Building Single Sign-On (Epam Case Study)

Transcript

1. EPAM Case Study Building Single Sign-On Confidential

2. • Enterprise Problems in EPAM • SSO as a Solution

   of the Enterprise Problems – What is SSO? – How it works – Strategy & Tactics – Implementation Agenda Confidential 2

3. Aliaksei Surovy • EPAM Enterprise Architect • Architecture Excellence Initiative

   Coordinator • EPAM Microsoft Competency Center Expert • EPAM SSO Team • Solution Architect About Me Confidential 3

4. PROBLEMS Enterprise Confidential 4

5. EPAM Problems Confidential 5 PMC EPIS … and many others

   EPAM Tube QPF EPAM Cloud Orchestration

6. SOLUTION SSO Confidential 6

7. Single Sign-On (SSO) - it is a property of access

   control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. What is SSO? Confidential 7

8. SSO How it works Confidential 8

9. SSO • AS IS – Current Landscape & Stakeholders (Infrastructure

   & Systems) – Requirements (Scenarios, Wishes) • Analysis & Design – Choose Protocols – Choose SSO Tool – Prove Of Concepts (POCs) – Technical Proposal • Implementation – Environments Setup (Staging & Production Environments) – Integration (Knowledge Base) • Policy – Application Registration Workflow Strategy & Tactics Confidential 9

10. SSO Chronology Confidential 10 • Understand Current Landscape • Define

    Focus Group (Critical Internal Systems & Stakeholders) • Gathering Requirements & Wishes • Build POC • Prove Of Concept (Validate Requirements & Wishes) • Create Technical Proposal • Build SSO Infrastructure • Integrate Applications into SSO

11. SSO • Active Directory Federation Service 3.0 is a feature

    of Windows Server 2012 R2 Standard Edition Protocols: – WS-Federation (passive) – WS-Trust 2005/1.3 (active) – SAML 1.1/2.0 – OAuth 2.0 (3-legged only) Token Formats: – SAML 1.1/2.0 – JWT • Big part of EPAM infrastructure is Windows • EPAM MSFT CC has AD FS 2.0 experience EPAM Solution: AD FS 3.0 Confidential 11

12. SSO Token Formats Confidential 12

13. SSO • Single Sign-Out • Federation with other Security Token

    Services (STS) • Multi-Factor Authentication • BYOD Support AD FS 3.0: Extra Features Confidential 13

14. SSO AD FS 3.0: Deployment Schema Confidential 14

15. Confidential 15 AD FS 3.0: login.epam.com SSO

16. Questions & Answers Confidential 16

17. [email protected] Contacts Confidential