WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION"

Transcription

1 WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION

2 Executive Overview The explosion of devices laptops, desktops and now the plethora of mobile devices has left enterprises scrambling to conduct access control to their resources. The current tools are not sufficient for BYOD environments because they do not address the new devices or the new resources for mobile or desktop users. Technology has advanced too far to rely on simple username and password combinations for individual access. They are too easily compromised or forgotten, and create frequent points of vulnerability. Though users may be comfortable with shielding their Facebook profiles behind single factor authentication, enterprise information must be more strongly secured with additional factors, despite the inconvenience that it may introduce. Resolving the conundrum of adding layers of authentication without compromising ease-of-use has proven to be an elusive task for enterprises, until now. SecureAuth s Device Fingerprinting features the flexibility, the security, and the convenience required to increase layers of authentication without creating high friction for users. In many instances, SecureAuth s Device Fingerprinting actually improves user experience. This paper will examine SecureAuth s Device Fingerprinting. It will explain what it is, how it works, and the numerous benefits that it spawns. In conclusion, SecureAuth IdP will be elucidated, acknowledging its complete security package designed specifically for mobile and BYOD work environments. Table of Contents Introduction: What is Device Fingerprinting?.3 How Does it Work?.3 Features of Device Fingerprinting 6 Weighing the Fingerprinting Metrics (Device Heuristics)..8 Device Acceptance Range 9 Management of Range..10 Secure Mobile App for Android and ios...12 Integrated into SecureAuth IdP for All Resources.12 Conclusion.13 WHITEPAPER 2

3 Introduction: What is Device Fingerprinting? Device Fingerprinting is a revolutionary system developed by SecureAuth that enables secure and convenient access to all resources, from any device mobile or desktop. It was created to address continuous security concerns from enterprises whose mobile business bourgeons. With the release of SecureAuth IdP version 7.0 in April, 2013, SecureAuth enabled this new, heuristics approach to identify, authenticate, and assert access. By supporting variations of HTTP headers, IP addresses, browser fonts, browser plugins, user data storage, and the device s time zone, users unique identities can be determined from the distinct desktop and mobile devices used. Each mobile device smartphone, laptop, tablet on various platforms has unique characteristics from which an intelligent system (like the webserver embedded in SecureAuth) can extract information. SecureAuth has exploited that feature and manipulated it to be used for device registration and subsequent device validation. How Does It Work? An Identity Provider (IdP) by design extricates information from data stores to be used for authentication and assertion. SecureAuth is an IdP that also features a built-in, enhanced webserver capable of extracting and validating mobile and desktop device information. Device Fingerprinting enables SecureAuth IdP to pull specific characteristics from a device, store the unique characteristics in the enterprise s directory, and then use those characteristics for validation of the users and devices for subsequent access requests. WHITEPAPER 3

4 Image #1: SecureAuth IdP has integrated 2-Factor user-to-device registration workflow built into the product. The first-time process (Registration): User attempts to access an application from a desktop or mobile device and is redirected to SecureAuth IdP for authentication (1) SecureAuth conducts a configurable (2) SecureAuth authentication (1- factor, 2-Factor, 3-Factor, etc.) Upon successful authentication, SecureAuth sends server-based commands to the client to (3) PULL the unique characteristics from the (4) device (header, fonts, plug-ins, screen size, HTML5 storage facilities, IP address, cookie storage, etc.) SecureAuth creates a numeric representation (5) of the values and then stores it to a local enterprise directory (6) that can be accessed by admins and referenced by the authenticated user ID User is redirected with appropriate SSO from SecureAuth IdP to the original target resource WHITEPAPER 4

