You are here because you need help with connecting a SSO to your business.

Your SSO Goals should be to do the following.

Goals for SSO

  1. Centralize your accounts and access with single sign-on.
  2. Consider eliminating passwords where possible.
  3. Enable strong, unique passwords everywhere else. Prevent credential stuffing and password spraying.

Reduce Attack

  1. Automate provisioning and deprovisioning when possible.
  2. Enable reporting so you can see who and what groups have access to which applications.
  3. Periodically review user group access to applications.

MFA and Strong Authentication

  1. Implement Multi Factor Authentication (MFA) across all applications.
  2. Enable a MFA solution with adaptive capability.
  3. Harden authentication everywhere you can.
Active Directory Clean up for SSO Deployment

For many Microsoft Office 365 customers, Microsoft Active Directory (AD) is a core piece of the identity management infrastructure. With AD serving as the enterprise directory, user authentication and application access policies around on-premises applications are often tied to users and security groups in AD. Similarly, the ideal Microsoft Office 365 deployment should be able to tightly integrate with AD. Office 365 accounts should be created based on AD user profiles and security groups. And users should be able to leverage their AD credentials when accessing Office 365.

When the user needs to change a password it can all be done without a call into IT.

Everyone is happy!

AD questions as a master for security.
  • How many Active Directory domains will be provisioned?
  • Get a detailed description of the existing onboard process for IT?
  • When is "email" generated for the new hire?
  • Is there a separate OU structure for FTE and contractors in an AD?
  • What is the format of the AD UPN?
  • Are there development instances of AD, HR, and Okta to be used for change management?
  • How clean is the existing HR data?
  • How many in scope HR users compared to AD users?
  • What are the attributes to be synced between the HR system, Okta, and target applications?
  • Is there HR data to determine birthright access?
  • Is there HR data to distinguish in scope user communities (i.e., FTE vs. Contractor)?
  • What is the current username format in HR?
  • What is the user expected username formats for target applications?

How can SSO work with our active directory?

  • Is the customer in a Hybrid Deployment?
  • Does the customer meet O365 prerequisite set by Microsoft?
  • Is the customer using Azure AD Connect to migrate users to O365?
  • Is MFA in scope for access to O365?

Phone & Hours

(888) 959-2825
Monday-Friday: 9am to 5pm


8117 W. Manchester Ave
Suite 915
Playa Del Rey, CA 90293