post(aad-snow): wording

This commit is contained in:
Ming Di Leom 2024-09-28 04:19:49 +00:00
parent ab0dc636d1
commit 453bcc7b39
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 2 additions and 2 deletions

View File

@ -1,6 +1,6 @@
--- ---
title: Azure AD/Entra ID SSO integration with ServiceNow title: Azure AD/Entra ID SSO integration with ServiceNow
excerpt: Difference of SAML and SCIM excerpt: Difference between SAML and SCIM
date: 2023-08-27 date: 2023-08-27
updated: 2024-09-28 updated: 2024-09-28
tags: tags:
@ -17,7 +17,7 @@ In an enterprise environment, SSO provides convenience to the staff and several
2. During offboarding, disabling an account from the identity provider will also revoke access to SSO-enabled systems, thus providing better security. 2. During offboarding, disabling an account from the identity provider will also revoke access to SSO-enabled systems, thus providing better security.
3. Identity provider is much more likely to support multi-factor authentication (MFA), enabling more systems to be MFA-secured. 3. Identity provider is much more likely to support multi-factor authentication (MFA), enabling more systems to be MFA-secured.
SSO does not necessarily provide better security all the time. Threat actor can utilise a compromised account to access any SSO-enabled system that the account has access prior, leading to wider blast radius. There are three mitigations to reduce such risk: SSO does not necessarily provide better security all the time. Threat actor can utilise a compromised account to access any SSO-enabled system that the account has prior access, leading to wider blast radius. There are three mitigations to reduce such risk:
1. Enforce MFA to minimise the chance of accounts being compromised. 1. Enforce MFA to minimise the chance of accounts being compromised.
2. Limit access to SSO-enabled systems through access control list (ACL). 2. Limit access to SSO-enabled systems through access control list (ACL).