Identity and access management at MEDIU using Federated Single Sign-On (FSSO) access control / Nurul Haizi Mohammed Azkhar

At the early days, the adoption of directory servers like LDAP, Active Directory and others, solve some problems of having multiple logins and there is a passwords for authentication but due to growing numbers of web applications like learning management systems (LMS), wikis, portals, blogs, and others, for more effective way of managing identity and access management, providing security and accessibility. Web Single Sign-On (SSO) resolves some of these issues of identity and access management, as the authentication is managed centrally. The SSO systems provide an effective way to manage authorization and authentication inside institutions, but are restricted to the administrative domain of each institution. Due to rapid growth of web application and technologies inside higher education institutions such as learning management system, research portals and library services, has led to the appearance of software islands, without the possibility of communication between these pieces of software. Such interactions typically require that each user have a digital identity and the most part, each service provider (SP) and Identity Provider (IdP) stores had to manage such identities, which are used to increase the service provider's profits, improve the user's experience, and defend against certain attacks. By Using SCRUM approach list of requirements existing authentication access control type for MEDIU will be obtained and identified. Prototype of Federated Single Sign-On (FSSO) will be designed and established for MEDIU. With the implementation of Federated Single Sign on (FSSO) as access control by adopting Scrum approach; it promises to elevate SSO to a new secure and comprehensive level of maturity and offers a variety of ways to manage user access so that institutions' policies are enforced. It was hoped that this research can give a better insight to higher education institution to establish closer, more trusted connections with enterprise system and reduce time and money spent on identity and access management in the future.