Security news aggregator

Latest coverage for SSO

SSO lets one identity access multiple services, reducing password reuse while making account, session, and identity-provider security critical.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Single sign-on (SSO) lets a user authenticate once with a central identity provider and then access multiple applications without signing in separately to each one. Applications commonly rely on federation protocols such as SAML or OIDC to accept an assertion or token from that provider. SSO centralizes authentication; it does not by itself make every connected application secure or eliminate the need for authorization.

The concentration of access makes the identity provider a high-value target: a stolen password, session, or authentication token may provide access to many services. Phishing-resistant MFA, risk-based access controls, secure token and session handling, and careful configuration of application trust reduce that exposure. Organizations should also monitor provider and federation logs, review which applications can rely on SSO, and promptly disable accounts and sessions when roles change or employment ends. Misconfigured claims or overly broad application permissions can otherwise grant more access than intended.

Showing 1 most recent headlines Filtered view
Bank Info Security 5 months, 3 weeks ago

Voice Phishing Okta Customers: ShinyHunters Claims Credit

Okta Alerts Customers' CISOs to Malicious Campaigns Seeking Single Sign-On AccessA surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among the services being targeted.