5 Image #2: Once the device is registered to the device, subsequent authentications are lowfriction for the user. For subsequent authentications (Validation): User attempts to access an application from a desktop or mobile device and is redirected to SecureAuth IdP for authentication (1) User supplies enterprise credentials, and SecureAuth IdP conducts a device fingerprint of the user s device and checks it with the user ID against the enterprise data store (2) If a match is found, SecureAuth IdP counts it as a successful second factor (no SMS, Telephony, OOB authentication is required) and returns an SSO token to the user for access to the network, cloud, web, or mobile resource (3) Device Fingerprinting enables companies to keep a record of the devices employed by each user, which eliminates the need to impose a HIGH- FRICTION authentication on subsequent authentications. WHITEPAPER 5

6 Features of Device Fingerprinting Though some of the values of Device Fingerprinting have already been indicated, there are several benefits that come with it. Low-friction authentication is one of the most significant features of SecureAuth s Device Fingerprinting. As illustrated in the processes above, users whose devices have already been registered with the Server are not burdened with multiple authentications for each subsequent session. This dramatically simplifies the login and access process for users who employ the same resources, especially portals, with frequency. SecureAuth IdP already specializes in providing a flexible and convenient workflow for users; this addition only strengthens it. By allowing the directory to store the collection of devices, users can be allowed subsequent authentication without further friction. If a user attempts access from a different device, SecureAuth can be configured to either deny access or to usher the user through another enrollment so that the user can register the new device. Should an enterprise choose the latter, a user would work through another enrollment and a fingerprint of the additional device will then be stored for subsequent access requests. The user s data store profile will house two (or more) fingerprints that can be used for future validation. Device Fingerprinting permits a simplified, one-time registration workflow from all devices, whether mobile or traditional computers. Shared Machines are no longer problematic with SecureAuth IdP. Device Fingerprinting enables multiple users to work on the same device while maintaining effective security. When the device authentication is registered with the enterprise, it is linked to one specific user s profile. That user is then able to work on the device without re-authenticating because the Server recognizes that that user has already validated it. When new users attempt to access enterprise resources from the same device, SecureAuth IdP, through its ability to pull user-based identifiers from the device and matching them against information housed in the user s back end data store, recognizes that the device has not been registered to this new user. WHITEPAPER 6

7 As a result, the new user will be redirected to the IdP for authentication before access is granted. From there, the Fingerprint Server will store this device under the new user s profile without eliminating or altering the previous user s registration. Users can work on multiple devices and multiple users can work on a single device all without high-impact authentication processes. Identity Access Management (IAM) with SecureAuth IdP is completely configurable and flexible because it is designed to utilize the enterprise native store and use existing username spaces. As detailed, SecureAuth registers the device to the user via a storable value. Multiple devices can be registered to a single user Each access from each device is logged per device Users can be issued a time for valid registration, which forces them to re-register after a realm-based duration period Devices can be uniquely identified/revoked per users All devices can be revoked per user, at one time The ability to revoke all devices per user at one time is especially relevant. Administrators can access all of the information that is collected and stored by the Fingerprint Server at anytime. In a very simple, admin-friendly tool, any modifications can be effortlessly made including 1-Touch Revocation, which maintains security even if the device is compromised or the user has left the company. Because each device is linked to the users that employ them, admins can quickly and easily search the directory to find the device that requires forced revocation. Once the user has been pinpointed, admins are able to revoke all or individual devices by simply unchecking them from the acceptable devices list. SecureAuth IdP also enables user self-management, including profile registration and modification, password reset, and self or device revocation. Users are able to revoke access on their own devices at any time, without requiring the admin s assistance. This is all accomplished without necessitating any thick clients on the device. WHITEPAPER 7

8 Weighing the Fingerprinting Metrics (Device Heuristics) To facilitate strong authentication without compromising ease-of-use, SecureAuth Device Fingerprinting offers a heuristic-based approach for identifying devices. As described above, the solution offers a built-in, 2-Factor workflow to enable the first time device registration. With SecureAuth s Device Fingerprinting deployed, enterprises can set scoring values to heuristic components that will weigh device characteristics in accordance to enterprise priorities. In this way, an enterprise can match their user base and how/which devices are used in accordance to the resources. With this heuristic component, an enterprise can customize the fingerprinting to their deployment environment. Image #3: SecureAuth allows the admin, per protected resource, to select which device identity characteristics the admin wishes to weigh. WHITEPAPER 8

