hackers

24 Questions? Slides will be up on www.netprof.us

Download ppt "Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Virtualization and Cloud Computing

Virtualization and Cloud Computing
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Enterprise Single Sign On Identity management for web applications.

Enterprise Single Sign On Identity management for web applications.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.

The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.

Similar presentations

Ads by Google