Habr3d ago

SSO+MFA+IDM+PAM в одной экосистеме. Комплекс Magnus ID и первый кейс внедрения — модуль MFA

Чем больше средств защиты вы покупаете, тем сложнее их администрировать: SSO для входа, MFA для подтверждения, IDM для управления правами, PAM для контроля доступа к сетевым ресурсам. Четыре продукта, четыре вендора, четыре консоли. И четыре техподдержки, с которыми приходится взаимодействовать. Интеграции съедают месяцы и могут «отваливаться» или терять данные, обновление одного компонента рушит связку с остальными, а безопасники вместо защиты инфраструктуры укрощают этот зоопарк. Мы устали смотреть, как заказчики мучаются, и объединили все четыре класса решений в одну экосистему. Ниже — как устроен Magnus ID изнутри, примеры внедрения и конкретные цифры экономии.

https://habr.com/ru/companies/magnus-tech/articles/1040888/

#magnus_id #sso #mfa #PAM #IDM #корпоративная_MFA #управление_доступом #аутентификация #MFA_для_бизнеса

SSO+MFA+IDM+PAM в одной экосистеме. Комплекс Magnus ID и первый кейс внедрения — модуль MFA

Чем больше средств защиты вы покупаете, тем сложнее их администрировать: SSO для входа, MFA для подтверждения, IDM для управления правами, PAM для контроля доступа к сетевым ресурсам. Четыре продукта,...

Хабр
Show threadBhawik BhagatMay 26

We can barely manage human identities. Now we're sprinting to hand machines the keys to everything.

Every agent is an identity. Every identity is an attack surface.

(Yes, this is based on things I have seen. No, I will not elaborate. 😆)

#CyberSecurity #IdentitySecurity #PAM #NonHumanIdentity #AIAgents

ツ ュ テ フ ァ ン ・ ツ ュ ー マ ツ ハ ーMay 24
Ich habe für meine Serie »CachyOS härten« eine kurze Anleitung geschrieben, wie man auf #CachyOS das #Login sowie #sudo und #su und #KDE (eher improvisiert) mit einem #Fido2 Token absichert. Getestet mit #yubico #yubikey #nitrokey, #token2 r3 und #thetis via #pam und #pam_u2f

Damit kann man dann #mfa mit 3 Faktoren (Token: PIN und Besitz sowie das normale Passwort) umsetzen.

Obacht: man kann sich beim nachbauen schnell mal komplett aussperren, also die beschriebenen Vorsichtsmaßnahmen beachten.

https://cryptomancer.de/posts/20260523-sudoyubikey/

Falls jemand weiß wie man KDE/SDDM besser mit pam_u2f absichert, immer her mit den Ideen.
Jack PollerMay 21

One government agency. 11 PAM platforms. That's not a security strategy—it's a liability.

@KeeperSecurity is making the case for consolidation, and it's compelling.

My RSAC 2026 Vendor Spotlight: https://paradigmtechnica.com/2026/05/21/rsac-2026-vendor-spotlight-keeper-security/ #PAM #IdentitySecurity

RSAC 2026 Vendor Spotlight: Keeper Security – Paradigm Technica

IAMDevBoxMay 20

Learn how to implement Privileged Access Management in cloud environments to enhance security and compliance.

https://iamdevbox.com/posts/implementing-privileged-access-management-pam-in-cloud-environments/?utm_source=mastodon&utm_medium=social&utm_campaign=blog_post

#cloudsecurity #pam #iam #devops

Brasil de Fato [Unofficial]May 18

Israel intercepta nova flotilha para Gaza em águas internacionais; quatro brasileiros estão a bordo

https://fed.brid.gy/r/https://www.brasildefato.com.br/2026/05/18/israel-intercepta-nova-flotilha-para-gaza-em-aguas-internacionais-quatro-brasileiros-estao-a-bordo/

Show threadBhawik BhagatMay 18

How long has your longest-standing privileged account existed without a formal review?

#PAM #PrivilegedAccessManagement #IAM #IdentitySecurity #ZeroTrust #ZTA #StandingPrivileges #MITRE #Cybersecurity #InfoSec #CISO #PrivilegedAccess

Show threadSam VolatileMay 18

OK, normally I have my shit wired together, but this bastard is getting to me.

The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

Life.

I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

So I search for:
"google passkey login with ssh"
My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

#TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

AskUbuntuMay 11

Alternative to GCPW for Ubuntu: How to link Google Workspace accounts to persistent local users? #gdm #authentication #google #pam

https://askubuntu.com/q/1566668/612

Alternative to GCPW for Ubuntu: How to link Google Workspace accounts to persistent local users?

I am looking for a Linux equivalent to GCPW (Google Credential Provider for Windows) for an Ubuntu deployment. Our Current Workflow (on Windows): We use GCPW so employees can log into their laptops...

Ask Ubuntu
Show thread🍁 Martin Guay 👨‍💻🌈🎮📱May 6

Finalizing the slides for today’s session on Zero Trust controls. PAM is often the missing piece of the puzzle for many orgs. Looking forward to breaking down how to limit the "blast radius" when things go sideways. 💥🛡️
See you there!

#CyberSecurity #InfoSec #ZeroTrust #PAM #AccessControl #TechPost