|Security Control - Securing Private Web-enabled Applications|
|Description||Providing a seamless authentication experience and platform for users to access both public and private cloud web enabled applications|
|Components and Required Capabilities||
|Best Practice Recommendation||
For authentication, consider implementing a Single-Sign On (SSO) solution early in the maturity of the program as it provides big wins especially with removing core access quickly on a termination. External SaaS applications, or cloud-based vendor/3rd party apps can be integrated into SSO with federation services. Once deployed and functional, you can augment it with more sophisticated SSO and MFA scenarios. For example, SSO based on context authentication, risk score and policy based access control.