For many staff and customers outside of traditional firewalls, companies are considering their rights and security issues with the network. In most cases, we still need firewall protection. However, as the enterprise's IT application more and more, the legitimate access through the firewall has exceeded the number of its own set, and a lot of firewall vulnerabilities to the enterprise administrator has brought a lot of trouble. In addition, software as a Service (SaaS) has been emerging, many enterprises have opted to use SaaS, the application itself is set outside the firewall.
Today, hacker activity is often focused on the enterprise's IT infrastructure, they often disguise themselves as legitimate users, so how to identify the legitimate users of hackers has become a top priority.
Not only to support internal and remote user access, but also to the hackers and network crime shut out; so the authorized access to the border is far beyond the traditional firewall user devices access. Therefore, the concept of identity authentication is particularly important.
Single sign-on (SSO) technology is not a new technology, but it is significant in many places.
For example, the SSO system has existed for many years in the identity and access management products of traditional vendors such as CAS, Oracle and IBM. The main purpose of these products has been to record and save multiple user names and passwords for users. The use of a large number of accounts and passwords can be forced to write them down, which is a potential security risk.
The SSO systems designed by these vendors are already available for remote users ' private devices due to the rapid growth of IT equipment and their competitors, and the SSO system is compatible with SaaS applications to facilitate the vast majority of users.
Associate legitimate users with resources
The goal of this system is to establish a secure identity authentication system whose boundaries are designated business IT activities. The legitimate users and the resources they need are hooked up, while the SSO system is an identity bridge.
However, these systems can do more. In some cases, these additional features, in addition to being able to authenticate identities, can also get more information about accessing applications and data sources-especially those related to customers. In fact, the SSO system does not need to know the identity of the user, its value is reflected in the first landing security verification.
We can imagine a curious visitor browsing the website of a travel agency. They may just want to get some information about flights, car rentals and hotel quotes on the site before considering their travel plans. The SSO system is able to provide the resources needed for these comprehensive visits and to obtain quotes that can add more detail when a potential customer decides to book something.
Of course, you need to build a trusted identity to perform this phase of the operation. The consumer needs to authenticate and take a username in this system, but this identity needs to be associated with a real e-mail address and requires a valid payment method.
Opening up More resources
At this point, the SSO system begins to establish and improve the quality of the new customer's identity with other services. Once security certification is passed, this identity can open more resources-such as viewing customer transactions in the booking system.
For other transactions, especially e-commerce between enterprises, this business model relies on acquiring identity information for existing systems. Employee identity authentication information for a particular enterprise typically comes from some internal directories, such as the most commonly used Microsoft activity directory.
However, when it comes to open application partners and other external business users, external sources of identity information may be the most valuable, such as a partner's internal directory or a member database for a professional organization.
For consumers and business users, in some cases such social networking sites like Facebook and LinkedIn are becoming recognized sources of identity information.
This trend means that the SSO system needs to authenticate users with an increasing number of identity sources. To make this process as simple as possible, the identity source of the SSO system itself requires further specification.
Authentication and access Management standards
In order to support such requirements, authentication and access management has also introduced a number of standards, including Lightweight Directory Access Protocol LDAP for storing identity information, and the SAML Security Assertion Markup language is used to transmit user identity certificates. Understanding these acceptance criteria is an important reference, regardless of which vendor's SSO system is provided.
Because of the wide range of identity of access users, SSO systems need to support these users to connect to multiple applications, making business processes and related supply chains more integrated, thereby increasing their productivity.
At present, this application has been widely used, car dealers and manufacturers are linked to the ordering system, lawyers and judges management system and law enforcement agencies related links are very good cases. SSO systems can also customize policies to create templates for specific users and specific resources for different roles, simplifying the user's configuration.
Perhaps more importantly, when a partnership with a specified client is terminated, it is necessary to remove their access to resources from the SSO system in a timely manner, ensuring that their journeys can be cut off.
The benefits of SSO systems go well beyond the way traditional firewalls work, with greater scalability for it applications and richer access to resources. But monitoring, authorization and access control are the most necessary means. SSO can effectively achieve this goal.
(Responsible editor: The good of the Legacy)