Hardening SAML by Integrating SSO and Multi-Factor Authentication (MFA) in the Cloud

Even though the cloud paradigm and its associated services has been adopted in various enterprise applications, there has been major issues with regard to authenticating users' critical data. Single Sign on (SSO) is a user authentication technique through which a server authenticates and allows a user to use a single aspect of login credentials, for example, to access multiple services in the cloud. Even though SSO reduces the number of logins that are needed over heterogeneous environments, the risk that might be associated with the security of SSO might be detrimental if, for example, a Man-in-the Middle (MITM) attacker manages to gain control of the SSO credentials. It is also possible to get the identity of the users who have logged into Active Directory or intranet and this identity can easily be used to log into other web-based applications, and this requires the use of the Security Assertion Mark-up Language (SAML). SAML is basically a standard that allows users to be logged into applications as per their sessions. The problem that this paper addresses is the lack of a proactive technique of hardening cloud-based SAML while combining SSO with a Multi-Factor Authentication (MFA) at the time of writing this paper. The authors have, therefore, proposed an effective approach that unifies SSO with MFA in this context. Based on the base score index conducted over Common Vulnerability Scoring System (CVSS), the architecture proves to be reliable, feasible and with better performance.