9 SecureAuth scores specific mechanisms that are used to determine whether a user has surpassed the threshold set by the enterprise. These mechanisms include: HTTP header information: o User-Agent o Accept o Accept CharSet o Accept Encoding o Accept Language Browser Plug-in List Browser Flash Fonts Device Host Address/IP Screen Resolution HTML5 Local Storage HTML5 Session Storage IE User Data Support Browser Cookie Enable/Disable Setting Time Zone Each of these features come with a default setting and can be adjusted accordingly to meet unique conditions that the enterprise might have for a particular resource. It is important to note that SecureAuth IdP is a multitenanted solution, so admins can adjust these settings per each resource with distinct values. Device Acceptance Range SecureAuth enables a Device Acceptance Range to give enterprises full control of device validation. This Device Acceptance Range can be configured for different levels of acceptance. The admin console can control this range, which affects key concepts concerning the device: When the device fingerprint is accepted, as is o The device looks mostly similar to the stored fingerprint When the device fingerprint should be updated o The device has undergone some minor updates/upgrades and the device fingerprint should be updated When the device is new altogether o It is a new device, therefore a new registration is required WHITEPAPER 9

10 For the device registration, SecureAuth IdP generates a numeric fingerprint of the device. This numeric fingerprint is stored in the enterprise data container and is associated with a user. For subsequent authentications, SecureAuth IdP reexamines the device with the same algorithm and creates a new numeric fingerprint. The matching percentage of the subsequent authentication is a number between 0 and 100, and we call it the DCS, Device Certainty Score. Management of Range SecureAuth has given the admin two adjustable scores to modify the Device Validation Range. These scores are the match score and the update score. The match score is a configurable setting that communicates to the system the lowest level of the DCS that can be accepted before a new fingerprint is computed. The update score is the lowest level of the DCS that can be accepted before SecureAuth IdP triggers a user to re-register. This too is configurable. By having this adjustable range between a match score and an update score, devices can be updated and evolve without requiring the user to reauthenticate. WHITEPAPER 10

11 Image #4: SecureAuth allows the enterprise to set a Device Acceptance Range to adjust the rigidity of the fingerprinting and validation process, namely a (1) match score and an (2) update score. This enables devices to evolve without the user having to re-register. If the computed DCS is greater or equal to the match score, then the device is considered pre-registered and no second factor will be conducted by the SecureAuth authentication workflow. If the DCS is BELOW the match score but ABOVE the update score, then the device is considered to likely be pre-registered but might have a few characteristics changed. SecureAuth IdP will conduct a secure second factor and then UPDATE the fingerprint for the user in the enterprise directory. Lastly, if the DCS is BELOW the update score, SecureAuth conducts a secure second factor, and then creates a digital fingerprint for this new device and stores it in the enterprise namespace for this user. This device is considered new and is now ALSO registered to the user. For example, a user may elect to register his Windows 7 desktop the first time. Before he returns, the system goes through a major upgrade, including browser plug-ins and system modifications. For his next usage, SecureAuth would recognize that the device is the same, but the fingerprinting would WHITEPAPER 11

