Federated Identity, SSO and Multifactor Authentication June 23 rd , - - PowerPoint PPT Presentation

▶

Feb 06, 2023 414 likes •542 views

Computing Services and Systems Development Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and Systems Development F EDERATED I DENTITY , SSO AND MFA @ THE U NIVERSITY OF P ITTSBURGH Tony Carra

SLIDE 1

Computing Services and Systems Development

Federated Identity, SSO and Multifactor Authentication

June 23rd, 2017

SLIDE 2

Computing Services and Systems Development

FEDERATED IDENTITY, SSO AND MFA @

THE UNIVERSITY OF PITTSBURGH

Tony Carra

SLIDE 3

Computing Services and Systems Development

Pitt Passport

Single Sign-on service
Grants access to Web Based Services such as;

– My.Pitt.edu – CourseWeb (Blackboard) – Student Information System – Box – Office 365 – Many Others

SLIDE 4

Computing Services and Systems Development

Features of Pitt Passport

Consistent

– Consistent, trusted login experience; passport.pitt.edu

Multifactor Authentication

– Enhanced security with added layer

SLIDE 5

Computing Services and Systems Development

Technology behind Pitt Passport

Shibboleth
Pitt Passport is more than just Shibboleth…

– Central Database / Registry – Active Directory – Provisioning System

SLIDE 6

Computing Services and Systems Development

Pitt Passport and IAM system

Student System Human Resources System ID Center System UPMC Systems

Identity Provisioning System Central Directory System Account Management Web Site Act Mgt Web Service

Office 365 Active Directory in Azure

Other Cloud Applications Box Panopto

Other University Systems Active Directory Pitt Passport

SLIDE 7

Computing Services and Systems Development

Groups

Managed via Web Based Application
Allows flexibility…for Users and

Departments

– Create Groups – Maintain membership – Can be used through-out many different applications

SLIDE 8

Computing Services and Systems Development

Why Shibboleth?

Reduced number of IDs and passwords for

end users

Works with SAML 2.0
Easy to customize for different

configurations

Built for High Ed and Research organizations

SLIDE 9

Computing Services and Systems Development

Multifactor Authentication in Pitt Passport

Provided by Duo Security
Adds a layer of security
Requires 2 “Factors” to verify identity

– Something you Know – Something you Have

SLIDE 10

Computing Services and Systems Development

Multifactor Authentication (cont.)

Benefits:

– Secure – Efficient – Convenient

SLIDE 11

Computing Services and Systems Development

Joining InCommon Federation

Implementation of Service Providers
Trusted Partners

– Level of Trust – Others Universities working with partners

Certificates

SLIDE 12

Computing Services and Systems Development

Federated Identity, SSO and Multifactor Authentication

FEDERATED IDENTITY, SSO AND MFA @

THE UNIVERSITY OF PITTSBURGH

Tony Carra

Pitt Passport

– My.Pitt.edu – CourseWeb (Blackboard) – Student Information System – Box – Office 365 – Many Others

Features of Pitt Passport

– Consistent, trusted login experience; passport.pitt.edu

– Enhanced security with added layer

Technology behind Pitt Passport

– Central Database / Registry – Active Directory – Provisioning System

Pitt Passport and IAM system

Groups

Departments

– Create Groups – Maintain membership – Can be used through-out many different applications

Why Shibboleth?

end users

configurations

Multifactor Authentication in Pitt Passport

– Something you Know – Something you Have

Multifactor Authentication (cont.)

– Secure – Efficient – Convenient

Joining InCommon Federation

– Level of Trust – Others Universities working with partners

Thank You Questions?