ã·ã³ã°ã«ãµã€ã³ãªã³ïŒSSOïŒã®å°å ¥ã¯é£ãããããã¡ãªããã«ãªãïŒ
Okta ã§ã¯ãèªèšŒãšã»ãã¥ãªãã£ã«é¢ããææ°ã®ã¢ã€ãã£ã¢ããã¹ããã©ã¯ãã£ã¹ã®å ±æãç©æ¥µçã«è¡ã£ãŠããããã®äžã«ã¯èªèšŒãã»ãã¥ãªãã£ã«é¢ãã誀解ãè§£ãäœæ¥ããããŸãããã®ããã°ã¯ãã·ã³ã°ã«ãµã€ã³ãªã³ïŒSSOïŒã«é¢ããè¯ãããåéãã誀解ãè§£ãã·ãªãŒãºã®ç¬¬ 4 匟ã§ããä»åã¯ãSSOïŒã·ã³ã°ã«ãµã€ã³ãªã³ïŒã«é¢ã㊠Okta ãææ¡ããŠãããã¹ãŠã®èª€è§£ïŒãã¡ãªããïŒãã玹ä»ããçŽãšããŠãããããšæããŸãã
SSO ã®å°å ¥ã«ã¯æéãåŽåããããããšããã®ãäžè¬çãªèãã§ããADFS ãªã©ã®åŸæ¥ã®ãœãªã¥ãŒã·ã§ã³ã§ã¯ãã®ãšãããããããŸããããææ°ã®ã¯ã©ãŠãããŒã¹ã® SSO ã®å Žåããã®ãããªããšã¯ãããŸããã
çŸåšãç«ææ¥ã®åå 11 æ 15 åã§ããLaura ã¯ã11 æ 30 åã«éèŠãªãã¬ãŒã³ããŒã·ã§ã³ãäºå®ããŠããŸããããããBox ã¢ã«ãŠã³ãã«ãµã€ã³ã€ã³ã§ãããéèŠãªãã¡ã€ã«ã«ã¢ã¯ã»ã¹ã§ããŸããããŠãŒã¶ãŒåãšãã¹ã¯ãŒããå¿ããŠããŸã£ãã®ã§ããGmail ã¢ã«ãŠã³ãã«ã¯åé¡ãªãã¢ã¯ã»ã¹ã§ããŸãããäœåºŠããã¹ã¯ãŒããééããªãããããªããšã Salesforce ã«ããã°ã€ã³ã§ããŸãããããããBox ã§ã¯ã©ãããŠããã¹ã¯ãŒããæãåºãããããã»ã© IT ãµããŒãããŒã ã«åãåãããŸãããããŠã圌女ã¯äŒè°ãŸã§ã«ç¡äºã«ãã¬ãŒã³ããŒã·ã§ã³ã®è³æãæã«ããããšãã§ããã®ã§ããããã
æ®å¿µãªããããã® Laura ã®ãšããœãŒãã¯çãã話ã§ã¯ãããŸããã瀟å¡ã䜿çšããã¢ããªã±ãŒã·ã§ã³ã®æ°ãå¢ããã«ã€ãããã¹ãŠã®è³æ Œæ å ±ã管çãã瀟å¡ã®äžæºãåã£ãŠãããŸããIT ããŒã ã¯ãSSO ã䜿çšããã°ãããããã°ã€ã³ã«é¢ããåé¡ãåé¿ã§ãããšèããŠããŸãããåæã«ãSSOïŒã·ã³ã°ã«ãµã€ã³ãªã³ïŒã®å°å ¥ãå°é£ã§ããããã«å€ãã®æéãåŽåãå¿ èŠã«ãªããšãããã¡ãªãããæžå¿µããŠããŸãã
åŸæ¥ã® SSO ãå°å ¥ããé£ãããšã¯ïŒ
ADFS ã®ãããªåŸæ¥ã® SSO ãœãªã¥ãŒã·ã§ã³ã®å°å ¥ã«ã¯è€éãã䌎ããŸãããã®é£ããã®åå ã®å€ãã¯ãããŸããŸãªæ¢åã³ã³ããŒãã³ããææ°ã®ã¢ããªã±ãŒã·ã§ã³ã«çµ±åããªããã°ãªãããèšå®ã®å€æŽãå¿ èŠãªãç¹ã«ãããŸããOkta ã®ããã客æ§ã¯ã以åã«1 ã€ã®ææ°ã¢ããªã±ãŒã·ã§ã³ãåŸæ¥ã® SSO 補åã«çµ±åããã ãã§ã1 é±éã« 5,000 ãã«ä»¥äžãè²»ãããããã§ããOkta ã®ç€Ÿå ããŒã¿ã«ãããšãçµç¹ã§ã¯å¹³å 60 åã®ã¢ããªã±ãŒã·ã§ã³ã䜿çšãããŠããŸãããã®ãããªåé¡ãéãªããšãåŸæ¥ã® SSO ã®å°å ¥ã«ãããè²»çšã¯ããã«é«é¡ã«ãªã£ãŠããŸããŸãã
