All posts

PingOne SSO is a cloud-based single sign-on solution that allows users to access multiple applications with a single set of credentials. This setup simplifies user management and enhances security by centralizing authentication processes. What is PingOne SSO? PingOne SSO provides a unified platform for managing user identities across various applications. It supports multiple protocols including SAML and OIDC, making it versatile for different integration needs. What is SAML federation in PingOne? SAML (Security Assertion Markup Language) federation in PingOne involves setting up an identity provider (IdP) that issues assertions to a service provider (SP) to authenticate users. This process requires configuring metadata exchange and trust relationships between PingOne and the SP. ...

Why This Matters Now In late December 2023, the security community was shaken by a sophisticated attack on the Python Package Index (PyPI). The threat actor group known as TeamPCP managed to inject a credential stealer into the telnyx package, which is widely used for interacting with Telnyx’s cloud communications platform. This became urgent because the attack leveraged WAV steganography—a technique that hides malicious code within audio files—to bypass detection mechanisms. As of January 2024, thousands of projects have been affected, highlighting the critical need for robust dependency management and security practices. ...

Why This Matters Now The AI frenzy is upon us, with companies racing to integrate machine learning models into their products and services. However, this rush has led to a significant increase in credential mismanagement and secret leaks. Just last month, GitHub experienced a major breach where thousands of repositories were exposed, including sensitive API keys and other credentials. This incident highlighted the critical need for better credential management practices in the age of AI. ...

Passkeys are a game-changer in the world of identity and access management (IAM). They provide a secure, passwordless method of authentication by leveraging hardware security modules (HSMs) to store cryptographic keys. This post will guide you through deploying passkeys in large-scale enterprise environments, covering everything from implementation strategies to security considerations. What is a passkey? A passkey is a strong, private cryptographic key stored in a hardware security module that provides secure authentication without the need for passwords. Passkeys eliminate the risks associated with password reuse, phishing attacks, and weak password policies. They are supported by modern operating systems and browsers through the Web Authentication (WebAuthn) API. ...

Why This Matters Now: The recent wave of sophisticated cyberattacks has highlighted the vulnerabilities in traditional network security models. Agencies are now required to adopt zero trust architectures as part of TIC 3.0 to safeguard their operations and data. This became urgent because traditional perimeter-based security is no longer sufficient to protect against modern threats. 🚨 Breaking: Agencies must comply with TIC 3.0 by implementing zero trust architectures to protect against advanced cyber threats. 2024Implementation Year $10B+Estimated Investment Understanding Zero Trust Zero trust is a security model that assumes there is no implicit trust granted to assets or users inside or outside an organization’s network perimeter. It requires strict verification for every request to access resources, regardless of the user’s location. This approach minimizes the risk of unauthorized access and helps detect and respond to threats more effectively. ...

Why This Matters Now: In December 2024, a sophisticated phishing campaign targeted over 340 Microsoft 365 organizations by abusing the OAuth device code flow. This attack highlights the critical need for robust identity and access management (IAM) practices to prevent unauthorized access. 🚨 Security Alert: Over 340 Microsoft 365 organizations compromised through OAuth device code phishing. Implement strong security measures immediately. 340+Organizations Affected 2 weeksAttack Duration Understanding the Attack The recent phishing campaign leveraged the OAuth device code flow, a common method for applications to authenticate users without embedding credentials directly. Here’s a breakdown of how the attack unfolded: ...

Changelog in ForgeRock DS is a feature that records all changes made to the data store, enabling auditing and synchronization purposes. This feature is crucial for maintaining data integrity and ensuring compliance with regulatory requirements. In this post, we’ll dive into how to enable and monitor changelog in ForgeRock DS 7.2, providing practical code examples and security tips along the way. What is changelog in ForgeRock DS? Changelog in ForgeRock DS is a mechanism that logs all modifications to the directory server, including additions, deletions, and updates. This log serves multiple purposes, such as auditing changes for compliance, synchronizing data across different systems, and debugging issues related to data discrepancies. ...

