2a Role-based Security en Secure Authentication met SSO 10 ... · Title: 2a_Role-based Security en...

Copyright©1995-2015QuestionmarkCorporationand/orQuestionmarkComputingLimited,knowncollectivelyasQuestionmark.Allrightsreserved.QuestionmarkisaregisteredtrademarkofQuestionmarkComputingLimited.Allothertrademarksareacknowledged.

2016DutchUsersConferenceAmsterdam| 15th November

Role-basedSecurityen SecureAuthenticationmetSSO

BartHendrickx,QuestionmarkMauroChieppa,UPlearning

2016DutchUsersConference= Amsterdam

Contents

1. Role-basedSecurity

2. SingleSign-On(SAML)

3. Q&A

Role-basedSecurity

} NotEveryoneShouldBeAbletoDoEverything…

UserManagement:Role-basedsecurity

Hi.I’mElla.Iamfillinginfor

Wendywhoisonmaternity

leave.

Cool.Wendyisourreportingrockstar.Shealsoassists

withmanagingouritembank. Iwill

setyouupwithanaccount.

WhenEllaLogsOn,SheSees…

Shedoesn'tseethePeopleorAdministrationmenus

GotoPeople>Rolestodothefollowingwithroles:

§ Add§ Edit§ Delete

ManagingRoles

Definewhichrolesarolecanassign(andremove)

RoleDelegation

WhichfeaturesofAuthoringcanyouuse?

Forwhichtopicsandassessmentfolderscanyouusethosefeatures?

Authors:TwoSetsofPermissions

Portal Authoring

Youcancreateitems. YoucancreateitemsintopicAbutnotintopicB.

Example

AssignAccesstoaTopic

AssignAccesstoanAssessment Folder

SingleSign-On

Toomanypasswordstoremember!

Myemployergivesmeaccesstoallthesewonderfultools,but

theyallcomewiththeirownpasswords.

Thechallengeofusermanagement…

PersonXisnolongerwiththeorganization.

} Theabilityforoneapplication,theidentityprovider,totellanotherapplication,theserviceprovider,whoyouare.

SSO:Whatisit?

IdentityProviderE.g.MicrosoftActiveDirectory

ServiceProviderE.g.QuestionmarkOnDemand

Authenticationdata

WhySSO?

ConsPros

Reducespasswordfatigue

Simplifiesuserandpasswordmanagement

Savestimeforusersinthelong-term

1 Givesyouthekeystothecastle

Doesn’tworkifIdPisdown

Takestimetosetup

SecurityAssertionMarkupLanguage

Forexchangingauthentication andauthorizationdatabetweenparties§ Identityprovider(IdP)§Serviceprovider(SP)

WebSSO

CustomerInc.

jane@customer.com

Intranet

DifferentDomains

HelpswithwebSSO:loginacrossdomains

Supportedbymanyidentityproviders:leverageauthenticationcapabilities,suchasmultifactorauthentication

AdvantagesofSAML

Makemetadata available

Includethepersonorteamwhomanagesyouridentityprovider(expertise)

SAMLLessonsLearnedatUP learning

TalktoyourAccountManager,whowillhelpsetupadiscoverycall

InterestedinSAML?

BEDANKT!

2016DutchUsersConferenceAmsterdam| 15th November

Role-basedSecurityen SecureAuthenticationmetSSO

BartHendrickx,QuestionmarkMauroChieppa,UPlearning

SAMLInteractionDiagram

<samlp:AuthnRequest […] ID="_d17c957f15359e4e8e7665ce75b06c9b9620e6b9fa" […]

} Thisistherequest} ThisrequesthasanID(therewillbeanewIDforeachrequest,cf.multipleusersloggingon)

ContentsofaSAMLRequest(Example)

<samlp:Response ID="_113da1b8-b2a9-4c59-b5e1-97cca4fa107d" [...] InResponseTo="_d17c957f15359e4e8e7665ce75b06c9b9620e6b9fa"[...]<Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>ddf6d451-2735-4349-aa6e-86cf5c657967</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/displayname"> <AttributeValue>jane.doe</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><AttributeValue>jane.doe@qmportaltestad.onmicrosoft.com</AttributeValue></Attribute>

} Thisistheresponse} Itisaresponseto therequestwiththeIDxyz(cf.therequest)

} Thisuserhasattributeswiththesevalues

ContentsofaSAMLResponse(Example)

} CreateusersautomaticallyinthePortalwhentheylogonviaSAML

} EnableexistingparticipantstologonviaSAMLbyupdatingthemthroughCSVimport

} GiveusersarolebasedonaSAMLattributethathasadefinedvalue

} Definewhichuserscanstilllogonlocally§ Peruser§ Perrole

} MapSAMLattributesto§ Portalprofilefields§ Groups(new)

