Single Signon for Azure ID and Office 365?

Matt_Katzer · February 20, 2019, 7:35pm

Anyone know where Single Sign in for Office 365 Azure AD and SSO stand in the IFS Queue? it is getting nearly impossible to keep the security in place with IFS without some new cybersecurity controls.

Why…
We need to deploy MFA and integrate the necessary audit controls to meet the new Calif Consumer Protection Act (CCPA). basically data breaches are assume to be true and it is up the business to prove that the breach did not happen. Under the new rules, if we consume data form a Calif entity (list purhcase etc), there is no longer a min company size for entities that buy stuff form a CA company.

We now must prove the breach did not happen, and tis is extremely difficult (almost impossible) with IFS.

martinc · February 20, 2019, 7:39pm

Moving this to API. @Matt_Katzer, are you providing a solution to your customers that require auth to your azure/microsoft account? Could you explain your ecosystem a bit more?

TomScott · February 20, 2019, 9:00pm

Single sign-on is not a compliance requirement of the CCPA as far as I’m aware, and the GDPR measure we have implemented to blacklist contact entries should satisfy any requirement to prevent the recollection of redacted contact data.

For integrators: https://developer.infusionsoft.com/docs/rest/#!/Contact/deleteContactUsingDELETE
If a request header named GDPR-Redact is included, the contact will instead be redacted according to GDPR guidlines. Redacting a contact will remove all personally identifiable information and cannot be undone.

https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Matt_Katzer · April 25, 2019, 7:18pm

What this is a full audit tracking adn management. We deploy users in Office365/Azure identity management. If the user leaves the company, we disable their account. All of the other services that we have integrated into office 365 through Single Sign On (SSO) are automatically disabled. In IFS case we have to manually disable the account.

From an audit management, we have 100% control over our employee access to third party services. We had one guy that joined us form another company, and it took the old company 6 months to terminate there IFS account (took them that long before the IT staff realize that the user had left)

Under the new data breach laws, this is a data breach if the terminated user access the account and pulled information from it. under CCPA it is up to us to prove that a data breach did not occur. under CCPA, damages are assumed to happen. The organization has to prove that the did not happen. This is even more complicated since IFS does not support modern authentication (like MS or Google authenticator)

In our business if we are directed to terminate an employee, I want to make sure that the users are terminated with all service that we work with. Like wise if we run ngen security services on user accounts and process access for breaches, I need to have an audit trail and ability to manage account access based on security threat levels. This is reality today.

To product our business adn to remove personal liability form our founders, we need SSO integration for account management and adulting.

Matt_Katzer · August 22, 2019, 10:28pm

Does anyone know when IFS will support SAML? The password model IFS I using is subject to brute force attacks. All the other players with significant users on either g-suite or Office 365 support a full SAML integration for single sign on.

John_Borelli · August 23, 2019, 2:41pm

We can certainly ask the devs about it but there hasn’t been any talk about that happening.