åŸæ¥ã® SSO 補åã®å°å ¥ã«äŒŽããã 1 ã€ã®èª²é¡ã¯ãæ°ãããŠãŒã¶ãŒã¹ãã¢ãžã®ããŒã¿ã®åå ¥åã§ããããã¯å®¹æãªäœæ¥ã§ã¯ãããŸããããããŠãã®å Žåããããã¡ã€ã«ã¯ãã§ã« Microsoft Active DirectoryïŒADïŒãªã©ã®ãŠãŒã¶ãŒãã£ã¬ã¯ããªã«ååšããŠããŸããä¿¡é Œé¢ä¿ãæ§ç¯ãããŠããªã AD ãã©ã¬ã¹ããè€æ°ããç°å¢ãããæ°ãã« ADFS ãªã©ã® SSO ãœãªã¥ãŒã·ã§ã³ã«ç§»è¡ããå ŽåãIT ããŒã ã¯æåã§ä¿¡é Œé¢ä¿ãæ§ç¯ãçŽãå¿ èŠããããŸãã
å€ãã®å ŽåãSSO ãœãªã¥ãŒã·ã§ã³ãå°å ¥ãããšãæ°ããããŒããŠã§ã¢ãå°å ¥ããããšã«ãªããŸããADFS ã§ã¯ãAD ãã©ã¬ã¹ãããšã«ãå°ãªããšã 6 å°ã®ãµãŒããŒãš 1 å°ã®ããŒããã©ã³ãµãŒãå¿ èŠã§ããããã«ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®å€æŽãæ€èšããå¿ èŠããããŸããã€ãŸããIT ããŒã ã¯å€ãã®æéãšåŽåãè²»ãããŠããã¡ã€ã¢ãŠã©ãŒã«ãæ£ããèšå®ãããŠããããšã確èªããããšã«ãªããŸããããšãã°åŸæ¥ã® SSO ãœãªã¥ãŒã·ã§ã³ã§ã¯ãã¯ã©ãŠãã¢ããªã±ãŒã·ã§ã³ãšéä¿¡ããããã«ããã¡ã€ã¢ãŠã©ãŒã«ã§ç¹å®ã®éä¿¡ãèš±å¯ããå¿ èŠãçããå ŽåããããŸãããã®ãããªèšå®å€æŽã«ãããIT ããŒã ã®äœæ¥ãããã«å¢ãããªã¹ã¯ãé«ãŸããŸãã
åŸæ¥ã® SSO ãœãªã¥ãŒã·ã§ã³ã䜿çšããŠãŠãŒã¶ãŒãã¢ããªã±ãŒã·ã§ã³ã«ã¢ã¯ã»ã¹ã§ããããã«ããããšã¯å°é£ã§ãããŠãŒã¶ãŒã¹ãã¢ã®æŽæ°ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®å€æŽãããŒããŠã§ã¢ã®è¿œå ãå¿ èŠã«ãªãããã§ãã
以äžãèæ ®ãããšãIT ããŒã ã SSO ã®å°å ¥ãé£ãããšèããããšã¯çè§£ã§ããŸãããããããã®ã¢ãã«ã¯é²åããä»ã§ã¯ããæå¹ãªä»£æ¿ãœãªã¥ãŒã·ã§ã³ãååšããŸããã¯ã©ãŠãããŒã¹ã® SSO ãœãªã¥ãŒã·ã§ã³ã䜿çšããã°ãåŸæ¥ã® SSO ã®å°å ¥ã§çãããããªåé¡ã«çŽé¢ããããšãªããSSO ã®ã¡ãªãããåŸãããšãã§ããŸãã
ã¯ã©ãŠãããŒã¹ã® SSO ã®å°å ¥ãç°¡åã§ããçç±
1. ããããã¢ããªã±ãŒã·ã§ã³ã«äºåæ§ç¯æžã¿ã®ã³ãã¯ã¿
ææ°ã® SSO ã«ã¯ããã䜿ãããã¢ããªã±ãŒã·ã§ã³ã§äœ¿çšã§ããäºåæ§ç¯æžã¿ã®ã³ãã¯ã¿ãå®è£ ãããŠããŸãããã®ãããIT ããŒã ã¯äžããã¢ããªã±ãŒã·ã§ã³ã®çµ±åæ©èœãéçºããå¿ èŠã¯ãããŸãããããšãã°ãOkta Integration Network ã«ã¯ãäžè¬çãªã¯ã©ãŠãããŒã¹ããã³ãªã³ãã¬ãã¹ã®ãã¯ãããžãŒã«å¯Ÿå¿ãã 6,000 ãè¶ ããçµ±åæ©èœãçšæãããŠããŸãããã®æ©èœãå©çšããã°ããŠãŒã¶ãŒã®æ¥ç¶ãã¢ã«ãŠã³ãã®ããããžã§ãã³ã°ãšç®¡çãã·ã¹ãã ããã³ã¢ããªã±ãŒã·ã§ã³éã®ããŒã¿ã®åæãè¿ éã«è¡ããŸããçµ±åæ©èœãæäŸãããŠããªãå Žåãã¢ããªã±ãŒã·ã§ã³ãšåŸæ¥ã® SSO ãœãªã¥ãŒã·ã§ã³éã®æ¥ç¶ã確ç«ããŠç¶æããã®ã«ãäœã«æãããã£ãŠããŸããã¡ãªããããããŸããçµ±åæ©èœããããããçšæãããŠããã°ãã¹ããŒããšå¹çãå€§å¹ ã«åäžãããããšãã§ããŸãã
2. æ¢åã®ãã£ã¬ã¯ããªãšã®äºææ§
ææ°ã® SSO ã䜿çšãããšãæ¢åã®ãã£ã¬ã¯ããªã«ç°¡åã«æ¥ç¶ã§ããŸããæ¢åã® AD ãŸã㯠LDAP ãã£ã¬ã¯ããªã«ãŠãŒã¶ãŒãååšããŠããã¢ã«ãŠã³ãã屿§ãã°ã«ãŒããèªåçã«ã€ã³ããŒãããããããæ°ãããŠãŒã¶ãŒã¹ãã¢ã«æåã§ããŒã¿ãåå ¥åããå¿ èŠã¯ãããŸãããããšãã° Okta ã§ã¯ãAD èªèšŒã®å§ä»»ãããããžã§ãã³ã°ãšããããžã§ãã³ã°è§£é€ããã£ã¬ã¯ããªã®åæãAD ãã¹ã¯ãŒãã®ç®¡çãè¡ããŸãããŸããActive Directory ãš Okta ã®éã®å€æŽã¯ãã¹ãŠåæãããŸãã
3. ããŒããŠã§ã¢ããã¡ã€ã¢ãŠã©ãŒã«ã®å€æŽã¯äžèŠ
ã¯ã©ãŠãããŒã¹ã® SSO ã§ã¯ãããŒããŠã§ã¢ã®èª¿éãèšçœ®ãèšå®ããµããŒããèªç€Ÿã§è¡ãå¿ èŠã¯ãããŸãããåªãã SSO 補åã§ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®å€æŽãäžèŠã§ããOkta SSO ã䜿çšããã°ãä¿¡é Œé¢ä¿ãæ§ç¯ãããŠããªããã®ãå«ããè€æ°ã® AD ãã¡ã€ã³ããã©ã¬ã¹ãã«æ¥ç¶ã§ãã軜éã®ãšãŒãžã§ã³ãã䜿ã£ãŠãAD ãžã®æ¥ç¶ã管çã§ããŸãããµãŒããŒã®è¿œå ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®å€æŽãå¿ èŠãããŸããããã®ãšãŒãžã§ã³ãã¯ãã€ã³ã¿ãŒãããåãã®æšæºã®ã¢ãŠãããŠã³ãããŒãïŒããŒã 443 ãªã©ïŒã䜿çšã㊠Okta ãšéä¿¡ããŸãã
ææ°ã®ã¯ã©ãŠãããŒã¹ã® SSO ãœãªã¥ãŒã·ã§ã³ã¯å°å ¥ãç°¡åã§ããã ãã§ã¯ãªããã³ã¹ãå¹çãéåžžã«åªããŠããŸããOkta ã®ç·ææã³ã¹ã㯠ADFS ã OracleãIBMãCAãPing ãªã©ã®ãœãªã¥ãŒã·ã§ã³ã®ååã«ãªãããšããããŸãã
4. ãªã³ãã¬ãã¹ã® Web ã¢ããªã±ãŒã·ã§ã³ã«å¯Ÿå¿ã§ãã