} QuestionmarkTechSupport configuresonyourbehalf

PossiblewithSAML(today)

} Automatically enableexisting participantstologonviaSAML§ AninterventionthroughCSVimportisneeded§ Administratorswillneedtobere-createdonlogin

} Updatevaluesfor(i.e.initialsyncispossiblebutcannotbeupdatedifvalueschange)§ Username§ UniqueuserID§ Emailaddress(“primary”)

NotPossiblewithSAML(today)

} WhataresomefrequentlyaskedquestionsaboutSAMLintegration?§ https://www.questionmark.com/content/saml-integration-faq-ondemand

} WhatisSAMLandhowdoesitwork?§ https://www.questionmark.com/content/what-is-saml

} WhatiscurrentlypossiblewhenintegratingOnDemandwithSAML?§ https://www.questionmark.com/content/what-is-possible-with-saml

} CanImapSAMLattributestoOnDemandprofilefields?§ https://www.questionmark.com/content/mapping-saml-attributes

} WhoinitiatesloginswhenusingSAML?§ https://www.questionmark.com/content/who-initiates-login-when-using-saml-

questionmark} WhatinformationdoesQuestionmarkneedwhenconfiguringSAMLforan

OnDemandarea?§ https://www.questionmark.com/content/information-required-for-saml-configuration

} UsingSingleSign-OnwithQuestionmark§ https://www.questionmark.com/content/best-practice-using-single-sign-questionmark-

perception

MoreInformation

2a Role-based Security en Secure Authentication met SSO 10 ... · Title: 2a_Role-based Security en...

Documents

Transcript of 2a Role-based Security en Secure Authentication met SSO 10 ... · Title: 2a_Role-based Security en...

SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSO

Kerberos and NFS4 on Linux · § Actually Kerberos 5 or V § Ticket based authentication system with a central authentication service § Often called Single Sign On (SSO) in business

Single Sign On (SSO) integrated with ISMSlivelihoods.rajasthan.gov.in/.../RSLDC/EOI/RSTP/SSO_User_Manual.pdf · Password to Login through SSO. AADHAAR AUTH/ EKYC Aacnaar ID Authentication

Sircon SAML 2.0 SSO Integration User Guide...May 01, 2015 · single sign-on (SSO) from within the user’s company’s network, it triggers a complex series of user authentication

Magic SSO V4.0 Certification Report · 2019-11-15 · SSO server and Oracle, a relational database management system, are interlinked for the purpose of the management of authentication

AppScaler SSO Two Factor Authentication GuideAdd one SSO Profile for AAA Server To add one SSO Profile for AAA Server: Login webUI navigate to SLB -> Profiles Click Manage for Access

ArchitecturesSingle Sign-On › 6f77 › 0c307093b4ac... · Sign-On Authentication Exchange Master Credential Database Account and Credential Management SSO with a single Authentication

Proxied Authentication in SSO Setups with … · Proxied Authentication in SSO Setups with Common OSS ... – Not fully supported by CAS 4.1, ... Jasig / Apero.

eduroam Delegate Authentication System with Shibboleth SSO

Secure Seamless PeopleSoft Authentication...DATA SHEET Secure Seamless PeopleSoft Authentication Appsian provides the only turnkey solution to natively integrate SAML-based SSO providers.

What´s New? SAP HANA SPS 07 - ScherblogXS Authentication Options: -Basic Authentication -Form-based authentication -SSO (Single-Sign On) via SAP Logon Tickets -SSO via X.509 (standard

Biometric SSO Authentication Using Java Enterprise Systemcoresecuritypatterns.websecuritypatterns.com/downloads/Identity_and... · Agenda Part 1 : Identity and Biometrics Why/why

How to Set Up 2 Factor Authentication Sign In on SSO€¦ · How to Set Up 2 Factor Authentication Sign-In on SSO Step 1: Go to sso.tamus.edu and sign in with your UIN and password.

DIGIPASS Authentication to Citrix XenDesktop with endpoint ... · 9 DIGIPASS SSO Authentication to Citrix XenDesktop in High Security Environments 7 Citrix Configuration Configure

Single Sign-On Configuration - MOURI Tech · Single Sign-On (SSO) Overview SAP Single Sign-On (SSO) is a SAP software product and it provides a secure authentication and encryption

Authentication Services SSO, Kerberos, and BAN Logic Jeff Chase Duke University.

Configuring Active Directory Manual Authentication and SSO for BI4

Trusted 3 rd Party Authentication & Friends: SSO and IdM

Extranets in SharePoint and SSO for Claims Apps … · Extranets in SharePoint and SSO for Claims Apps ... Forms-Based Authentication ... On Premises Forms-Based Authentication Add

0506 Demystifying Authentication and Single SignOn SSO Options in Business Intelligence