For Security and Sanity, Include "No Passwords" in Your Next RFP

David Strauss

With sites increasingly linked to social networks, subject to security probing by attackers, and one of many places employees, contractors, and agencies sign-in, user management needs have outgrown manual administration in every single application. Re-implementing user security for every project is tedious and error-prone -- especially when the method is passwords.

Various options have been around a while, including LDAP, RADIUS, Kerbero, and Active Directory, but there are now two clear choices for sign-on that everyone -- both vendors and organizations -- are moving toward: SAML and OAuth.

In this presentation, we'll discuss practical, modern security approaches related to internal IT and website RFPs:

  • What it takes (if anything) for your users to be single sign-on ready. It's easier than you think, especially with new SaaS options.
  • Moving the burden of user security outside the RFP: How your IT staff can implement their IP restrictions, two-factor authentication, and user access audit requirements without having to manually build support into every website your organization manages.
  • What you'll need to give Drupal agencies for them to integrate sites they build into your sign-on systems.
  • How to make "no passwords" work external website users, too.

Session Track

Business and Strategy

Experience Level


Drupal Version