All posts

Why This Matters Now The integration of AI into various aspects of software development and operations has led to a surge in the number of identities managed by Identity and Access Management (IAM) systems. From chatbots to machine learning models, AI is generating and managing identities at an unprecedented rate. This trend is particularly critical as it introduces new complexities and security risks that traditional IAM systems are not fully equipped to handle. ...

PingFederate SAML configuration involves setting up Security Assertion Markup Language (SAML) for secure enterprise federation, enabling single sign-on (SSO) between identity providers (IdPs) and service providers (SPs). This guide will walk you through the process, including common pitfalls and best practices. What is SAML? SAML is an XML-based standard for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider. It allows users to log into multiple applications with a single set of credentials. ...

Why This Matters Now The past week brought two significant security alerts that highlight the ongoing battle against cyber threats. Microsoft addressed an exploited zero-day vulnerability in Office, while Fortinet patched a critical flaw in FortiCloud Single Sign-On (SSO). These vulnerabilities underscore the importance of staying vigilant and proactive in securing your infrastructure. 🚨 Security Alert: Microsoft and Fortinet have released critical patches. Ensure your systems are up to date to prevent exploitation. MillionsPotential Victims 24hrsTime to Patch Timeline of Events December 10, 2024 Microsoft discovers a zero-day vulnerability in Office. ...

Why This Matters Now Launching a B2B application with robust identity and access management (IAM) is crucial, but deciding on the right billing plan can be overwhelming. With Auth0, you face a critical decision: monthly or annual billing? This choice isn’t just about cost; it directly impacts your development process, financial planning, and overall business strategy. As of January 2024, many startups and established businesses are grappling with this decision, especially after the recent surge in cloud-based services and the need for flexible pricing models. ...

ForgeRock Infrastructure as Code allows you to manage and provision ForgeRock Identity Management resources using declarative configuration files. This approach brings the benefits of Infrastructure as Code (IaC) to identity management, enabling consistent deployments, easier maintenance, and improved security. What is ForgeRock Infrastructure as Code? ForgeRock Infrastructure as Code leverages the Terraform provider to automate the deployment and management of ForgeRock Identity Management components. By defining your identity management setup in Terraform configuration files, you can ensure consistency across environments and simplify the process of making changes. ...

Why This Matters Now: In December 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding a critical authentication bypass flaw in FortiCloud Single Sign-On (SSO). This vulnerability has already been exploited by hackers, putting organizations relying on FortiCloud SSO at significant risk. If you haven’t already addressed this issue, your systems could be compromised. 🚨 Security Alert: FortiCloud SSO authentication bypass flaw actively exploited by hackers. Apply patches and harden configurations immediately. 100+Active Attacks 24hrsTime to Patch Understanding the Vulnerability The vulnerability lies in the way FortiCloud SSO handles authentication requests. Attackers can exploit this flaw to bypass the authentication process, gaining unauthorized access to systems and networks protected by FortiCloud SSO. This is particularly concerning for organizations that rely on SSO for secure access management. ...

Why This Matters Now Why This Matters Now: The recent exploitation of CVE-2026-24858 in FortiOS SSO has compromised several high-profile organizations. This zero-day vulnerability allows attackers to bypass authentication mechanisms, leading to unauthorized access to internal systems and sensitive data. If you’re running FortiOS, this is urgent. 🚨 Breaking: CVE-2026-24858 exploited in the wild, affecting FortiOS SSO. Patch immediately to prevent unauthorized access. 100+Organizations Affected 24hrsTime to Patch Timeline of Events Dec 10, 2024 Vulnerability first reported to Fortinet. ...

Custom authentication flows in Keycloak allow you to define unique login processes tailored to specific application needs. Whether you need multi-factor authentication, social logins, or custom policies, Keycloak provides the flexibility to create these journeys with ease. In this post, we’ll walk through building custom authentication flows, common pitfalls, and best practices to ensure your login processes are both secure and efficient. What is Keycloak Custom Authentication Flows? Custom authentication flows in Keycloak let you define unique login processes tailored to specific application needs. Instead of relying on the default flows, you can create flows that include additional steps, such as OTP verification, social logins, or custom policies. ...

