Login

Register

Login

Register

#cybersecurity | #hackerspace |

SSO for LDAP Apps – Security Boulevard


LDAP (Lightweight Directory Access Protocol) likely isn’t the first protocol that comes to mind when you think about single sign-on (SSO). Your mind might jump to the wealth of SaaS applications that authenticate via SAML (Security Assertion Markup Language) instead.

However, there are ways IT admins can require end users to use their core credentials to access their on-prem and cloud LDAP-authenticated apps — just as they do to access their SSO portals for SaaS apps. This is useful whether organizations maintain their LDAP apps on-prem or “lift and shift” them to cloud providers like AWS®.

Although the configuration will not result in the SSO portal users might be familiar with, they can then use their same core credentials to access their entire suite of apps. 

LDAP Options

To implement LDAP in your enterprise, you can either maintain your on-prem server infrastructure or spin-up a virtual LDAP server with an Infrastructure-as-a-Service provider. With on-prem, you’ll want to keep in mind the associated hardware, security/availability, and maintenance costs. With a virtual LDAP server, you’ll avoid the hardware costs but still have to configure, maintain, and monitor the server yourself. 

Another option is to seek a managed LDAP provider, which can provide you with the same capabilities but reduce the monetary and time costs. 

Regardless of which route you take, you’ll want to make sure the authentication uses secure LDAP (over SSL/TLS) to avoid clear text LDAP in your environment.

It’s also important to note that if you’re using Microsoft® Active Directory® (AD) as your source of truth, you need to manually harden your LDAP binding until the company releases a software update in the coming months of 2020.

Implementing SSO for LDAP Apps

The most comprehensive and straightforward solution is to opt for a cloud directory service that offers both LDAP and SAML capabilities.

That way, you can use the directory service as the source of truth for identities in all apps, regardless of protocol. Then, you can provide or revoke access to users by group, role, and other attributes. You may do this for (Read more…)



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW