FusionDirectory a un nouveau site web 🍾🍾🍾 on se projette dans les 10 prochaines années avec un look plus moderne qui met en avant notre expertise, nos services autour de la gestion des identités #iam#opensource#workflow#rest#api#esr#education
Security folks, I need some help. My wife is looking for a job after taking a few years off to take care of the kids and she's having a hard time finding legit security opportunities. And the legit ones she does find don't like the gap in her resume.
If you have or know of any legit remote openings for someone with experience in identity and access management, can you please share?
She has her CISSP and while most of her experience is in IAM she's willing to branch out and learn a new specialty. She also happens to be both the faster learner and the smarter one of the two of us!
My employer #GitLab is hiring, specifically in the Security division. Security Identity Management is the area, so if you're into #Security and #IAM and you're qualified, apply. If not, a few other positions are available, feel free to poke around. Fully remote. I'm not shopping for a referral, I'm shopping for a work colleague, so apply!
Apps that will only present the #2FA challenge upon a successful password #authentication — isn’t there a very good point in always providing both, as to not give any hints on whether the first factor credentials were correct or not?
What’s your favorite identity management tool for a non-profit with limited budget but ~40,000 identities and growing to manage? We’re already talking to Okta.
#Akhenaton, le gars d'#IAM, est complètement tombé dans les thèses complotistes, et ça ne date pas d'hier. Dans "C'est clair je suis sombre" de 1998 (sur l'École du Micro d'Argent) il disait déjà :
« Je suis sceptique quand on me parle de Sida
Ce serait un produit de laboratoire que ça ne m'étonnerait pas
On appelle ça régulation, moyen d'élimination, de la surpopulation (...)
Le vaccin, ils l'ont sûrement déjà découvert
Ou la commercialisation est une histoire de gros sous »
I just published #Regal v0.16.0. This release brings two new linter rules, but most importantly it adds a language server (LSP) mode to Regal, allowing editor integrations to lint your workspace continuously as you work on your #Rego policies. Client implementations soon to follow. Exciting times!
For user accounts that have enabled multifactor authentication, how do you handle self-service password resets? On online platforms, it is usually possible to reset the password via email. I think that is fine for accounts that don't use multifactor authentication. But what if a user logs in with their phone number (They have no email, just the phone) and use text message as their second factor? Sending a password reset code via text message would be a bit stupid. This would mean that the user doesn't really have two-factor authentication if you can reset the first-factor with the second-factor.
I do currently not allow self-service password resets if a user has multifactor enabled. They are required to get in contact with customer support in that case. For our use-case this is ok, but it's obviously not very user-friendly. However, I don't really see a solution in the case where the phone number is the primary identifier and second-factor. I am interested in some thoughts on the topic.
Ich weiss, das zu mindestens #Okta mal unsicher war, doch wie sieht es bei den anderen aus und nutzen die auch die aktuellste #Technik für ihre #Dienstleistung'en? Das ist ja viel versprochen aber nicht garantiert, da Closedsource oder nicht?
«#Identity & #Access Management – Die 9 besten IAM-Tools:
Diese Identity-und-Access-Management (#IAM) -Tools schützen Ihre Unternehmens-Assets auf dem Weg in die Zero-Trust-Zukunft.»
Me and @charlieegan3 have been working on a new guide for the most common errors seen in #OPA during #Rego policy development. Parser errors, compiler errors and evaluation errors — it's all in there. Hopefully it'll be a useful resource to anyone trying to get a better understanding on why some errors happen, and how to fix them. Feedback always welcome!
When implementing #WebAuthn on an Identity Provider's side. Where exactly should one draw the line between #SecurityKey and #Passkey? I see that most platforms make a distinction between those. Can anyone link me some article or blog post on this topic? If I were to implement security key and passkey support on a provider that does not yet support any WebAuthn, should I go down the same route?
My current assumption is that during passkey registration you'd set "residentKey = required" and "userVerification = required", whereas for a security key you'd set "residentKey = discouraged" and "userVerification = preferred".
Also, I'm assuming that a security key can also function as a form of #passwordless multi-factor authentication if UV was true during registration AND authentication. Obviously without the neat part of Passkeys where you don't have to manually enter the username.
Regal v0.14.0 just released! 🎉 The latest edition of the #OPA community's favorite #Rego linter features two new rules, a new output format, and many improvements and fixes. Release notes and downloads here: https://github.com/StyraInc/regal/releases/tag/v0.14.0
Regal v0.13.0 just released! Featuring 3 new linter rules, performance improvements across the board, and many improvements and fixes. If you're working with #OPA and #Rego in any way, make sure to try it out! Regal aims to help not just by finding bugs and issues, but to teach developers of all levels idiomatic Rego.
Does anyone know a decent #selfhosted#idp? Complete overkill I know… but don’t really want to spin up an #entra tenant for basic #iam at home and cloud services.