Blog
Single Sign On, Federated Identity, A Useful Alternative to Endless Passwords
Organizations are under attack from data hackers and ransomware on an almost daily basis. We have extended and enhanced user identity checking functionality in Matrix Gemini LIMS to support federated identity providers such as Azure and Okta.
5th December 2023
Organizations are under attack from data hackers and ransomware on an almost daily basis. In response many corporate IT teams are enforcing the use of strong passwords for all IT systems and sometimes requiring these to be changed regularly. However, with users generally accessing multiple systems, managing and remembering the required usernames and passwords can become difficult. In response users may choose obvious passwords, use the same password for multiple systems or keep easily accessible written records of usernames and passwords. Increasingly organizations are looking at federated identity solutions to keep systems, and the data they house, safe and help users solve the problem of remembering multiple passwords. Additionally federated identity solutions reduce the burden on IT departments when it comes to managing users, their access to different applications and enforcing password policies.
Taking the easy option - the 10 most common passwords
We need passwords for many of the applications we use on a daily basis both at work and at home. But remembering the growing list of passwords needed in modern life is becoming ever more difficult. As a result, we often use easy to remember passwords. This has led hackers to use automated bots as an attack vector to try out common passwords until they find one that works. It is shocking what the top 10 list of common passwords is:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
In addition, variations on these simple keyboard combinations are surprisingly common and it is not unusual for people not to change the default or initial passwords they were provided with.
The Need for Tighter Security
IT departments often block the most common passwords from being used, force more complex password algorithms, and drive regular password changes, to protect corporate systems and the data they hold from attack. This protection works to an extent, but still requires users to remember multiple complex passwords which may result in people writing them in the back page of their lab book. Fine until you leave it on the train!
As a way of reducing the passwords users have to remember, and to make logging in to multiple applications easier, companies are adopting single sign-on (SSO), or federated identity, methodologies allowing users to sign on to those systems using a single set of credentials.
To login to an application, such as Matrix Gemini LIMS, the user opens the login screen within the application as before. However, rather than use the username/password authentication process built into the application it hands off the SSO process to the third-party identity provider using SAML (Security Assertion Markup Language). Once the third-party application authenticates the user and approves access the application opens as usual.
Since the user just needs to authenticate in the usual familiar way (using a username and password) they notice very little difference between the two login methodologies. If the user is already authenticated with the identity provider via another application, depending on how IT set up the system, you may just be logged in automatically as it has already approved your identity. The real benefits are two-fold:
- The user only has to remember one password for all corporate applications.
- The IT team only have to set up and administer users on one system with the identity provider, not in multiple applications, simplifying support and maintenance.
- The third-party identity provider often supports multi-factor authentication, strengthening the login process.
Although users will have a single password the system can still block common passwords, force complex strings to be used, and require that passwords be changed regularly to ensure security.
Matrix Gemini and SSO
Next time you are logging in to an application online, and you are asked for your Google, LinkedIn, or Facebook password you’ll know that it’s probably using some form of single sign on technology to authenticate and approve your access. From v6.11 Matrix Gemini has extended and enhanced user identity checking functionality to support SSO identity providers such as Azure and Okta. The functionality is the same whether the Matrix application is based on-premise or in the cloud.
It’s just another way we are using the latest technology to make our lives easier, and corporate data more secure.