Why This Matters Now On December 10, 2023, Sonatype reported a critical security incident involving the litellm package on the Python Package Index (PyPI). The malicious version of litellm was designed to steal credentials through a sophisticated multi-stage process. This became urgent because many developers unknowingly installed the compromised package, putting their systems at risk of credential theft and other malicious activities. 🚨 Security Alert: The compromised litellm package has been identified as a significant threat. Immediate action is required to prevent credential theft. 15K+Downloads Affected 24hrsTime to Respond Timeline of Events December 8, 2023 Malicious version of litellm uploaded to PyPI. ...

Why This Matters Now In today’s rapidly evolving threat landscape, traditional security models are increasingly inadequate. The recent surge in sophisticated cyberattacks has highlighted the need for more dynamic and intelligent security solutions. Akamai’s acquisition of Guardicore and the introduction of AI-powered segmentation capabilities represent a significant leap forward in zero trust security. This technology not only enhances the ability to detect and respond to threats but also automates the enforcement of security policies, making it crucial for organizations to adopt these advancements. ...

Directory string length limits and resource constraints are crucial aspects of managing ForgeRock Directory Services (DS). These configurations help prevent issues such as buffer overflows, optimize performance, and ensure data integrity. In this post, we’ll dive into how to effectively manage these settings in ForgeRock DS. What is managing directory string length limits in ForgeRock DS? Managing directory string length limits involves setting maximum lengths for string attributes in the directory. This prevents overflow errors, optimizes storage, and enhances overall system performance. Properly configured string length limits can also help mitigate security risks by preventing buffer overflow attacks. ...

Why This Matters Now Recent high-profile cyberattacks have highlighted the vulnerabilities in traditional security measures, particularly in environments running Linux. Command and Control (C2) servers have become increasingly sophisticated, using legitimate tools and behaviors to evade detection. The SolarWinds breach, for instance, demonstrated how attackers can establish a foothold in a network and maintain persistence through subtle, yet effective means. This became urgent because traditional signature-based detection methods are often unable to identify these stealthy attacks. Behavioral Analytics offers a proactive approach by focusing on deviations from normal behavior, making it a critical tool for modern security strategies. ...

Keycloak Event Listeners are extensions that allow you to react to events happening within Keycloak, such as user logins, role assignments, and other administrative actions. By implementing custom event listeners, you can enhance your Identity and Access Management (IAM) system with features like custom audit logging and integration with external systems via webhooks. What is Keycloak Event Listeners? Keycloak Event Listeners are components that enable you to hook into the event system of Keycloak. They allow you to execute custom logic whenever certain events occur. This can be incredibly useful for logging, alerting, or integrating with other systems. ...

Why This Matters Now: The increasing sophistication of cyberattacks has made robust identity and access management (IAM) crucial for businesses in all sectors, including hospitality. Hotels are prime targets due to the sensitive nature of guest data and operational systems. Mews’ introduction of free Single Sign-On (SSO) access addresses these concerns by providing a secure and efficient way to manage user identities across various applications. 🚨 Security Alert: Hotels are frequent targets for cyberattacks. Implementing SSO can significantly reduce the risk of unauthorized access and data breaches. 50%Of Breaches Involve Weak Passwords 30%Data Breaches Occur Due to Human Error Understanding Single Sign-On (SSO) Single Sign-On (SSO) is a method that allows users to authenticate once and gain access to multiple systems or applications without needing to enter their credentials repeatedly. This approach not only improves user experience but also enhances security by reducing the risk of password reuse and phishing attacks. ...

Why This Matters Now The recent release of the Auth0 MCP Server Extension for Gemini CLI marks a significant step forward in simplifying identity and access management (IAM) operations. Previously, integrating the Auth0 MCP Server with Gemini CLI required manual configuration and custom scripts, which could be time-consuming and error-prone. With this new extension, developers can authenticate to Auth0 and manage their tenants directly from Gemini CLI with just a few commands. This enhancement not only saves time but also ensures consistency and security across all sessions. ...

