Importance of SSO to Businesses

singapore identity access management

The technology of single sign-on (SSO) authentication has been around for some time. However, it has only started gaining traction in recent years. Today, SSO is essential to the success of enterprise identity access management solutions.

Many organisations have recently turned to the use of cloud-based tools for work, with employees having to access many applications and services. Instead of manually logging in every time, SSO allows business employees to access an array of Internet applications and tools with a single username and password combination. As a result, many businesses have begun to incorporate SSO and employees can do away with memorising multiple login credentials, thus contributing to improving workplace productivity. Moreover, SSO reduces the number of forgotten passwords and password resets. This, in turn, alleviates help desk costs as IT security teams are no longer burdened with having to manage countless passwords linked to just as many employee accounts. Security teams no longer have to handle low-level administrative issues and hence, are able to channel their efforts into larger scale operations to augment efficiency and security. It, therefore, comes as no surprise that an increasing number of businesses are turning to SSO as a solution to streamline login processes and save costs on digital security.

Contrary to popular belief, SSO authentication enhances digital security despite users only having to remember one set of username and password. SSO technology increases the difficulty for hackers to find out a person’s login information, especially with more sophisticated solutions offering biometric authentication through fingerprint identification and facial recognition. Furthermore, SSO grants IT, teams, real-time overview of the users who have accessed certain corporate resources. A real-time system log monitors user activity through geolocation tracking and uses that information to ensure that the integrity of the system is not compromised. Should an employee lose their laptop or smartphone device, the IT security team can effectively disable their account. In a similar vein, SSO allows for the configuration of access based on employee role, making sure that the appropriate people have access to the appropriate resources. As a result, access can be controlled based on seniority of the employee or the department they belong to, making it transparent to the organisation which resources can or cannot be accessed by certain employees.

In addition, SSO aids in the tightening of business-to-business (B2B) collaboration. Extranets are a major way of interconnection between businesses and they contain data that is shared between companies for the purpose of collaboration. Cross-company relationships can be supported by SSO which enables business partners to selectively access documents, applications and resources. With SSO, interoperability can be achieved, while businesses maintain complete control over their corporate data. By facilitating B2B collaboration, organisations can enhance development and output of products and services.

As the world moves to a digital age where everyone is interconnected, there will be more IT security challenges, especially for businesses. SSO is an integral property of identity access management systems to strengthen digital security and create a streamlined workflow experience within the workplace. Businesses are strongly encouraged to adopt SSO solutions.

Identity and Access Management and the Internet of Things

singapore identity access management

A decade ago, the Internet of Things (IoT) would have sounded like a fantasy. However, the reality of the IoT is steadily gathering momentum and is already upon us in 2018. Just what is the Internet of Things? Essentially, it refers to the network of “things”: smart watches, cars, home appliances, all connected in a network, allowing them to constantly exchange information.

Naturally, exchanging such a gargantuan amount of personal information between innumerable devices means great security risks for consumers and businesses. Identity and access management (IAM) has to adapt to match the changing environment to mitigate and protect against security breaches. This article looks at how Identity and Access Management is affected by the Internet of Things.

The sheer volume of devices connected to different networks will be the biggest challenge posed to Identity and Access Management. New IAM systems must be adjusted to handle the manifold increase in workload of checking identities, authenticating logins and monitoring on-going sessions for proper access. Traditional IAM systems were not designed to handle automated devices. IAM systems typically handle user verification; different individuals logging in to gain access to a network.

However, the IoT presents the challenge of handling thousands of devices constantly logging in and accessing networks automatically. IAM systems must be able to verify identities from a huge number of devices, languages and application. This demands flexibility, huge scales and abundant power from IAM systems to allow the all devices to stay safe connected to a network while processing the huge amount of data generated by the IoT.

The inherent nature of the IoT demands a structural adjustment from traditional IAM systems. As previously stated, IAM traditionally verifies human identities accessing networks via passwords or physical validation. The foundational agents of the IoT are ‘things’ – smart devices embedded within the current structure of the Internet. These devices need identities for IAM to even perform its most basic functions.

Changing demands has not gone unnoticed by those in charge of IAM systems. This complicated relationship between IAM and the IoT has been labelled the Identity of Things, or IDoT. Managing this relationship is key for a safe and consistent flow of data from smart devices, to reap the benefits of the information produced by the IoT.

Giving each device an identity, linking them to their human operators and allowing them appropriate access are all challenges IAM must overcome. IAM strategies must adjust, from simply authenticating identities to working towards providing businesses or enterprises security as a whole.

