Les mots de passe sont-ils morts ?
Quelle est la différence entre gestion des identités et gestion des accès ?
C'est quoi le 2FA, le MFA, le PasswordLess ?

Les réponses à ces questions et bien plus, dans le nouvel épisode du podcast "Tout est sous CTRL" par Centreon !

Écoutez l'épisode maintenant sur votre plateforme préférée :
https://open.spotify.com/show/24LgLR47tKMx1zN0Fg2bub
https://www.deezer.com/fr/show/1001329601
https://podcasts.apple.com/us/podcast/tout-est-sous-ctrl/id1784998561
https://antennapod.org/deeplink/subscribe/?url=%68%74%74ps%3A%2F%2Fanchor.fm%2Fs%2Ffc0eaedc%2Fpodcast%2Frss&title=Tout+est+sous+CTRL
https://www.youtube.com/watch?v=lBR8vA8NIuE

Does anybody here know of a #Mastodon account using #SSO with a third-party #IdP, e.g. "Login with GitHub/Google/etc." alongside native Mastodon accounts?

I need to know if this is a threat-model that exists.

What a nice #OSS #collaboration: Yesterday project #himmelblau integrated their #OSS device agent with the linux-entra-sso #web extension from #Siemens to #SSO on #MS #Entra ID. Check it out: https://github.com/himmelblau-idm/himmelblau/pull/287, https://github.com/siemens/linux-entra-sso

Ive recently set up #SSO into my #kubernetes ingress layer using #traefik in my #homelab setup, and I have to say its going quite well.

Im using the keycloakopenid middleware and pointing it to my #keycloak instance.

I could then enable the middleware on all of my ingressRoutes, and traefik immediately redirects requests to the login page if a valid bearer token is not present in the request.

I had to carve out some exceptions so the keycloak admin panel is protected but the routes needed to login are still accessible anonymously.

It works well, without any fuss.

Next up I am hoping to configure the backend apps protected by this for better integration.

For example, #argoCD has SSO capabilities, and I should be able to enable them and not be promoted for a second login after the traefik layer login.

Single Sign On, #SSO, is great tech which allows centralised management of user access and authorisation. I can’t imagine the mess we’d have without it.

HOWEVER. There is an unfortunate side effect of many services implementing SSO so that user actually can’t follow where they landed. Just a form asking their credentials.

The SSO should be implemented so EXTRMELY simple manner an average user could see what happens and if they are actually on a legit page to fill in their credentials.

So this is where I'm at now. A not so insignificant OpenID Connect SSO plugin for WordPress that I pretty much maintain on my own will now no longer get updates.

https://wordpress.org/plugins/daggerhart-openid-connect-generic/

https://github.com/oidc-wp/openid-connect-generic/issues/568

In my 18 years of IAM work the biggest mistake I see is rushing to secure 1 thing not all the things.

“We need SAML for AWS for <insert governance here>”

That is the wrong way to start any new or rebuilding of a IAM program or project.

The complexity of IAM is worth the time to plan.

Example: defining the source of truth, ensuring the integrity and confidentiality is critical, roles and entitlements are needed, an IdP needs to be established and tested, source of truth matches the directory, syncing the directory and IdP, implementation of authentication of the users with the IdP and MFA/ZTA configured.

All that is really important and barely enough to illustrate my point of the amount of work for that one app requires Picasso like experience with a Michelangelo touch

Congratulations to our Francesco Lacerenza on his #TeleportConnect2024 presentation on protecting organizations in the event of an IDP compromise!

Download the slides from our site today! https://www.doyensec.com/research.html#teleport_connect_protect_against_idp_compromise

Werde Teil unseres Beta-Programms! Teste unsere neuesten Funktionen. Aktuell: Single Sign-On (SSO) und einer verbesserten Zwei-Faktor-Authentifizierung (2FA). Mehr erfahren und Beta beitreten: https://mailbox.org/de/post/beta-programm-startet
#beta #SSO #ITsecurity #email

Become part of our beta program! Test our latest features. Currently: Single Sign-On (SSO) and improved two-factor authentication (2FA). Learn more and join the beta: https://mailbox.org/en/post/beta-program-starts
#beta #SSO #2fa #ITsecurity #email