SSO ã«é¢ãããã 1 ã€ã®èª€è§£ã«ãã¯ã©ãŠãããŒã¹ã® SSO ã§ã¯ãWebLogicãE-Business SuiteãPeopleSoft ãšãã£ããããããŒããŒã¹èªèšŒãKerberosãIWA ãªã©ã®ç¬èªãããã³ã«ã䜿ããªã³ãã¬ãã¹ã® Web ã¢ããªã±ãŒã·ã§ã³ããµããŒãã§ããªããšãããã®ããããŸãã以åã¯ãã®ç¹ã«å¶çŽããããŸãããã仿¥ã®ã¯ã©ãŠãããŒã¹ã® SSO ã«ã¯ããªã³ãã¬ãã¹ã® Web ã¢ããªã±ãŒã·ã§ã³ãä¿è·ããæ©èœãåãã£ãŠããŸããããããåŸæ¥ã® SSO ã®å°å ¥ã§çããŠãããã¡ãªããã«çŽé¢ããããšããããŸãããããããå€åã«ãããã¢ããªã¹ãã¯åŸæ¥ã® SSO ã§ã¯ãªããIDaaSïŒIdentity as a ServiceïŒãšãåŒã°ããã¯ã©ãŠãããŒã¹ã® SSO ã®äœ¿çšãæšå¥šããŠããŸããã2022 幎ãŸã§ã«ãå šäžçã§å°å ¥ãããã¢ã¯ã»ã¹ç®¡çé ä¿¡ã¢ãã«ã® 80% 以äžã IDaaS ã«ãªãã§ãããã â Gartner 瀟ã«ããã¢ã¯ã»ã¹ç®¡çã®ããžãã¯ã»ã¯ã¢ãã©ã³ãïŒ2018 幎ïŒ
ãææ°ã® SSO ã®å°å ¥ã¯é£ãããªããã¯æ¬åœ
ææ°ã®ã¯ã©ãŠãããŒã¹ã®ã·ã³ã°ã«ãµã€ã³ãªã³ã®å°å ¥ã¯ãé£ããããªããã°ãã¡ãªããã«ãªãããšããããŸãããäºåæ§ç¯æžã¿ã®çµ±åæ©èœãšãŠãŒã¶ãŒãã£ã¬ã¯ããªã®èªåã³ãã¯ã¿ã䜿çšããã°ãããŒããŠã§ã¢ã远å ãããã¡ã³ããã³ã¹ãããããããšãªããç°¡åã«æ°ãããŠãŒã¶ãŒããªã³ããŒãã£ã³ã°ããæ°ããã¢ããªã±ãŒã·ã§ã³ã䜿çšã§ããŸãããŸãããã® SSO ãµãŒãã¹ã¯æ¡åŒµæ§ã«åªããå¯çšæ§ãé«ããã³ã¹ããæå°éã«æããããŸãããããŠãäœãããéèŠãªã®ããã»ãã¥ãªãã£å¯Ÿçããšãã¹ããŒãã«ã¢ãŠããœãŒã·ã³ã°ãããéåžžã«å°éçãªå¯Ÿå¿ãåããããããããŠãŒã¶ãŒã«æãã·ã³ãã«ãã€å®å šãªã¢ã¯ã»ã¹ãæäŸã§ããããšã§ãã
SSO ã®è©³çްã«ã€ããŠ
ãã²ããŠã§ãããŒãThings You Donât Know About Single Sign-OnïŒã·ã³ã°ã«ãµã€ã³ãªã³ã«ã€ããŠãŸã ç¥ããªãããšïŒãããèŠèŽãã ããããŸããOkta ã® SSO ããŒãžã§ã¯ãã誀解ãè§£ããã·ãªãŒãºã®ä»¥äžã®èšäºããã¹ãŠã芧ããã ããŸãã
Fact or Fiction: SSO is the Same as a Password ManagerïŒãSSO ã¯ãã¹ã¯ãŒããããŒãžã£ãŒãšåçã®åœ¹å²ãæãããã¯æ¬åœãïŒ
Fact or Fiction: SSO Creates a Single Point of Failure So Less SecureïŒãSSO ã¯åäžé害ç¹ãäœãåºãã®ã§å®å
šæ§ãäœããã¯æ¬åœãïŒ
Fact or Fiction: SSO slows down ITïŒãSSO 㯠IT ããŒã ã®æ¥åãåæ»ããããã¯æ¬åœãïŒ