Why This Matters Now: The recent detection of active exploitation of CVE-2026-24858 in FortiOS highlights the urgency of addressing this vulnerability. Attackers are actively targeting SSO implementations, putting organizations’ security at risk. Ensuring your FortiOS system is up-to-date and properly configured is crucial to prevent unauthorized access. 🚨 Breaking: Active exploitation of CVE-2026-24858 detected. Update your FortiOS systems immediately to prevent unauthorized access. Active ExploitationThreat Status 24hrsTime to Patch Understanding CVE-2026-24858 CVE-2026-24858 is a critical vulnerability in FortiOS, a popular firewall and security management software. This vulnerability specifically targets the Single Sign-On (SSO) functionalities within FortiOS, allowing attackers to gain unauthorized access to network resources. The vulnerability arises from improper validation of SSO requests, enabling malicious actors to craft specially crafted requests that bypass authentication mechanisms. ...

Why This Matters Now With the rapid expansion of cloud infrastructure and the increasing demand for IP addresses, the transition to IPv6 has become more urgent than ever. AWS recently announced the addition of IPv6 support to IAM Identity Center through dual-stack endpoints. This enhancement ensures that your identity management solutions are future-proof and secure, leveraging the benefits of IPv6 while maintaining compatibility with IPv4. 🚨 Breaking: AWS IAM Identity Center now supports IPv6, ensuring your identity management is ready for the future. 4.3 billionEstimated IPv4 Addresses 340 trillionIPv6 Addresses Understanding IPv6 and Dual-Stack Endpoints What is IPv6? IPv6 (Internet Protocol version 6) is the latest version of the Internet Protocol, designed to replace IPv4. It provides a vastly larger address space, improved security features, and enhanced mobility support. With IPv4 running out of addresses, IPv6 is essential for future-proofing your network infrastructure. ...

PingOne AIC Journey Editor is a powerful tool for designing and building modern authentication workflows using artificial intelligence capabilities. It allows you to visually define user journeys, configure policies, and integrate with various identity providers and authentication methods. Whether you’re a seasoned IAM engineer or just starting out, this editor simplifies the process of creating secure and efficient authentication experiences. What is PingOne AIC Journey Editor? PingOne AIC Journey Editor is a visual design tool within the PingOne platform that leverages AI to help you create sophisticated authentication workflows. It provides a drag-and-drop interface for defining user journeys, configuring policies, and integrating with different identity providers and authentication methods. This makes it easier to implement complex authentication processes without needing deep technical expertise. ...

Why This Matters Now The rise of agentic AI has brought unprecedented automation and efficiency to our cloud environments. However, this autonomy introduces new security challenges that demand a reevaluation of traditional least privilege principles. Recent incidents, such as the OpenAI data leak in 2023, highlight the critical need for robust IAM practices tailored to AI-driven systems. 🚨 Breaking: OpenAI data leak exposes vulnerabilities in AI system management. Implementing least privilege for agentic AI is more crucial than ever. 1M+Data Records Exposed 24hrsTime to Respond Understanding Agentic AI Agentic AI systems are designed to operate with minimal human oversight, making decisions and executing tasks independently. Examples include autonomous chatbots, self-driving vehicles, and automated trading algorithms. These systems often interact with sensitive data and critical infrastructure, necessitating stringent security measures. ...

PingFederate OAuth 2.0 Authorization Server is a component that issues access tokens to clients after authenticating them and authorizing their requests for protected resources. This setup is crucial for enabling secure access to APIs and other resources in modern applications. What is OAuth 2.0? OAuth 2.0 is an authorization framework that enables third-party applications to access user resources without exposing credentials. It supports various grant types, including authorization code, implicit, client credentials, and resource owner password credentials, each suited for different use cases. ...

Why This Matters Now The Federal Risk and Authorization Management Program (FedRAMP) recently issued its final proposed changes to the cloud authorization process. This update is crucial for ensuring that cloud service providers (CSPs) adhere to the latest security standards and best practices. Given the increasing reliance on cloud services within government agencies, these changes are not just regulatory updates but essential steps towards enhancing overall cybersecurity posture. 🚨 Breaking: FedRAMP proposes significant changes to cloud authorization, impacting all CSPs and their clients. Review the proposals and provide feedback by March 15, 2024. March 15, 2024Feedback Deadline 20+Proposed Enhancements Overview of Proposed Changes FedRAMP’s proposed changes are comprehensive, covering several key areas including assessment methodologies, continuous monitoring, and risk management. These updates are designed to streamline the authorization process while maintaining and enhancing security controls. ...

