1 / 7

Single Sign-on Integration (SSI) MSIT 458 – Information Security

Single Sign-on Integration (SSI) MSIT 458 – Information Security. Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza Shaikh Naveed Asem 10/14/2012. General Problem – Lack of SSI.

diallo
Download Presentation

Single Sign-on Integration (SSI) MSIT 458 – Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Single Sign-on Integration (SSI)MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza Shaikh Naveed Asem 10/14/2012

  2. General Problem – Lack of SSI Problem - Lack of Single Sign-On Integration (SSI) is wide-spread across companies in all major industries Cause • Lack of understanding security architecture • Lack of understanding implementation options • Lack of enterprise IT governance Effect • Fail to follow enterprise security standards • Wasted infrastructure resources • Major security risk; Prone to authenticity attacks

  3. SSI Problem in Our Company • Our company has HR app with sensitive data • salary, age, performance reviews, etc • HR app lacks Single Sign-on Integration • HR app utilizes non-standard authentication • Before exposing HR app to internet, SSI needs to be implemented to provide better security

  4. Current System Architecture The current HR web application… • …is an intranet application • …is a reporting front-end • …is not a custom application • …is generated through Microsoft SSRS • …has sensitive data • …has a dynamic user base • …uses SSRS “native mode” that relies on windows authentication

  5. Problem Statement Problem Statement: • Enterprise authentication policies not enforced • Authenticated users are re-authenticated • Users spend more time logging in • Users have to remember additional password • Not leveraging Organization hierarchies • Lack of security infrastructure (high-availability, disaster recovery, etc.) for user authentication

  6. Options to Solve SSI Problem Option 1 – SharePoint Integration • Integrate HR app into enterprise SharePoint Farm • May also deploy reports as SharePoint web parts only Option 2 – Active Directory • Use AD for authentication • AD already configured for LDAP, Kerberos, DNS • ADFS provides SSO Option 3 – SharePoint & AD • Combination of option 1 and option 2

  7. Feedback Request Improvement Ideas? Additional Options for Part 3? Thank you, Team Triad Radu + Moniza + Naveed

More Related