Identity As A Service (IdAAS) & Single Sign On (SSO) Introduction

Why Do You (A Normal User) Need IdAAS  & SSO

You have 100 of logins (laptop, gmail, Munchery, Atlasssia/Jira/Confluece, Concur , Box, SFDC…). 

You need to remember 100 usernames.

You need to remember 100 passwords.

This is a pain - to remember 100 usernames & passwords. 

And can be a security breach - if you start to get lazy and only use one usernames & passwords for all 100 accounts, a breach into one account is a breach into 100 accounts. Worse yet - if you keep your usernames and passwords on the bottom of your laptop, anyone with access to your laptop can steal all of your identities!

Gave up on tracking multiple passwords? A stickynote comes in handy. :(

Wouldn't It Be Nice :

If you can use one central neutral login - to login into all 100 web apps.
Now you can - using a service called Single Sign On (SSO). And the service is provided by Identity As A Service (IAAS) vendors (such as Okta or Centrify).

How IdAAS and SSO Works:

There are three principles in a IdAAS system : 1. User (you!)  2. Identity Provider (your company, let's call it Acme)  3. Service Provider (web apps such as Salesforce, Box, Jira,...)

The User will sign into an IdAAS provider. The User can the username and password from Acme. Most of the companies will also ask you to use a multi-factor authentication (MFA) so that you will need to have your mobile phone with you to log into the IdAAS. When you log in, there is a quick check through the LDAP from the Identity Provider to authenticated you. Once you are authenticated into the IdAAS, the list of web apps that you are entitled to from the Service Provider. The communication between the IdAAS and the Service Provider is performed via Security Assertion Markup Language (SAML).

It Not Only Helps You - IT Benefits, Too:

IT can also keep its data, network, and end-points (laptops, mobile devices) secure. How? By keeping tabs on who accesses their network, apps and data with 

   1) identity - you are who you claim to be via authentication 

   2) access management tools - once we know who you are, what are you allowed to do. 

These tools allow IT to verify a user’s identity through security and authentication capabilities, including LDAP AND multi factor authentication (MFA). IT can also define data access rules (engineering should not be able to see finance data) and application access rules (finance should not need to access Jira app). 

Who Is In the IdAAS Market?

Okta, Centrify, and Microsoft examples that provide IdAAS.