Why This Matters Now: The RSA Conference 2023 featured John Doe, CISO at XYZ Corp, advocating for a passwordless future. With the rise of sophisticated cyber threats, traditional passwords are increasingly vulnerable. Implementing passwordless authentication can significantly enhance security and user experience. 🚨 Security Alert: Traditional passwords are becoming a weak link in cybersecurity. Adopt passwordless authentication to stay ahead of attackers. 80%Of breaches involve weak or stolen passwords 2023Year of RSA Conference passwordless push Introduction to Passwordless Authentication Passwordless authentication eliminates the need for traditional passwords by using alternative methods to verify user identity. These methods include biometric verification (fingerprint, facial recognition), possession-based methods (smartphones, hardware tokens), and knowledge-based methods (security questions). The shift towards passwordless authentication is driven by the increasing frequency and sophistication of password-related security breaches. ...

DPoP, or Demonstrating Proof of Possession, is a mechanism that enhances OAuth 2.0 security by ensuring that the client making a request to a resource server actually possesses the access token. Unlike traditional bearer tokens, which can be intercepted and reused by anyone who obtains them, DPoP binds the token to the client through a cryptographic proof of possession. What is DPoP? DPoP is a specification defined in RFC 9449 that introduces a new type of OAuth 2.0 access token called a DPoP access token. This token is accompanied by a JSON Web Signature (JWS) that proves the client’s possession of the token. The JWS contains the access token and is signed using a public/private key pair unique to the client. This ensures that only the client that holds the private key can use the token. ...

Why This Matters Now: In December 2023, BleepingComputer reported a significant increase in vishing-based data theft attacks targeting Okta Single Sign-On (SSO) accounts. This became urgent because these attacks exploit human vulnerabilities rather than technical flaws, making them harder to defend against with traditional security measures alone. As of January 2024, organizations must prioritize user education and enhanced security protocols to safeguard their SSO implementations. 🚨 Breaking: Vishing attacks targeting Okta SSO accounts surged in December 2023, putting millions of user identities at risk. 500+Attacks Reported 10%User Compromise Rate Understanding Vishing Attacks Vishing, or voice phishing, involves attackers impersonating legitimate entities over the phone to deceive individuals into divulging confidential information. These attacks are particularly effective against SSO systems because they often rely on user trust and familiarity with the service provider. ...

Why This Matters Now: In December 2023, a series of automated attacks exploited vulnerabilities in FortiCloud Single Sign-On (SSO) to alter firewall configurations. These attacks compromised the security of numerous organizations, underscoring the importance of robust identity and access management (IAM) practices. If you rely on FortiCloud SSO for managing access to your FortiGate firewalls, this post provides actionable steps to mitigate risks. 🚨 Breaking: Automated attacks exploiting FortiCloud SSO to alter FortiGate firewall configurations have been reported. Immediate action is required to secure your infrastructure. 100+Organizations Affected 24hrsTime to Respond Understanding the Attack Vector Vulnerability Overview The attacks leveraged weaknesses in the FortiCloud SSO implementation to gain unauthorized access to FortiGate firewall configurations. Attackers used automated scripts to exploit these vulnerabilities, allowing them to modify firewall rules and settings without proper authorization. ...

Environment-Specific Values, or ESVs, are variables used in PingOne to store configuration settings that can vary across different environments such as development, testing, and production. Properly managing ESVs is crucial for maintaining security, ensuring consistency, and simplifying deployment processes. What are Environment-Specific Values in PingOne? ESVs allow you to define values that can change based on the environment your application is running in. This means you can have different configurations for development, staging, and production without changing your codebase. For example, you might have different database connection strings or API keys for each environment. ...

Why This Matters Now: Mandiant’s recent release of a quick credential cracker has put the spotlight on the vulnerabilities of outdated authentication protocols. As organizations increasingly rely on digital services, the risk of credential theft and unauthorized access grows. This became urgent because the tool can quickly expose weaknesses in password storage and transmission, forcing a reevaluation of current security practices. Introduction In the ever-evolving landscape of cybersecurity, staying ahead of threats is crucial. Mandiant, a leading cybersecurity firm, has taken a significant step by releasing a quick credential cracker. This tool is designed to rapidly test and crack credentials, thereby highlighting the vulnerabilities in authentication systems. The release of such a tool underscores the urgency to phase out insecure protocols and adopt more robust security measures. ...