Educause Security Discussion mailing list archives
Securing the Single Sign-on Portal
From: Josh Flaherty <Josh.Flaherty () INDSTATE EDU>
Date: Tue, 4 Jun 2013 10:35:56 -0400
Greetings, Perhaps like many others, we are continuously adding applications that can be accessed through our single sign on portal. Some of these applications are administrative and provide access to sensitive data. We are taking a number of steps to reduce the risks associated with the portal but we are wondering what steps other entities are taking? Do any of you have double or separate factor authentication for critical administrative applications provided within the portal? Below are some of the things that we have/are effecting; * An "I have read this checkbox" containing security best practices upon first logon * Signs in security awareness campaign * Targeted announcements * Separate factor authentication for our main administrative application (although I am told the new version of Banner that we are going to no longer support separate user accounts) * Portal/Application timeouts Thanks, Josh Flaherty Information Technology Security Officer Office of Information Technology Indiana State University
Current thread:
- Securing the Single Sign-on Portal Josh Flaherty (Jun 04)
- Re: Securing the Single Sign-on Portal Josh Flaherty (Jun 10)