Added Security With Federated User Authentication
In the past year, several local governments and state agencies have been victims of cyber attacks. The Georgia Technology Authority (GTA) investigated ransomware attack patterns and recommended good “cyber hygiene” to protect information systems.
This is as simple as protecting the way you log in. As the amount of login information for state employees grows, so does the need for additional safeguards.
With that in mind, Digital Services Georgia (DSGa) is introducing universal login authentication for all websites migrating to Drupal 8, providing content management access to multiple sites on GovHub through a single set of login credentials.
With the multitude of applications and the various usernames and passwords required to access your favorite television program, remembering another set for work can get confusing.
If you manage the content for multiple GovHub sites, federated authentication will allow you to use the same set of credentials on multiple sites, instead of juggling multiple passwords.
Seeing Who’s Who
With the increased number of users required to oversee the management of an agency’s website, keeping track of who has access is good cyber hygiene.
DSGa will use Auth0 to centralize the user management process. Their Single Sign-On system also keeps track of website log-in attempts for five days. Five days of all attempts, successful and failed, will allow for DSGa administrators to assist users having trouble getting on the site, while also making it easier to prevent bad actors from gaining access.
Being Future Ready
DSGa’s core belief is to focus on the people and their needs. This focus has been a critical part of public service since its creation, providing Georgians access to information.
A century ago, it was all in-person encounters with employees turning to paper printouts, file cabinets, and stockrooms full of documents.
Now those same documents have been digitized, moving from microfiche readers and floppy discs to online content.
But regardless of the output method, the expected result is still the same — constituents want answers and they want them now. By using federated authentication, GovHub will be adaptable for potential future security issues.