Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Virtualization and Cloud Computing

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.

Enterprise Single Sign On Identity management for web applications.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:2/20/2012.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Integrating with UCSF’s Shibboleth system

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

Identity on Force.com & Benefits of SSO Nick Simha.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

Federated Access Management The Motherwell Experience Carole Gray.

Review Of Single Sign On Systems Mansee A. Mongia 05 th March,2008.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

Problems With Centralized Passwords Dartmouth College PKI Lab.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

F5 APM & Security Assertion Markup Language ‘sam-el’

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Access Policy - Federation March 23, 2016

A National e-Authentication Service

Secure Single Sign-On Across Security Domains

Using Your Own Authentication System with ArcGIS Online

Single sign-on Mike Ladd Nazia Raoof Bret Walker

eduroam Managed IdP - Roadmap

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Federation made simple

HMA Identity Management Status

Data and Applications Security Developments and Directions

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Dynamic DNS support for EGI Federated cloud

Cloud Connect Seamlessly

Azure AD Application Proxy

ESA Single Sign On (SSO) and Federated Identity Management

Office 365 Identity Management

GALILEO & OpenAthens: 21st Century Authentication for GALILEO Participating Libraries Christopher Holly Director of SaaS Innovation, EBSCO

GALILEO & OpenAthens: 21st Century Authentication for GALILEO Participating Libraries Christopher Holly Director of SaaS Innovation, EBSCO

Scott Miller TSM Team Lead Ray Mah Architect, Foundation

Getting Started With LastPass Enterprise

Presentation transcript:

Identity Management in Education

Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

Topics Define the issue Discuss authentication mechanisms Using a 10,000’ overview approach

The Problem Cloud based systems benefits Google Apps Thousands of frequently changing users Multiple accounts Multiple passwords … multiple headaches

Remember When… Software for learning installed locally Users authenticate locally once, access multiple applications Well, most of the time.

Local Supported Apps Pros: o Users are already “trusted” o LDAP can be used for authentication Cons: o Technology department responsible for install, operation, and updates o Sometimes requires its own hardware or server Bottom line, it can be expensive

Shift Towards SaaS Pros: o Software provider is in charge of install, operation and maintenance o Fixed cost Cons: o School is in charge of providing authentication

Authentication Nightmares Some sites are one user name full access Others are locked by IP address More and more are needing username and password information

Does the Shoe Fit? There is no one size fits all solution yet Providing user information per system Single Sign-on o OpenID o SAML2

Creating Users by Hand Local access to resources – LDAP Access remote systems, eg. Google Apps Create and manage accounts by “hand” Accounts are managed one by one Usually same password on all accounts What happens when a password is compromised?

Creating Accounts SiS administrator Local / LDAP Library Google Apps Online Learning On… and On… Network Admin

Managing Users Local / LDAP Library Google Apps Online Learning On… and On… Admin / Media Spec. / Para

Provisioning Tool Local / LDAP LibraryGoogle Apps Other

Managing Users Local / LDAP LibraryGoogle Apps Other Happy!!

What About SIF? Designed to send student data between SiS providers One way Adoption by developers of online software? What about staff? Each SiS company has a slightly different implimentation

Single Sign-on One password all systems Sign-on once, use many

Methods Form Auth Provider OpenID SAML2

Form Auth Federate username and password to remote system Form auth username password through local HTML link

Form Auth Pros: o Simple o Will work on systems that don’t support other methods Cons: o “Connectors” o Accounts still need to be created o Passwords are still maintained remotely one by one o Forms change, connectors break o Usually pay by the “connector”

OpenID and SAML2 Both provide token identifiers for authentication OpenID being pushed by Google SAML is another open standard with slightly more security (Security Assertion Markup Language)

SSO Primer Local Auth DB (LDAP) User Remote Service Provider SSO Portal

OpenID vs SAML2 OpenIDSAML2 HTTP Binding of request Service Providers loosely coupled IdP Identifier is global Does NOT support single sign out Multiple methods including HTTP Service Providers tightly coupled IdP valid for provider only Supports single sign out

SSO Issues Remote provider must support SSO method Weak passwords = quick access for hackers

Questions? Slides will be up on