SAML Web Browser SSO (IdP-Initiated)

SAML Web Browser SSO (IdP-Initiated)

Broadly speaking, there are two scenarios in the Web Browser SSO Profile, IDP-initiated SSO and SP-initiated SSO. This diagram introduces the message flows of the IdP-Initiated SSO.

Assertions

  1. Authentication statements
  2. Attribute statements
  3. Authorization decision statements

Protocols

  1. Authentication Request Protocol
  2. Single Logout Protocol
  3. Assertion Query and Request Protocol
  4. Artifact Resolution Protocol
  5. Name Identifier Management Protocol
  6. Name Identifier Mapping Protocol

Bindings

  1. HTTP Redirect Binding
  2. HTTP POST Binding
  3. HTTP Artifact Binding
  4. SAML SOAP Binding
  5. Reverse SOAP (PAOS) Binding
  6. SAML URI Binding

Profiles

  • Web Browser SSO Profile
  • Enhanced Client and Proxy (ECP) Profile
  • Identity Provider Discovery Profile
  • Single Logout Profile
  • Others

Fine-Grained Password Policy (FGPP)

image_thumb_4

The fine-grained password policy (FGPP) is specific to Microsoft Active Directory. The password settings in a group policy object (GPO) are applied at the domain level only. If you have multiple organizational units (OU or departments) or groups, you cannot enforce password settings at the OU or group level. That’s why the fine-grained policy comes in. By modifying the Active Directory schema, the AD administrators can apply password settings at a smaller granular level.

References

IDaaS and Shadow IT

IDaaS

Identity as a Service is described as the authentication infrastructure managed and hosted by a third-part cloud vendor to provide identity and access management services.

  • Cloud-Based and Multitenant Architecture
  • Password Management and Authentication
  • Single Sign-On and Federation
  • Automated Approval Workflows
  • Analytics and Intelligence
  • Configurable IAM Implementation Templates
  • Governance, Risk, and Compliance

Source: What is Identity-As-A-Service? IDaaS Explained

Shadow IT

Shadow IT refers to IT technologies, solutions, services, projects and infrastructure utilized and managed without formal approval and support of internal IT departments. Shadow IT technologies may not align with the organizational requirements and policies pertaining to compliance, security, cost, documentation, SLA, reliability and other key factors that determine the formal support of an IT system by appropriate decision makers in the organization. As such, users of Shadow IT systems bypass the approval and provisioning process and utilize the unauthorized technology without knowledge of their IT department.

Source: An Introduction to Shadow IT