In early March 2026, two events put MFA bypass back in the spotlight. Europol dismantled Tycoon 2FA — the world’s largest phishing-as-a-service platform — while a new suite called Starkiller demonstrated that AitM phishing has evolved from a sophisticated nation-state technique into a commodity SaaS product anyone can buy. The message is clear: if your organization relies on TOTP, push notifications, or SMS for MFA, it is not phishing-resistant. Here’s how these attacks work and what actually stops them. ...

On March 2, 2026, four engineers from Defakto Security, AWS, Zscaler, and Ping Identity published draft-klrc-aiagent-auth-00 — a 26-page IETF draft that finally gives AI agents a proper identity framework. Called AIMS (Agent Identity Management System), it doesn’t invent new protocols. Instead, it composes SPIFFE, WIMSE, and OAuth 2.0 into a coherent stack that solves the “how do AI agents prove who they are” problem. This matters because the current state of AI agent authentication is dire. An analysis of over 5,200 open-source MCP server implementations found that 53% rely on static API keys, while only 8.5% use OAuth. The AIMS framework provides the architecture to fix this — and with the EU AI Act’s high-risk system requirements taking effect August 2, 2026, the compliance clock is ticking. ...

What is PingOne AIC API? PingOne Advanced Identity Cloud (AIC) API provides REST endpoints for managing identity and access in enterprise environments. It lets you automate user provisioning, manage groups, and handle authentication flows programmatically. I’ve used it extensively to integrate identity management into various applications, and it’s been a game-changer for streamlining IAM processes. How to Authenticate with PingOne AIC API Authentication is typically done using OAuth 2.0 with the client credentials flow. This flow is for service-to-service auth. No users, just machines talking to machines. ...

Why This Matters Now: The rise of cloud-based procurement platforms has led to increased reliance on third-party systems for managing purchases and supply chains. However, this shift also introduces new security challenges. Recent high-profile data breaches highlight the importance of robust access control mechanisms. Integrating Enterprise SSO into third-party procurement platforms is crucial for maintaining security while improving user experience. 🚨 Breaking: Recent data breaches have exposed vulnerabilities in third-party procurement platforms. Implementing Enterprise SSO can significantly reduce the risk of unauthorized access. 25%Of Breaches Involve Third-Party Systems 48hrsAverage Time to Detect Breach Understanding the Challenge Third-party procurement platforms are essential for modern businesses, enabling efficient management of supplier relationships and purchase processes. However, they often introduce security risks due to multiple access points and varying authentication methods. Traditional username/password combinations are no longer sufficient to protect sensitive data. ...

Why This Matters Now: The rise in sophisticated cyber attacks targeting credential theft has made it imperative for organizations to adopt advanced security measures. Dashlane’s introduction of Omnix Advisor, an AI-powered tool, addresses these challenges by providing real-time insights and recommendations to enhance credential security. This became urgent because traditional methods of credential management are increasingly inadequate against modern threats. 🚨 Breaking: Sophisticated cyber attacks are on the rise, targeting credential theft. Omnix Advisor provides the AI-driven insights needed to stay ahead of these threats. 70%Credential Theft Incidents 24hrsResponse Time Needed Understanding Omnix Advisor Omnix Advisor is a cutting-edge solution that integrates artificial intelligence into credential security. It continuously monitors user behavior and access patterns to detect anomalies and potential security threats. By leveraging machine learning algorithms, Omnix Advisor can provide real-time alerts and recommendations to help organizations maintain a strong security posture. ...

Identity Threat Detection and Response (ITDR) is a security solution that monitors, detects, and responds to suspicious activities related to user identities in real-time. It combines user behavior analytics, anomaly detection, and automated response mechanisms to protect against insider threats, credential theft, and other identity-related attacks. What is Identity Threat Detection and Response (ITDR)? ITDR is a critical component of modern Identity and Access Management (IAM) systems. It goes beyond traditional IAM by continuously analyzing user behavior to identify deviations that may indicate a security breach. By integrating ITDR into your IAM strategy, you can proactively detect and mitigate threats before they cause significant damage. ...