curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(aad-snow): wording

This commit is contained in:
Ming Di Leom 2024-09-28 04:19:49 +00:00
parent ab0dc636d1
commit 453bcc7b39
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/_posts/saml-scim.md
View File

@ -1,6 +1,6 @@
---
title: Azure AD/Entra ID SSO integration with ServiceNow
excerpt: Difference of SAML and SCIM
excerpt: Difference between SAML and SCIM
date: 2023-08-27
updated: 2024-09-28
tags:
@ -17,7 +17,7 @@ In an enterprise environment, SSO provides convenience to the staff and several
2. During offboarding, disabling an account from the identity provider will also revoke access to SSO-enabled systems, thus providing better security.
3. Identity provider is much more likely to support multi-factor authentication (MFA), enabling more systems to be MFA-secured.
SSO does not necessarily provide better security all the time. Threat actor can utilise a compromised account to access any SSO-enabled system that the account has access prior, leading to wider blast radius. There are three mitigations to reduce such risk:
SSO does not necessarily provide better security all the time. Threat actor can utilise a compromised account to access any SSO-enabled system that the account has prior access, leading to wider blast radius. There are three mitigations to reduce such risk:
1. Enforce MFA to minimise the chance of accounts being compromised.
2. Limit access to SSO-enabled systems through access control list (ACL).