What is involved in Single sign-on
Find out what the related areas are that Single sign-on connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Single sign-on thinking-frame.
How far is your company on its Single sign-on journey?
Take this short survey to gauge your organization’s progress toward Single sign-on leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which Single sign-on related domains to cover and 135 essential critical questions to check off in that domain.
The following domains are covered:
Single sign-on, Active Directory, Apache Subversion, Authentication server, Central Authentication Service, Covert Redirect, Cross-site scripting, Email client, Facebook Connect, HTTP cookie, Help desk, Identity management, Identity management systems, Integrated Windows Authentication, Internet Explorer, Internet Information Services, Internet protocol suite, Kerberos protocol, Lightweight Directory Access Protocol, Microsoft Windows, One-time password, OpenID Connect, Password fatigue, Pluggable Authentication Modules, Revision control, Security Support Provider Interface, Service provider, Smart card, Social login, Social networking service, Ticket-granting ticket, Usability of web authentication systems, Windows 2000, Windows NT, World Wide Web Consortium:
Single sign-on Critical Criteria:
Guide Single sign-on engagements and perfect Single sign-on conflict management.
– How can I avoid duplication of identity, attributes, and credentials and provide a single sign-on user experience for my users?
– Who will be responsible for deciding whether Single sign-on goes ahead or not after the initial investigations?
– Is Single sign-on Realistic, or are you setting yourself up for failure?
– Who sets the Single sign-on standards?
Active Directory Critical Criteria:
Read up on Active Directory adoptions and perfect Active Directory conflict management.
– Does the tool in use have the ability to integrate with Active Directory or sync directory on a scheduled basis, or do look-ups within a multi-domain forest in the sub-100-millisecond range?
– Does the tool we use have the ability to integrate with Enterprise Active Directory Servers to determine users and build user, role, and business unit policies?
– If we integrate an external product with active directory, will it require that we modify our ad schema?
– Provide the ability to synchronize active directory with cloud-based endpoints?
– How do we know that any Single sign-on analysis is complete and comprehensive?
– What is the process of adding users and deleting users from Active Directory?
– What happens if a user changes their password natively in active directory?
– Enable unix and linux authentication from active directory?
– Does your software integrate with active directory?
– What are internal and external Single sign-on relations?
– How will you measure your Single sign-on effectiveness?
Apache Subversion Critical Criteria:
Adapt Apache Subversion issues and perfect Apache Subversion conflict management.
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Single sign-on processes?
– What new services of functionality will be implemented next with Single sign-on ?
– How can the value of Single sign-on be defined?
Authentication server Critical Criteria:
Generalize Authentication server decisions and maintain Authentication server for success.
– What will be the consequences to the business (financial, reputation etc) if Single sign-on does not go ahead or fails to deliver the objectives?
– Are the firewall, router, wireless access points, and authentication server logs regularly reviewed for unauthorized traffic?
– What authentication servers and mechanisms are supported?
– What is our formula for success in Single sign-on ?
– What are current Single sign-on Paradigms?
Central Authentication Service Critical Criteria:
Ventilate your thoughts about Central Authentication Service tactics and work towards be a leading Central Authentication Service expert.
– At what point will vulnerability assessments be performed once Single sign-on is put into production (e.g., ongoing Risk Management after implementation)?
– What are the success criteria that will indicate that Single sign-on objectives have been met and the benefits delivered?
Covert Redirect Critical Criteria:
Bootstrap Covert Redirect quality and get the big picture.
– Are there any easy-to-implement alternatives to Single sign-on? Sometimes other solutions are available that do not require the cost implications of a full-blown project?
– Does the Single sign-on task fit the clients priorities?
– Does Single sign-on appropriately measure and monitor risk?
Cross-site scripting Critical Criteria:
Chart Cross-site scripting results and tour deciding if Cross-site scripting progress is made.
– Who will be responsible for making the decisions to include or exclude requested changes once Single sign-on is underway?
– Is Supporting Single sign-on documentation required?
– What are the usability implications of Single sign-on actions?
Email client Critical Criteria:
Derive from Email client goals and assess what counts with Email client that we are not counting.
– Who are the people involved in developing and implementing Single sign-on?
– How do we go about Comparing Single sign-on approaches/solutions?
Facebook Connect Critical Criteria:
Adapt Facebook Connect results and define what our big hairy audacious Facebook Connect goal is.
– Will new equipment/products be required to facilitate Single sign-on delivery for example is new software needed?
– How will we insure seamless interoperability of Single sign-on moving forward?
HTTP cookie Critical Criteria:
Sort HTTP cookie failures and get the big picture.
– How do we measure improved Single sign-on service perception, and satisfaction?
