1
00:00:00,300 --> 00:00:04,450
Now we're done with user account management and password management.

2
00:00:04,860 --> 00:00:10,650
Now let us move on to a different authentication way, which is single Sinon, as you can see on the

3
00:00:10,650 --> 00:00:16,710
screen, this image through one or login exchange or one authentication, you can access many different

4
00:00:16,710 --> 00:00:19,080
Third-Party websites and software.

5
00:00:19,800 --> 00:00:27,480
So what exactly is a single sign on, single sign on and authentication method that enables users to

6
00:00:27,480 --> 00:00:34,330
securely authenticate with multiple applications and websites by using just one set of wrenches?

7
00:00:34,660 --> 00:00:37,040
Well, do you click that?

8
00:00:37,050 --> 00:00:40,220
Does it click a name in your mind or your dad?

9
00:00:40,220 --> 00:00:41,230
Damn Google.

10
00:00:41,580 --> 00:00:43,590
Yes, Google is an example.

11
00:00:43,920 --> 00:00:46,920
Signing with Google is an example of single sign on.

12
00:00:47,790 --> 00:00:49,060
How does this all work?

13
00:00:49,560 --> 00:00:56,280
So basically, as this all works on a web based upon a trust relationship set up between an application

14
00:00:56,580 --> 00:01:01,290
known as the service provider and an identity provider like one login.

15
00:01:01,800 --> 00:01:08,460
Now this trust relationship is often based upon a certificate that is exchanged between the identity

16
00:01:08,460 --> 00:01:10,200
provider and the service provider.

17
00:01:10,860 --> 00:01:17,400
This certificate that is being sent from the identity provider to the service provider so that the service

18
00:01:17,400 --> 00:01:20,220
provider knows it is coming from a trusted source.

19
00:01:21,060 --> 00:01:28,350
And as all at a single sign on this identity data takes the form of tokens which contain identifying

20
00:01:28,350 --> 00:01:34,140
bits of information about the user, like a user's e-mail address or a user name.

21
00:01:35,490 --> 00:01:36,150
So what?

22
00:01:36,480 --> 00:01:39,660
Here it is, you can see just doesn't happen.

23
00:01:39,660 --> 00:01:45,600
So here is a user and he's browsing to domain one as well as the domain to now.

24
00:01:45,600 --> 00:01:50,910
He is required to sign in domain one as well as in signing domain two.

25
00:01:51,300 --> 00:01:58,560
So when he is required to sign in to domain or to here, the domain two redirects it to authentication.

26
00:01:58,560 --> 00:02:04,790
So and we can see a button sometimes on the Web site saying let's login with Google.

27
00:02:05,160 --> 00:02:10,260
So when they click that log in with Google, it sends us to the authentication server, which is the

28
00:02:10,260 --> 00:02:13,710
Google's Gmail or any signing server.

29
00:02:13,740 --> 00:02:20,850
And when we sign in, it provides a token to the browser and it gets stored in the cookie.

30
00:02:21,090 --> 00:02:25,390
And then finally we can get redirected to do mean to account.

31
00:02:25,770 --> 00:02:31,970
This is using a central authentication to just forgive me for the shapes and drawings.

32
00:02:31,980 --> 00:02:38,820
I'm not that good at drawing shapes, but yes, I hope you understand my what I'm trying to exactly

33
00:02:38,820 --> 00:02:41,230
tell you about single Sinon.

34
00:02:42,660 --> 00:02:47,880
So what is and single sign on Tolkan that let us move on to the next image.

35
00:02:48,810 --> 00:02:56,280
And as this token is a collection of data or information that is passed from one system to another during

36
00:02:56,280 --> 00:03:03,900
the SSL process, the data can simply be a user's email address and information about which system is

37
00:03:03,900 --> 00:03:11,190
sending the token tokens to must be digitally signed for the token receiver to verify that token is

38
00:03:11,190 --> 00:03:12,730
coming from a trusted source.

39
00:03:13,350 --> 00:03:20,370
The certificate that is used for this digital signature is exchanged during the initial configuration

40
00:03:20,370 --> 00:03:21,210
process.

41
00:03:22,850 --> 00:03:29,030
So let us have a look at this example first, watchit, user browses to this website, Domain one.

42
00:03:30,480 --> 00:03:32,790
Well done, I've done good oval.

43
00:03:33,840 --> 00:03:39,890
So now this domain one, one user tries to access or log into his account in domain one, what is what

44
00:03:39,890 --> 00:03:41,340
does this domain one does?

45
00:03:41,340 --> 00:03:46,710
It redirects this to the authentication server that we just saw in the last image.

46
00:03:47,190 --> 00:03:50,010
Now, what does this authentication server does?

47
00:03:50,010 --> 00:03:56,670
Is it either user logs in or the cookie is available, as I said, in the browser itself.

48
00:03:57,210 --> 00:04:02,430
Now, once this authentication server verifies that, OK, this user is legitimate.

49
00:04:03,410 --> 00:04:09,410
It stores the cookie in the browser cookie storage, it stole the cookie in the browser cookie storage

50
00:04:09,950 --> 00:04:18,230
and then did this domain sends a token to this browser storage and checks whether this is a legitimate

51
00:04:18,230 --> 00:04:19,110
user or not.

52
00:04:19,460 --> 00:04:23,880
And after that, it uses the token to authenticate the user.

53
00:04:24,260 --> 00:04:32,420
And finally, user gets logged in and it stores the domain one cookie in the browser, cookie storage.

54
00:04:33,950 --> 00:04:43,910
Now, let's say user browsers to domain to that domain do after it redirects the domain to two to conclude

55
00:04:43,910 --> 00:04:46,600
authentication server and then it happens.

56
00:04:46,610 --> 00:04:47,400
Same process.

57
00:04:47,420 --> 00:04:48,910
It happens every along with.

58
00:04:48,920 --> 00:04:52,680
So the first step here is it user browsers to the domain.

59
00:04:53,180 --> 00:05:01,160
Now this domain tries to access user logging in which redirects the user to authentication server authentication

60
00:05:01,160 --> 00:05:05,340
server checks that OK, this case trying to login.

61
00:05:05,360 --> 00:05:06,250
No problem.

62
00:05:06,260 --> 00:05:09,530
Let's give the cookies to the browser storage.

63
00:05:09,890 --> 00:05:17,000
And I got this authentication web server verifies that, OK, this is vesicular and I have discussed

64
00:05:17,000 --> 00:05:17,630
credentials.

65
00:05:18,110 --> 00:05:24,920
And this authentication server then tells this domain that, OK, just trust me, I know this is a vesicular,

66
00:05:24,920 --> 00:05:27,290
too, so please allow him to log into your website.

67
00:05:27,590 --> 00:05:30,710
And Domain says, OK, no problem, there's no issue.

68
00:05:31,250 --> 00:05:38,250
And the Domain then uses the token to authenticate and finally the user gets logged in Web site.

69
00:05:38,690 --> 00:05:40,710
This is how single Sinon works.

70
00:05:40,730 --> 00:05:45,510
Now, the major benefit of single Sinon is you don't have to make multiple passwords.

71
00:05:46,070 --> 00:05:49,970
That is why Google being the authoritative server in this case.

72
00:05:49,970 --> 00:05:54,560
And so that is relied upon by most of the websites and apps.

73
00:05:54,560 --> 00:06:01,030
You will find the option to log in using Google, if you know what I mean.

74
00:06:01,730 --> 00:06:09,230
Go to any website, go to any well-known Shutterstock or Freeburg or any other website, you will have

75
00:06:09,230 --> 00:06:11,570
an option to typically sign in with Google.

76
00:06:11,990 --> 00:06:14,710
That is an example of single sign on.

77
00:06:15,050 --> 00:06:21,230
Also, when you are signing to Gmail in one account and if you want to access Google on different account,

78
00:06:21,560 --> 00:06:28,340
again, the singles and on feature is used when you want to access it because you are trying to access

79
00:06:28,340 --> 00:06:30,230
it through two different accounts.

80
00:06:31,430 --> 00:06:35,660
This is the basic idea that goes behind a single signing procedure.

81
00:06:36,170 --> 00:06:41,090
Now, if you ask me, is this security is single sign on really secure?

82
00:06:41,630 --> 00:06:44,520
Now, the answer to this question is it depends.

83
00:06:45,170 --> 00:06:48,530
There are many reasons why this can improve security.

84
00:06:48,870 --> 00:06:55,970
A single Sinon solution can simplify username and password management for both the users and the administrators.

85
00:06:56,420 --> 00:07:02,810
Users no longer have to keep track of different sets of principles and can simply remember a single,

86
00:07:02,810 --> 00:07:10,550
more complex password as they so can also cut down the amount of time the helpdesk has to spend on assisting

87
00:07:10,550 --> 00:07:12,230
users with last passwords.

88
00:07:12,710 --> 00:07:19,310
Administrators can centrally control requirements like password complexity, and that is the multifactor

89
00:07:19,310 --> 00:07:20,230
authentication.

90
00:07:21,110 --> 00:07:26,510
But since every coin has two sides, single Sinon does have some drawbacks.

91
00:07:27,110 --> 00:07:32,420
For example, you might have applications that you want to have locked down a bit more.

92
00:07:32,900 --> 00:07:39,830
For this reason, it would be important to choose that as a solution that gives you the ability to require

93
00:07:39,830 --> 00:07:46,610
an additional authentication factor before the user logs into a particular application, or that prevents

94
00:07:46,610 --> 00:07:52,100
users from accessing certain applications unless they are connected to a secure network.

95
00:07:53,630 --> 00:08:00,170
Uh, so with this we are done with a Sisso and SSL is very important.

96
00:08:00,530 --> 00:08:03,260
And you should understand, is this an e-mail?

97
00:08:04,100 --> 00:08:09,680
But for this lecture, for the example point of view or from your interview preparation, just make

98
00:08:09,680 --> 00:08:11,190
sure that you remember what it is.

99
00:08:11,240 --> 00:08:15,530
So no one is going to ask you this procedure that we just saw on the screen.

100
00:08:15,530 --> 00:08:22,270
You just have to tell what SSL is and what are the drawbacks and what are the advantages and how this

101
00:08:22,370 --> 00:08:24,030
is implemented in your terms.

102
00:08:24,410 --> 00:08:29,870
Again, guys, I'm warning you, if you are doing this just for the sake of certification, please don't

103
00:08:29,870 --> 00:08:30,230
do it.

104
00:08:30,650 --> 00:08:35,360
Knowledge is very important when it comes to having a career in cybersecurity.

105
00:08:35,930 --> 00:08:43,700
Even back in my period, even when I was doing cybersecurity, my trainer always told me to first understand

106
00:08:43,700 --> 00:08:46,870
the concepts rather than just learning them.

107
00:08:46,880 --> 00:08:49,480
So make sure you understand Single-Site.

108
00:08:49,730 --> 00:08:53,900
Unless and until you understand single Zanón, you don't have to memorize it.

109
00:08:54,140 --> 00:08:54,920
All the best.

110
00:08:54,920 --> 00:08:56,800
And I will see you in the next lecture.