All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October 2015 1.

Slides:

Advertisements

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Advertisements

Secure Single Sign-On Across Security Domains

© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5,

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Oracle IDM at First National Bank

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Eric Raff. Usergroup up

Securing Insecure Prabath Siriwardena, WSO2 Twitter

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

WSO2 Identity Server Road Map

By: Ansuya Chauhan.

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

Microsoft Ignite /16/2017 4:55 PM

Understanding Active Directory

Identity & Access Control in the Cloud Sachin Vinod Rathi Architect Advisor, Microsoft Corporation Niraj Bhatt Enterprise Architect, Windows Azure MVP.

Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Microsoft Identity and Access Solutions Market Trends and Futures

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Windows Azure Insights for the Enterprise IT Pro John Craddock Infrastructure and Identity Architect XTSeminars AZR301.

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Access resources in a federation partner organization.

Building consumer apps with Azure AD B2C

Adxstudio Portals Training

Identities and Azure AD Premium

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

DreamFactory for Microsoft Azure Is an Open Source REST API Platform That Enables Mobilization of Data in Minutes across Frameworks and Storage Methods.

OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

11 | Managing User Info Jeremy Foster Michael Palermo

Web SSO with Cloud Resources using AD Federation Services

Access Policy - Federation March 23, 2016

Secure Single Sign-On Across Security Domains

Using Your Own Authentication System with ArcGIS Online

Azure Active Directory - Business 2 Consumer

Experiences to Date Faculty of Engineering April 2017

Introduction to Windows Azure AppFabric

Analyn Policarpio Andrew Jazon Gupaal

Data and Applications Security Developments and Directions

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Windows Azure AppFabric

Office 365 Identity Management

Matthew Levy Azure AD B2B vs B2C Matthew Levy

Vittorio Bertocci Principal Technical Evangelist Microsoft

Mary Montoya, CIO Bogi Malecki, Project Manager

07 | Introduction to Authentication

Presentation transcript:

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

All Rights Reserved 2014 © CMG Consulting LLC Who is CMG? 2 CMG is a strategy consulting and advisory company focus on enabling smarter Cities, Enterprises, Utilities, Vendors, and Startups. CMG’s mission is to help define and accelerate the digitalization and transformation of the energy industry. CMG builds ecosystems for its clients. Our consulting services include the development of Strategy, White Papers, Reports, Assessments, Gap Analysis, Benchmarking, Designs, Architectures, Road Maps, Business Models, Business Cases, Go-to-Market Plans, IT/OT Management, Product Innovation, Funding, and M&A. We are experts in Energy, Telecommunications and Software.

All Rights Reserved 2014 © CMG Consulting LLC What is FIM? 3 Federated Identity Management is the methodology for linking a person's electronic identity and attributes which can be stored across multiple distinct identity management systems. A key element of delivering federated identity management is single sign-on (SSO), in which a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. SSO is an authentication technology and methodology enabling technical interoperability of customer credentials and ultimately allowing controlled access to a desired destination.

All Rights Reserved 2014 © CMG Consulting LLC How Does FIM Work? Federated Identity Management (FIM)Federated Identity Management (FIM) refers to where the user stores their credentials. Alternatively, FIM can be viewed as a way to connect Identity Management systems together. In FIM, a user's credentials are always stored with the "home" organization (the "identity provider"). When the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials. So the user never provides credentials directly to anybody but the identity provider. Single Sign-on (SSO)Single Sign-on (SSO) allows users to access multiple services with a single login. SSO can mean that the user only has to provide credentials a single time per session, and then gains access to multiple services without having to sign in again during that session. But it can also mean that the same credentials are used for multiple services. 4

All Rights Reserved 2014 © CMG Consulting LLC FIM Technologies 5 Some of the technologies used for Federated Identity Management include: SAML (Security Assertion Markup Language) OAuth OpenID Security Tokens (Simple Web Tokens, JSON Web Tokens, and SAML Tokens) Web Service Specifications Microsoft Azure Cloud Services (Windows Identity Foundation)

All Rights Reserved 2014 © CMG Consulting LLC FIM Example 6 A client application needs to access a service that requires authentication. The authentication is performed by an identity provider (IdP), which works in concert with a security token service (STS). The IdP issues security tokens that assert information about the authenticated user. This information, includes the user’s identity, and may also include other information such as role membership and more granular access rights.

All Rights Reserved 2014 © CMG Consulting LLC Why FIM? 7 There are many Digital identity platforms that allow users to log onto third-party websites, applications, mobile devices and gaming systems with their existing identity to simplify customer authentication while maintaining robust security. One example would to enable social login. In many cases there is also the possibility to exchange profile information about the user with the third-party site. For example name, address, , photo, etc. Nowadays there are 3 rd party service providers that have simplified the implementation of customer login. Along with customer login, they provide additional features like Single Sign-on and others.

All Rights Reserved 2014 © CMG Consulting LLC Example of Identity Providers 8 The trusted identity providers may include: Corporate Directories: Microsoft Active Directory, Open LDAP On-Premises Federation Services: IBM, Intel, CA, Oracle, SAP, EMC (RSA), Radiant Logic, OpenAM, Verizon Cloud/SaaS Federation Services: Axway, OneLogin, OpenID, OpenLogic, Capterra, Networkworld, Ping Identity, Gigya, Janrain or Loginradius Financial Services providers: Paypal, Square, Intuit, others Social Identity providers that can authenticate users: AOL, Amazon, Microsoft, Google, Linkedin, Yahoo!, Twitter, Facebook, others. User is required to have provider user ID and password.

All Rights Reserved 2014 © CMG Consulting LLC CMG Contact CMG is headquartered in Austin, Texas and has partner offices in Boston, Chicago, Denver, Durham, Kansas City, Minneapolis, New York City, Seattle, and Toronto. Website: Andres Carvallo, CEO & Founder, CMG Tel: