Oh which zero trust did you buy?
/s
Zero trust is such a pain in the ass to maintain
You misunderstand. It means "sign on every single time "
because you forgot to set the expiration of your jwt’s you can make tokens last longer, you get token once and use long enouth for session, default is probably 5 mins or something leading to your issue
They did say “Single” sign on so we can’t blame them, can we?
Yeah I feel that. PingID … every time, always… and again and again.
You get to only have to remember one username and password but have to sign in every site every 2 hrs 
sounds like you are doing it right
Ours works great
Quick question: How big is your org? Is your org doing mainly software?
It depends on how you’re doing it. If you have a true zero trust environment, you don’t. You need end point protection and that’s about it.
But most people who say they’re doing zero trust, aren’t (just like every other sexy new tech buzzword).
Zero Trust is a waporware in it’s core. If you have Zero trust (like no), why do you trust your tools, operating systems, database management systems? What if they can’t be trusted? What if your encryption tool can’t be trusted?
And the reason for “can’t be trusted” is simpler than xz-malware. What if your operating system grants root permissions to anywone with enough agility to perform dirtycow? What if your vpn software has bug?
… Actually, drop ‘what’. They do have bugs. In ‘zero trust’ logic you need to assume they all are breached and close your company for good.
Working at startups gave me a lot of perspective on this. I would’ve killed for dedicated people to slog through those government security requirements for me. There is a natural tension between security and devs because most security policies restrict hacks and conveniences that devs enjoy. But the reality is those security people have a reason for (most of) the policies that get put in place, and usually it’s because they don’t have a choice. Just look at what happens when the security recommendations get ignored:
Zero trust in the devs too.
yeah i didn’t mean to imply the concept is bad, you are so right they have no idea what they are doing. also just venting.
IAP+IAM are just part of the “zero trust” toolset.
And the opposie is true too I feel like, software people have no clue how cloud works in general, how networking, infra, security and etc. works and have no interest in learning that, which really sucks and makes our work a bit annoying at times. It’s the software people that must adapt to the way infrastructure works, not other way around.
How dare you say security ppl are IT people lol. They annoy the hell out of us with their ignorance too.
yes! this is absolutely the case.
a previous comment framed it perfectly. my company is trying to achieve the result with unskilled workers (on the cheap).
It seems like no vendor supports caching SSO information in any consistent manner.