Single Sign On

WebinarSeries

April 2017

About Community IT

Advancing mission through the effective use

of technology.

100% Employee Owned

Presenter

Matthew EshlemanCTO

Mobile-first, cloud-first reality

Exploited credentialsMore than 75 percent of network

intrusions exploit weak or

stolen credentials.

75% 15%Mobile security governanceBy the end of 2015 only 15 percent

of large organizations will have

adequate mobile security

governance for process and policy.

Viral unsanctioned ITMore than 80 percent of employees

admit to using non-approved

software as a service (SaaS)

applications in their jobs.

80%

Best Practices

• Password Policy• 8 characters minimum• 90 day age• Account lockout after 5 failed attempts,

10 min reset• 2FA for Cloud

• SSO for Cloud Applications

• Rename Admin Account

• Complex Service Account Passwords

• Disable inactive & unused accounts

• Remote access• Enable NLA for RDP• Restricted Access for Server Admin RDP• RDP behind Firewall/RD Gateway• Direct Access/VPN• Go Cloud

• Security Awareness Training for Staff

Managing Passwords

Single Sign On

• Designed for Enterprise

• Single Authentication Source

• Centralized provisioning

• Centralized reporting

• Policy management

• Relies on SSO vendor service

Password Manager

• User Centric

• Store & copy passwords

• Can generate passwords

• Relies on application vendor

One common identity

Simplify management

Improve security

Identity and access management

One common identity

Self-service capabilities

• Password reset

• Group membership

• MyApps portal

Manage everything

• Dynamic groups

• Provisioning

• B2B collaboration

Single sign-on

• Easy connection to existing assets

• Unified experience across user devices

Enterprise Mobility +Security

Protect your users, devices, and apps

AZURE RIGHTS

MANAGEMENT

& SECURE

ISLANDS

Detect problems early with visibility

and threat analytics

Advanced

Threat

Analytics

MICROSOFT

INTUNE

Protect your data, everywhere

AZURE ACTIVE

DIRECTORY

IDENTITY

PROTECTION

Extend enterprise-grade security to your cloud and SaaS apps

Protect application access from identity attacks

MICROSOFT

CLOUD APP

SECURITY

Microsoft enterprise mobility solutions

Identity and access

management

Azure Active

Directory

Single sign-on to 1000s of

cloud and on-premises

applications. Identity

protection with

notifications, analysis,

recommended

remediation, and risk-

based conditional access.

Mobile device and

app management

Microsoft

Intune

Leverage mobile device

management and

mobile app

management to

protect corporate apps

and data on almost any

device.

Information

protection

Azure Rights

Management

Encryption, identity, and

authorization to secure

corporate files and email

across phones, tablets,

and PCs.

Cloud and SaaS

app security

Microsoft

Cloud App Security

Bring enterprise-grade

visibility, control, and

protection to your cloud

applications.

User and entity

behavioral analytics

Microsoft Advanced

Threat Analytics

Identify suspicious

activities and advanced

attacks that target your

on-premises platform.

Quickly focus on what

is most important with

clear, actionable

reporting.

Enterprise Mobility Suite

SSO Options for Non-Profits

• Office 365• EM + S • $1.65 per user• Integrated with Office 365• Thousands of Native Integrations

• OKTA• OKTA for Good https://www.okta.com/okta-

for-good/• 25 free licenses• Integrated with Office 365• Easy setup and integration• OKTA 1 integration for free

End User Adoption

Planning

• Identify current applications• Use OpenDNS• Microsoft Cloud App Discovery• Firewall

• Review current SaaS subscription levels• Some SSO integrations require

higher tiers (Box, Slack, Salesforce)

• Determine level of Application integration

• What features?• SSO• MFA• Provisioning• Desktop SSO

• Use with current intranet

Implementation

• Use Vendor provide resources

• Staff notification• Pre project notification• Email blasts• Staff meeting• Define dates for application

cutover

• Phased approach• Easiest application first• Testing is difficult, hard to get

“Sandbox” environments• Plan on making tweaks

UpcomingWebinar

Successful Nonprofit Technology Change

Peter Mirus, Build Consulting

Wednesday May 17

4:00 – 5:00 PM EST