This brings us to our last point: the IoT simply brings so many more potential threats for IAM systems to handle. While smart coffee machines or physical activity trackers may not seem a threat, more personal information can be accessed during unauthorised security breaches. Tampered health records, accessed bank accounts or leaked confidential details are possible outcomes of poor IAM strategies.

In 2015, this threat was fully on display. A jeep was accessed remotely and essentially hijacked as hackers gained control over its locks, speedometer, even accelerator.

The Internet of Things opens up endless exciting possibilities for manufacturers and consumers. Identity and Access Management strategies must be updated to handle these changes in volume, access and simply accommodating devices instead of humans.

 

Breaking Down and Simplifying 2FA SingPass Login System

2fa singpass singapore

In July 2015, Singaporeans logging into SingPass suddenly faced a new issue: navigating the new two-factor authentication when logging in. All of a sudden, new login details were needed and more information was demanded every time we tried accessing our accounts.

For those keeping up with technological jargon, SingPass’ two-factor authentication, 2FA, login system is easily understood. For the rest of us, we may struggle to understand this system and simply find it frustrating and tedious. Here, we look at how 2FA or multi-factor authentication systems work.

Before diving into the technicalities of multi-factor authentications, we’ll begin with a brief look why SingPass implemented this 2FA system when logging in.

SingPass links every Singaporean or resident to more than 60 government agencies, allowing each user easy and convenient access to north of 200 e-government services. It is compulsory for all Singaporeans to create a SingPass account once they turn 15. Users can file taxes, access their retirement funds and apply for public housing using their SingPass accounts.

The need for tougher authentication was triggered by a high profile hacking in 2011 and 2014. At this point in time, SingPass only needed a username and password when logging in. However, a hacker managed to illegally access 293 SingPass accounts in 2011. He collected their personal information before selling them off to a syndicate producing fake visas applications to enter Singapore. In 2014, 1500 accounts were unlawfully accessed, highlighting the need to better protect sensitive data.

So how does 2FA address these concerns? At its most fundamental level, 2FA needs you to prove your identity twice before you can use your SingPass account.

The most common example of this is pairing our account username and password with a one-time password (OTP) when logging in. Our username and password are the first factor to authenticate. We then receive a one-time password (OTP) via SMS, and this is used to complete the login. The OTP is the second factor to authenticate.

Authentication systems work on one principle: confirming one’s identity by knowledge or possession factors. In simpler terms, this means using something only the correct person knows or has.

2FA systems use expands on this principle, requiring both factors to confirm one’s identity. While this might sound slightly abstract, these examples may help you better understand this principle.

An example of an authentication system is a door lock. Ideally, only the owner, or residents of the house have the key to unlock it. That key is something you have. Confirming a password for your Facebook or Google account is also an authentication, and the password is something only you know.

Singpass’ 2fa system simply puts these two factors together. Your SingPass username and password is something only you know. Your phone, where you receive the OTP, is your personal possession and only something you own. This doubles the difficulty for anyone trying to simultaneously guess your username, password and OTP, protecting your personal information on SingPass.

To conclude, SingPass had to update its security in response to multiple breaches. The simple username – password combination meant that huge amount of extremely sensitive data could be illegally accessed by hackers. The 2FA system doubles the security of one’s account, crucial for an account as important as SingPass.

Complete Guide to Setting up Your SingPass Account

singpass singapore

To setup a singpass 2fa singapore system account, one does not have to be a rocket scientist. However, there are certain steps that need to be followed to setup and register the account.

The SingPass 2FA is a security gateway for access to over 60 government services in Singapore, with the help of a single username and password. The residents of Singapore primarily require SingPass when they want to transact with various government institutions. Now the question is: how does one set up and register into a SingPass account? Here is the complete procedure for users.

The preconditions

Before a user attempts to setup the SingPass 2 Factor Authentication account, the individual has to ensure that they qualify for SingPass, based on the following criteria:

  • The person is at least 15 years old
  • The person is a Permanent Resident of Singapore or a Singapore citizen or a holder of the Employment Pass or an eligible holder of Work Permit for working on the soil of Singapore.

They then also need to ensure that the address mentioned in the NRIC or the FIN card is correct. However, that can be updated as well.