– Does Single sign-on analysis isolate the fundamental causes of problems?
Help desk Critical Criteria:
Infer Help desk goals and triple focus on important concepts of Help desk relationship management.
– What are your results for key measures or indicators of the accomplishment of your Single sign-on strategy and action plans, including building and strengthening core competencies?
– The offeror will describe its service levels for fixes, help desk, etc. will it reduce its fees if the service levels are not met?
– Expose its policy engine via web services for use by third-party systems (e.g. provisioning, help desk solutions)?
– Complement identity management and help desk solutions with closedloop import and export?
– What features of the current help desk service management tool are being used?
– How has the current help desk service management tool been customized?
– Do we know the number of password problem help desk calls per month?
– What is the current help desk service management tool and version?
– Help desk password resets easily measured (specific number?
– How will the offeror provide support through the help desk?
– Are accountability and ownership for Single sign-on clearly defined?
– Number of password problem help desk calls per month?
– How does the help desk authenticate callers?
Identity management Critical Criteria:
Discourse Identity management planning and diversify by understanding risks and leveraging Identity management.
– With so many identity management systems proposed, the big question is which one, if any, will provide the identity solution to become standard across the internet?
– Do we keep track of who the leading providers of identity management products and services are, and what are their key offerings, differentiators and strategies?
– How is the market for identity management evolving in new technologies, market trends and drivers, and user requirements?
– Did we develop our saas identity management solution in house or was it acquired from other vendors?
– Why is it important to have senior management support for a Single sign-on project?
– What is the security -life cycle identity management business case?
– What are the identity management facilities of the provider?
– What is a secure identity management infrastructure?
– What is identity management to us (idm)?
– Do we all define Single sign-on in the same way?
– How can identity management help?
– How to deal with Single sign-on Changes?
– What about identity management?
Identity management systems Critical Criteria:
Define Identity management systems engagements and drive action.
– How do you determine the key elements that affect Single sign-on workforce satisfaction? how are these elements determined for different workforce groups and segments?
– What role does communication play in the success or failure of a Single sign-on project?
– How likely is the current Single sign-on plan to come in on schedule or on budget?
Integrated Windows Authentication Critical Criteria:
Devise Integrated Windows Authentication adoptions and assess what counts with Integrated Windows Authentication that we are not counting.
– Think about the people you identified for your Single sign-on project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?
– Have you identified your Single sign-on key performance indicators?
Internet Explorer Critical Criteria:
Co-operate on Internet Explorer goals and gather practices for scaling Internet Explorer.
– Does Single sign-on systematically track and analyze outcomes for accountability and quality improvement?
– Do you monitor the effectiveness of your Single sign-on activities?
– What is our Single sign-on Strategy?
Internet Information Services Critical Criteria:
Air ideas re Internet Information Services decisions and balance specific methods for improving Internet Information Services results.
– Among the Single sign-on product and service cost to be estimated, which is considered hardest to estimate?
– Do we monitor the Single sign-on decisions made and fine tune them as they evolve?
– What potential environmental factors impact the Single sign-on effort?
Internet protocol suite Critical Criteria:
Group Internet protocol suite projects and frame using storytelling to create more compelling Internet protocol suite projects.
– What are your current levels and trends in key measures or indicators of Single sign-on product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?
Kerberos protocol Critical Criteria:
Accumulate Kerberos protocol leadership and pay attention to the small things.
– Is the Single sign-on organization completing tasks effectively and efficiently?
Lightweight Directory Access Protocol Critical Criteria:
Confer re Lightweight Directory Access Protocol tactics and forecast involvement of future Lightweight Directory Access Protocol projects in development.
– What are the disruptive Single sign-on technologies that enable our organization to radically change our business processes?
– How can you measure Single sign-on in a systematic way?
Microsoft Windows Critical Criteria:
Frame Microsoft Windows results and get the big picture.
– Are we making progress? and are we making progress as Single sign-on leaders?
– Will Single sign-on deliverables need to be tested and, if so, by whom?
One-time password Critical Criteria:
Understand One-time password goals and maintain One-time password for success.
– How do we make it meaningful in connecting Single sign-on with what users do day-to-day?
– How do we Improve Single sign-on service perception, and satisfaction?
OpenID Connect Critical Criteria:
Bootstrap OpenID Connect tasks and look for lots of ideas.
Password fatigue Critical Criteria:
Debate over Password fatigue adoptions and explain and analyze the challenges of Password fatigue.
– Think of your Single sign-on project. what are the main functions?
– How do we manage Single sign-on Knowledge Management (KM)?
– How much does Single sign-on help?
