What are pros and cons of each?
We are working with an energy and utility client based in the US.
Our suite of applications is Bespoke applications built on Microsoft Stack (.NET, MVC, ASP.NET, .NET core, SQL Server, .NET CORE RESTful services, etc).
We integrate with a host of external vendor products such as Payment Gateway, eKYC vendors, third-party Aggregators, etc.
We are looking to explore an IAM product tool that fits well within our technology landscape.
Primarily, we would have internal employees authenticating and connecting to a host of applications from the Internet and as well as external vendors, partners also connecting to it.
Currently, we have suggested having an external Domain Controller for external users and a separate Domain Controller - for internal users. This way we can have more granular governance, access, and security policies for external and internal users.
In the future, we might expose the authentication using social media as well (such as GMAIL, LI, FB, etc) for guest users.
Please share your advice about an IAM product/solution that fits our requirements and within the Microsoft Technology stack and landscape.
SSO seems like a great way to simplify secure user authentication, but is it safe? If SSO is compromised, surely this poses a greater risk, as then all one's passwords can be accessed across all applications?