The simple step by step guide

  • The first step involves going to the SingPass website
  • Then it’s time to register for SingPass
  • Finally, it’s time to setup SingPass account

Let us go to details:

  • First, the users will have to www.SingPass.gov.sg 
  • Click on the ‘Register for SingPass’ option.
  • Checking the eligibility for registering in SingPass account is the next step and for that users can find an option that asks whether the user is eligible for not to set up the setup SingPass 2FA Singapore 2 Factor Authentication system account.
  • The next step is checking whether the address that is mentioned on the NRIC/FIN card is correct.
  • Then it’s time to go through the terms of use and agree to them and then clicking on the “Register Now’ account.
  • Now it’s time to feed in the personal details.
  • Once done, punch in the verification code. The Date of Issue of the NRIC or the Pass can be viewed at the back of the card.
  • Once the fields are filled up, it’s time to ‘submit’
  • Once it is done, the SingPass password is delivered at the mailing address, registered with SingPass. It generally takes 5 working days for the password to be delivered at the address.
  • Once the password is received, users can begin to set up the 2 Factor Authentication system in their account.
  • Once in the account, users need to fill in in the contact details like mobile number in the appropriate fields.
  • As soon as changes are made in the account, SingPass will send notification messages to the registered mobile number of the user.
  • The user needs to opt for the preferred mode and then click on ‘Next’.
  • Now the OTP or One Time Pass is sent to the registered mobile number as well as to the email address for verification of the contract details.
  • Then the SingPass password needs to be entered and the ‘next’ option has to be clicked.
  • This completes the registration.

Conclusion

2FA is a very important part of ensuring that SingPass is protected for all its users. The use of a second device to authorize the use of important government-related services means hackers cannot invade SingPass accounts very easily.

Because of this, 2FA is being implemented in different types of software all over the world. To install the 2FA system into your own software, you should consider hiring a website security expert who will be able to perform these actions on the back end.

BYOD and Identity Access Management

identity access management
With the rising trend of the “bring your own device” (BYOD) policies, personal devices have been integrated into the workplace. Due to the highly connected nature of the world we live in today, it is no surprise that businesses are striving to boost employee efficiency through BYOD policies, allowing employees to bring work on the go. However, in today’s fast-changing technology landscape, the adoption of personal devices pose significant risks to digital security. In a BYOD environment, there is a unique set of security concerns for IT teams to deal with. As a result, identity and access management services are essential for organisations to prevent any malicious attacks and adapt to the new threats posed by BYOD policies.

Fortunately, security systems are now moving towards contextual and adaptive user authentication. When evaluating authenticity, security systems take into account contextual information such as IP addresses or GPS locations, to verify users’ identities. It is also through context-aware authentication that security systems are able to detect any abnormal login attempts and prevent attacks of malicious intent. For example, a user trying to gain access to corporate resources from a registered home location will not raise suspicion. On the other hand, if the same device is being used to login from an overseas location that the user rarely travels to, an alert will be sent to the security administrator immediately. Organisations can, therefore, regulate the number of devices per employee by requiring employees to register their devices. In addition, they can track user activity on every personal device as well as protect company data through remote lock and selective wipe settings, in the event that an employee’s personal device is found lost or tampered with.

With the advent of BYOD policies, organisations are starting to build and incorporate mobile applications that are made available to employees. This allows them to work through their personal devices wherever they are. However, this creates complex security concerns especially if the employee’s mobile device falls into someone else’s hands. With context-based security measures, such instances of credential theft being used to get unauthorised access can be prevented and shut down. If the user tries to access a corporate resource that is not relevant to their job scope, their risk rating will be altered accordingly by adaptive authentication processes that are working in the background. By monitoring user behaviour for any signs of deviation, IT security teams can circumvent complex security threats.

With the proliferating numbers of enterprise and consumer applications, single sign-on (SSO) processes have become a must-have in mobile identity management solutions, to alleviate the administrative burdens and IT costs. They also relieve users of the need to remember password and username combinations, enhancing user convenience. With SSO, IT teams can implement access control frameworks that further tighten security.

Identity access management has evolved to tackle new challenges arising due to BYOD. Organisations have no choice but to augment existing systems that will take into consideration other factors such as personal devices, and achieve corporate efficiency without compromising security.

 

Stages of the Identity and Access Management Maturity

There is no shortage of businesses that have found it difficult to implement a successful identity and access management (IAM) system. Unvalidated promises, a lack of governance and simply poor communication can cause business owners to distrust IAM services.

This article will not attempt to present ways to ensure the success of implementing IAM systems. Instead, we will pick apart the different stages of the IAM maturity cycle and what should be expecting in terms of IAM at each point of its implementation. Understanding how the system develops and changes at each stage of its maturity is crucial to its long-term success.

Understanding the nature of IAM systems will give us a stronger foundation to assess the stages of its life cycle. IAM systems are not so many projects as they are a process, requiring constant evaluations and updates to function optimally. Implementing a successful IAM system demands every member of an organisation to augment their thought process when it comes to IAM. An IAM system is not simply a plug-and-use software, it is an evolving process with several identifiable stages.