Pluggable Authentication Modules Critical Criteria:
Have a session on Pluggable Authentication Modules issues and overcome Pluggable Authentication Modules skills and management ineffectiveness.
– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Single sign-on models, tools and techniques are necessary?
– What are the barriers to increased Single sign-on production?
– Why are Single sign-on skills important?
Revision control Critical Criteria:
Reorganize Revision control visions and create a map for yourself.
– Do several people in different organizational units assist with the Single sign-on process?
– Is a Single sign-on Team Work effort in place?
Security Support Provider Interface Critical Criteria:
Deliberate Security Support Provider Interface engagements and assess what counts with Security Support Provider Interface that we are not counting.
– How can we incorporate support to ensure safe and effective use of Single sign-on into the services that we provide?
– Do we have past Single sign-on Successes?
Service provider Critical Criteria:
Test Service provider decisions and describe which business rules are needed as Service provider interface.
– Do you have written clearance procedures in place regarding use, licensing, and consent agreements for third party content used by you in your products or services and on your website or in your promotional materials?
– Do you have contracts in place with the 3rd parties that require the vendor to maintain controls, practices and procedures that are as protective as your own internal procedures?
– Are interdependent service providers (for example, fuel suppliers, telecommunications providers, meter data processors) included in risk assessments?
– During the last 3 years, has anyone alleged that you were responsible for damages to their systems arising out of the operation of your system?
– Does the service provider have facilities in place to ensure continuity of service in the face of environmental threats or equipment failures?
– Can cloud service providers offer the flexibility to provide availability service levels in line with the customers requirements?
– Is firewall technology used to prevent unauthorized access to and from internal networks and external networks?
– What ITIL best practices, security and data protection standards and guidelines are in use by the cloud service provider?
– Do you publish a bulletin board, chat room or otherwise allow users to upload or post content to your website?
– Does your company have a current information security policy that has been approved by executive management?
– Do you allow sensitive data to be loaded on to devices that may be removed from the premises?
– Is anti-virus software installed on all computers/servers that connect to your network?
– What are key cost factors involved while using cloud services from a service provider?
– What is the range of the limitation of liability in contracts?
– What is the IT security environment of the service provider?
– Response What should the response to incidents be?
– Where Is your organizations Confidential Data?
– What is A good cloud service provider?
– Is sensitive information involved?
– Who Will Benefit?
Smart card Critical Criteria:
Mine Smart card management and work towards be a leading Smart card expert.
– What are our best practices for minimizing Single sign-on project risk, while demonstrating incremental value and quick wins throughout the Single sign-on project lifecycle?
– What management system can we use to leverage the Single sign-on experience, ideas, and concerns of the people closest to the work to be done?
Social login Critical Criteria:
Graph Social login projects and clarify ways to gain access to competitive Social login services.
– Do Single sign-on rules make a reasonable demand on a users capabilities?
– What are the Key enablers to make this Single sign-on move?
– Who will provide the final approval of Single sign-on deliverables?
Social networking service Critical Criteria:
Graph Social networking service governance and raise human resource and employment practices for Social networking service.
– Which customers cant participate in our Single sign-on domain because they lack skills, wealth, or convenient access to existing solutions?
– How do we keep improving Single sign-on?
Ticket-granting ticket Critical Criteria:
Dissect Ticket-granting ticket adoptions and suggest using storytelling to create more compelling Ticket-granting ticket projects.
– What business benefits will Single sign-on goals deliver if achieved?
– Are we Assessing Single sign-on and Risk?
– What is Effective Single sign-on?
Usability of web authentication systems Critical Criteria:
Adapt Usability of web authentication systems strategies and differentiate in coordinating Usability of web authentication systems.
– Meeting the challenge: are missed Single sign-on opportunities costing us money?
Windows 2000 Critical Criteria:
Confer over Windows 2000 tactics and look at it backwards.
– what is the best design framework for Single sign-on organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?
Windows NT Critical Criteria:
Boost Windows NT decisions and finalize the present value of growth of Windows NT.
World Wide Web Consortium Critical Criteria:
Merge World Wide Web Consortium tasks and perfect World Wide Web Consortium conflict management.
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Single sign-on process. ask yourself: are the records needed as inputs to the Single sign-on process available?
