Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




23 posts

Geek


# 258719 17-Oct-2019 09:25
Send private message

Hi Everyone,

 

 

 

With more and more appliactions living in the cloud, users now have to authenticate to lots of diffrent apps with different credentials rather than using domain authentication. I've been looking at some SSO providers to try and streamline the sign in process as well as allow users to have one robust password rather than have lots of terrible passwords across different apps.

 

 

 

I've been talking with Okta and Onelogin and I'm looking at Azure AD also. Has anyone had any experience with any of these providers or any other useful input that could help me move in the best direction? The ability to enfornce MFA is pretty attractive from my point of view.

 

 

 

Thanks in advance

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
117 posts

Master Geek


  # 2338632 17-Oct-2019 09:45
One person supports this post
Send private message

+1 for okta (except its freaken expensive)

1836 posts

Uber Geek


  # 2339613 17-Oct-2019 10:04
2 people support this post
Send private message

Personally I avoid SSO. I'd rather use my password manager and give each website a unique password.


 
 
 
 


117 posts

Master Geek


  # 2339617 17-Oct-2019 10:07
One person supports this post
Send private message

MurrayM:

Personally I avoid SSO. I'd rather use my password manager and give each website a unique password.



Okta has a 2FA plugin that deals with that who doesn’t have a smartphone with google authenticator these days..

233 posts

Master Geek

Trusted

  # 2339625 17-Oct-2019 10:19
One person supports this post
Send private message

I'm assuming based on the wording of your question that this is for your corporate users connecting out into the world, I'm assuming you're starting from an Active Directory basis? it can be quick and easy (although as you've seen - expensive both upfront and on-going) to just integrate with Okta or OneLogin etc... it's not actually that difficult to build out the native Azure AD capabilities and extend this into your 3rd party applications. It's normally something I would recommend talking to an Identity partner about.

 

Keep in mind that your user identities really are the new perimeter to your network, data and information, you really don't want to compromise on security at this layer. Most of the data breaches we have seen recently are due to poor practices around identity and security, be it admin or user level.

 

I say this working for a vendor and having personally designed a number of these solutions (and far larger) and managing a team that does this day-to-day, but there are a number of vendors (large and small) that can help.




23 posts

Geek


  # 2339626 17-Oct-2019 10:20
Send private message

MurrayM:

 

Personally I avoid SSO. I'd rather use my password manager and give each website a unique password.

 

 

 

 

I agree, for myself or other users that are up to this. Unfortunatly most users are up to this so I see SSO as a compromise.


zyo

448 posts

Ultimate Geek


  # 2339627 17-Oct-2019 10:21
Send private message

We deploy our own SSO based on identityserver. I find this is the most flexible method as you can integrate with other ID providers (azure ad being one of them but we also integrate with on-prem adfs)

2135 posts

Uber Geek

Trusted

  # 2339630 17-Oct-2019 10:25
Send private message

goonernz:

 

Hi Everyone,

 

 

 

With more and more appliactions living in the cloud, users now have to authenticate to lots of diffrent apps with different credentials rather than using domain authentication. I've been looking at some SSO providers to try and streamline the sign in process as well as allow users to have one robust password rather than have lots of terrible passwords across different apps.

 

 

 

I've been talking with Okta and Onelogin and I'm looking at Azure AD also. Has anyone had any experience with any of these providers or any other useful input that could help me move in the best direction? The ability to enfornce MFA is pretty attractive from my point of view.

 

 

 

Thanks in advance

 

 

 

 

 

 

 

 

Are you after an external service, a SaaS offering, or something you can run as part of your business?

 

Keyclock (we sell as Red Hat Single Sign On) allows you to leverage a broad range of identity sources including Google, Facebook, Oauth, LDAP, AD etc and provide an SSO service.





Generally known online as OpenMedia, now working for Red Hat APAC a Technology Evangelist and Product Manager. Still playing with MythTV and digital media on the side.


 
 
 
 


6068 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2339631 17-Oct-2019 10:25
2 people support this post
Send private message

Azure AD + MS Authenticator covers most things for us.  Works really well.  


157 posts

Master Geek

Lifetime subscriber

  # 2339653 17-Oct-2019 10:35
2 people support this post
Send private message

SAML utilizing Azure AD, synced with On Prem AD accounts for the most part is reliable.  This would be a good starting point.


73 posts

Master Geek


  # 2339654 17-Oct-2019 10:35
2 people support this post
Send private message

goonernz:

 

Hi Everyone,

 

 

 

With more and more appliactions living in the cloud, users now have to authenticate to lots of diffrent apps with different credentials rather than using domain authentication. I've been looking at some SSO providers to try and streamline the sign in process as well as allow users to have one robust password rather than have lots of terrible passwords across different apps.

 

 

 

I've been talking with Okta and Onelogin and I'm looking at Azure AD also. Has anyone had any experience with any of these providers or any other useful input that could help me move in the best direction? The ability to enfornce MFA is pretty attractive from my point of view.

 

 

 

Thanks in advance

 

 

 

 

 

 

Maybe this could be of some interest?  https://www.grc.com/sqrl/sqrl.htm

 

Removes usernames and passwords (seriously)


130 posts

Master Geek

Microsoft NZ

  # 2341373 21-Oct-2019 14:01
4 people support this post
Send private message

MurrayM:

 

Personally I avoid SSO. I'd rather use my password manager and give each website a unique password.

 

 

I've always used or viewed SSO as a mechanism of protecting access to multiple accounts particularly in terms of admin overhead for hires/fires where you either have to disable all the accounts or disable one. 


157 posts

Master Geek

Lifetime subscriber

  # 2341384 21-Oct-2019 14:26
Send private message

Jogre:

 

I've always used or viewed SSO as a mechanism of protecting access to multiple accounts particularly in terms of admin overhead for hires/fires where you either have to disable all the accounts or disable one. 

 

 

 

 

This!




23 posts

Geek


  # 2341390 21-Oct-2019 14:36
Send private message

That is what I am thinking.

 


Currently my org does not really have a solid ofboarding policy. We have mulitiple locations and not everything is fed back to HR, let alone IT, at a desirable rate. SSO would give me a bit more control over the applications users access.


1074 posts

Uber Geek

Trusted

# 2341479 21-Oct-2019 18:30
Send private message

goonernz: With more and more applications living in the cloud, users now have to authenticate to lots of different apps with different credentials ...

 

🤪 Why not give everybody a corporate Facebook account? 😜 or Google. <ducks>

 

 





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


2411 posts

Uber Geek

Trusted
Subscriber

  # 2341536 21-Oct-2019 23:34
One person supports this post
Send private message

ANglEAUT:

goonernz: With more and more applications living in the cloud, users now have to authenticate to lots of different apps with different credentials ...


🤪 Why not give everybody a corporate Facebook account? 😜 or Google. <ducks>


 



Nothing wrong with using G Suite enterprise for SAML SSO. Works just as you'd expect.

My pick for a generic fits all solution would be Okta, however a solution should never be chosen without fully understanding the problem/requirements.






goonernz:

That is what I am thinking.



Currently my org does not really have a solid ofboarding policy. We have mulitiple locations and not everything is fed back to HR, let alone IT, at a desirable rate. SSO would give me a bit more control over the applications users access.



Also have a look at JumpCloud, has some really easy workflows which you can build / trigger to handle user lifecycle management.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.