During this initial period of its implementation, the IAM system is still in its early infancy and users may encounter many issues. Processes may not yet be finalised or standardised. The time taken to grant or remove access may take longer times than necessary, as most of the processes will still be manually completed. Users will follow proper procedure as and when they want, and the processes are still manually applied.

The second stage in its life cycle is enforcing the repeated use of a still immature IAM system. At this point in time, employees will be complying with proper IAM methods when accessing authentication and applications. However, these actions will still be labour intensive and highly dependent on the knowledge of each individual. These tasks will mostly be done by those who do repetitive tasks as they gain familiarity with the proper procedures. The majority of responsibility to adhere to proper procedure will lie heavily upon the individual.

The IAM system then reaches a higher maturity level in its implementation. Its processes and proper procedures will have attained higher, if not ubiquitous, levels use. Now, most processes would have achieved some form of standardisation, properly documented and articulated for all employees to adhere to. However, the practicalities of the IAM system will not have reached optimum levels as of yet and still be a labour intensive and manual procedure.

Once defined, the IAM system reaches a managed level of maturity. Close to being optimised, processes within the system are constantly monitored by management to identify potential opportunities for improvement. The procedures are also improved occasionally. Conforming to proper procedures are now measured and enforced; actions are taken if expectations are not met. Now, automation or IAM tools are still rarely used.

Finally, the IAM system reaches optimisation. Procedures are automated using supporting IT systems, allowing for maximum efficiency and quality. Automation allows users to execute and follow procedures consistently and easily. Naturally, procedural compliance is still measured and enforced.

To conclude, an IAM system requires time and patience to reach full maturity once implemented. It is not simply a case of installing a software and expecting complete optimisation instantly.

Activating Two Factor Authentication in MS Outlook

microsoft outlook email 2fa

The term, ‘Two-step verification’ is often also called ‘two-factor authentication’. Some refer it to as ‘2FA’ as well. Technically speaking, it is a highly advanced layer of security, which allows you to access accounts, such as Microsoft Accounts. This is purposefully done to make hacking more difficult and to ensure that users have better control over their accounts. This extra layer of security is also included in MS Outlook, as each and every Microsoft service essentially connects through one common account.

Even if a password is guessed correctly through hacking technology, it becomes virtually impossible to crack the account without any knowledge about the second layer of authentication. When we talk about the singapore outlook two factor authentication system, the same principle is followed.

Microsoft offers to its users 3 different ways of setting up the 2-step verification mechanism. Also, a secondary email address or phone number can be used as an authentication step. An authentication app can also be configured as another level of authentication. When that level is set up, users need to enter a security code, which will prove that the person logging in is the authorized person.

The process of setting up and activating the two step verification

Let us see how the Singapore Outlook Two Factor Authentication system is set up. This process is similar across different types of 2FA systems.

It is possible to set up and activate the two-step verification system using either an email address or a phone number. However, as per the Microsoft directives, it is better to configure the application to authenticate the account on a smart phone. The advantage of using this mobile application is that the process becomes easier and the security code is delivered to the user, in case the device is not connected to the network.

  • First, people need to open the link that is meant to access the security settings on the Microsoft Account and sign in to the MS Outlook account. Then the name and the account settings need to be clicked.
  • The next step involves clicking on the link that helps setting up the two step verification, followed by a click on ‘Next’.
  • In case of setting an account, which is connected to the mobile service, the option “App” from the drop down menu needs to be chosen.
  • Thereafter, the type of device needs to be selected.

In case the device is a Windows phone:

  • First the authentication app needs to be selected
  • Then it has to be launched and tapping the ‘+’ button will help you add a new account
  • The camera button should come into play thereafter and the barcode needs to be scanned for pairing the device.
  • Now it is time to type in the code that the phone generates at the last step.
  • A click on the ‘Next’ option will finish off the activating of the 2-step verification system.

For an Android phone:

If it is an Android mobile, the Singapore outlook two-factor authentication process involves the following steps:

  • Install the MS Account application and launch it.
  • Tap the setup now button
  • Enter the parameters of the account that needs to be associated and press on ‘Next’
  • Now tap ‘Finish’ to complete.

Conclusion

While installing 2FA for a user’s account may seem easy on their end, there is actually a lot of work that goes into the building of the system. This allows for such easy and intuitive end product. If you are a company that would like to implement 2FA into one of your products, you should then find a website security consultant who can best assist you in that venture.