– Does Single sign-on analysis show the relationships among important Single sign-on factors?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Single sign-on Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
Single sign-on External links:
JCCC Single Sign-on
Single Sign-On | HVCC
What is single sign-on (SSO)? – Definition from …
Active Directory External links:
Azure Active Directory B2C | Microsoft Azure
Active Directory – Access & identity – IDaaS | Microsoft Azure
User Attributes – Inside Active Directory
Apache Subversion External links:
Apache Subversion FAQ
Install and Configure Apache Subversion (SVN) on …
How to Resolve Conflicts in Apache Subversion: 9 Steps
Authentication server External links:
IO Education Authentication Server – Casenex
User account | FCA Authentication Server
IO Education Authentication Server
Central Authentication Service External links:
myFSU – Central Authentication Service
CAS – Central Authentication Service
CAS – Central Authentication Service
Covert Redirect External links:
Can someone explain the “Covert Redirect” vulnerability …
Cross-site scripting External links:
Cross-Site Scripting – WASC
projects.webappsec.org/w/page/13246920/Cross Site Scripting
Learn how XSS (cross-site scripting) vulnerabilities are used by attackers to inject malicious scripts into websites or web applications.
Cross-Site Scripting – Application Security – Google
Email client External links:
Chaos Software contact manager email client crm
HughesNet Webmail and Email Client Configuration
Facebook Connect External links:
Facebook Connect for MVP Club Accounts – Nebraska Lottery
Pogo & Facebook Connect | Help
HTTP cookie External links:
HTTP cookie – ScienceDaily
HTTP cookie – Wiktionary
Cookies.ppt | Http Cookie | Cyberspace
Help desk External links:
ND University System Help Desk | NDUS CTS
Help Desk – Helpdesk Software Login
Identity management External links:
ALSDE Identity Management (AIM) « ALSDE (Alabama …
Intrado Identity Management Self-Service :: Log In
ISG – Identity Management System – Login
Identity management systems External links:
[PDF]Federated Identity Management Systems – Cornell …
Comprehensive Study of Identity Management Systems
Identity Management Systems Program | NIST
Integrated Windows Authentication External links:
Configuring Integrated Windows Authentication | …
Using integrated Windows authentication
Internet Explorer External links:
Download Adblock for Internet Explorer – Simple Adblock
Internet Explorer 11 is the latest version of Microsoft’s default browser. It provides all standard features that you’d want in a Web browser, while giving
Change your home page for Internet Explorer 11
Internet Information Services External links:
Microsoft Internet Information Services 8
Microsoft Internet Information Services 8 – RaceTrac
Download Internet Information Services 6.0 Migration …
Internet protocol suite External links:
Internet Protocol Suite
The Internet protocol suite is the conceptual model and set of communications protocols used on the Internet and similar computer networks. It is commonly known as TCP/IP because the original protocols in the suite are the Transmission Control Protocol (TCP) and the Internet Protocol (IP).
Internet Protocol Suite Flashcards | Quizlet
Kerberos protocol External links:
[MS-SFU]: Kerberos Protocol Extensions: Service for …
[MS-KILE]: Kerberos Protocol Extensions
Basic Concepts for the Kerberos Protocol
Lightweight Directory Access Protocol External links:
Lightweight Directory Access Protocol – Oracle …
LDAP (Lightweight Directory Access Protocol) …
The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories.
Microsoft Windows External links:
Creating a Password Reset Disk in Microsoft Windows …
One-time password External links:
Browser OTP (One-Time Password)
OpenID Connect External links:
OpenID Connect – Auth0
OpenID Connect UserInfo endpoint | Connect2id
OpenID Connect Flows – Scott Brady
Password fatigue External links:
Password Fatigue – Home | Facebook
‘Password Fatigue’ May Soon Be Over – Business Insider
Pluggable Authentication Modules External links:
42.4. Pluggable Authentication Modules (PAM) – CentOS
Pluggable Authentication Modules – Example Header Files
PAM (Pluggable Authentication Modules)
Security Support Provider Interface External links:
Security Support Provider Interface Architecture
Service provider External links:
Wasatch Peaks Credit Union – Financial Service Provider
My Provider Link – Your Service Provider’s Billing Partner
Moving Helper® sign in – Moving Help Service Provider login
Smart card External links:
UPAF Smart Card: SM ART CARD
Smart Cards | Coupons and Virtual Smart Card
Social login External links:
Melia Social Login – Hotels International
Hybridauth Social Login PHP Library
Social Login FAQs | Common Sense Media
Social networking service External links:
Jessica Pugh Thesis | Social Networking Service | …
Social networking service | Social Media
Effect Social Networking | Myspace | Social Networking Service
Usability of web authentication systems External links:
Usability of web authentication systems – Revolvy
www.revolvy.com/topic/Usability of web authentication systems
Usability of web authentication systems – WOW.com
Windows 2000 External links:
Windows NT External links:
How to Make a Ping Utility on Windows NT Systems: 7 Steps
How to Install Windows NT 4.0 Workstation (with Pictures)
World Wide Web Consortium External links:
World Wide Web Consortium – Official Site