SSO / MFA
Even though you have deployed and are efficiently managing a robust security suite, just one compromised identity – particularly that of a privileged user – could expose your entire infrastructure to a hacker.
A significant percentage of the growth in cyberattacks is due to organisations only using single factor and password-based authentication, making it easier for attackers to compromise user credentials and breach systems. With corporate users accessing a wide range of services and applications on a daily basis using a username and password, identity has become the new perimeter.
Identity & Access Management
Identity and Access Management (IAM) determines how users gain access to a corporate system, what they can access within the system, and what they can do when they get there. IAM initiatives are crucial to ensuring that critical applications and documents containing sensitive corporate data are safeguarded and cannot be hacked by external actors.
Single Sign-On (SSO)
Single sign-on provides a secure login to all applications from any platform or device enabling users to log in just once to access all of their cloud-based applications.
This effectively eliminates the need for the user to recall multiple passwords (‘password fatigue’) as they are automatically authenticated for all subsequent SSO-enabled programmes within the same session.
SSO works by receiving a sign-on prompt from the client device attempting to access the application and mapping the credentials to a single login and password combination.
Multi-Factor Authentication (MFA)
Multi-factor authentication offers additional layers of protection over and above a username and password. It requires further validation or authentication methods to verify the identity of a user before allowing them to access network resources.
These authentication methods must incorporate a combination of:
- A Logical Knowledge Factor: something only the user knows (e.g. a password or PIN) AND
- A Physical Possession Factor: something only the user has (e.g. a device, token, card or key) AND
- A Biometric Inherence Factor – something only the user is (e.g. a fingerprint, facial/voice recognition or a retinal scan)
Deploying MFA across an organisation ensures that each user must authenticate using at least one method (factor) from each of the above categories to access corporate services and applications. External actors with only partial or guessed credentials will not be able to gain access even if they have a valid username and password.
Location is another additional factor which can be used to determine whether and how access is granted based on the user’s identifiable location.
An additional element of IAM is to ensure that users only have access to the information they need. This is achieved by implementing and adhering to strictly configured roles and privileges. User privileges help to limit the risk of a mistake being made, for example a user who successfully passed through SSO and MFA protection inadvertently deleting an important file.
If you would like to hear more about our Identity Management solutions, please get in touch