12 reflect the variation. To be secure, the user would re-authenticate, but the record would show only one device enrolled to the user. Just as administrators can set preferences for all individual users with SecureAuth IdP, adjustments can also be made per authentication realm that establishes the distinct heuristic requirements for individual applications. Secure Mobile App for Android and ios For enterprises that require higher than normal security for mobile device access, SecureAuth has created device-specific mobile applications for Android and ios devices, in addition to browser-based fingerprinting. These apps can be deployed by the enterprise to augment the process of device verification. The application is designed to execute native commands on ios and Android clients for the purpose of extracting device specific information. Both platforms query the device and extract the friendly name. Android s would be Android Nexus 7.4.2, for example. The mobile applications also work further and pull device-specific information. For Android, the app is able to extract the serial number from the mobile unit; and for ios, it pulls the UDID for versions 5.0 and earlier, and the Advertiser ID for later models. Integrated into SecureAuth IdP for All Resources Device Fingerprinting is one part of an entire solution that SecureAuth has been developed to specifically target the needs of an enterprise. The SecureAuth IdP fingerprinting solution can be used for ALL enterprise resources, including: Enterprise Web Applications (SharePoint,.NET, J2EE, WebLogic) Network Resources (Juniper, F5, Citrix) Cloud Resources (Google, Microsoft, Salesforce, Taleo) Mobile Applications (Android, ios, Windows) SecureAuth IdP offers 2-Factor Authentication (2FA) and Single Sign On (SSO) to all enterprise resources, including native mobile applications without any hardware, installation, or coding required. 2FA and SSO are transparent as well as user-friendly. Admins can configure the authentication settings to require 2FA every session, every week, every WHITEPAPER 12

13 month, or whatever time period they choose. Different 2FA workflows can be configured for specific sets of users, specific applications, and specific devices. SSO can also be extended to enterprise network, web, cloud, and mobile resources specifically for users, applications, and devices. SecureAuth s frictionless success is rooted in its ability to conduct authentication, device registration, and identity assertion in a transparent way, thereby allowing administrators to deploy a solution that requires marginal management and no user support. With SecureAuth IdP, users will not be calling the helpdesk due to confusing or complicated authentication. Conclusion SecureAuth is continually perfecting its solution to ensure security and to improve the end-user experience. With the innovative supplement of Device Fingerprinting to the already powerful access platform, SecureAuth IdP is steadily eliminating the need for any other products addressing enterprise application access. Enterprises can now embrace BYOD and mobile business because with SecureAuth, they have the necessary security to manage the devices and the access in the safe way that their policies dictate, all the while not complicating authentication for its user base. SecureAuth s ability to configure different workflows for different users and different applications ensures that the various use cases that surface in BYOD deployments and mobile application access will be met with sound security and ease-of-use. WHITEPAPER 13

14 InNet innetworktech.com

SecureAuth IdP Device Fingerprinting

SecureAuth IdP Device Fingerprinting Technical Brief SecureAuth IdP Device Fingerprinting Low-Friction BYOD Authentication March 2015 Executive Overview The explosion of devices desktops, laptops, and now the plethora of mobile devices has

More information

SECUREAUTH IDP AND OFFICE 365

SECUREAUTH IDP AND OFFICE 365 WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES Executive Overview U.S. Federal mandates dictates that personal with defense related initiatives must prove access

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Secure Access Control for Mobile, Cloud, and Web Apps

Secure Access Control for Mobile, Cloud, and Web Apps Secure Access Control for Mobile, Cloud, and Web Apps SecureAuth IdP is a revolutionary platform that provides flexible and secure access control through strong authentication, single sign-on, and user

More information

SecureAuth is an IDP. 14 November SecureAuth. All rights reserved.

SecureAuth is an IDP.  14 November SecureAuth. All rights reserved. SecureAuth is an IDP 14 November 2012 www.gosecureauth.com WHY DOES AN ENTERPRISE NEED TO BECOME AN IDENTITY PROVIDER? 2005 ENTERPRISE USERS: 1X ID DEVICE PASSWORD FEW APPLICATIONS VS. 2012 ENTERPRISE

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

I D C V E N D O R S P O T L I G H T

I D C V E N D O R S P O T L I G H T I D C V E N D O R S P O T L I G H T E n f o r c i n g I dentity a nd Access Management i n C l o u d a n d Mobile Envi r o n m e n t s November 2012 Adapted from Worldwide Identity and Access Management

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing

More information

Workday Mobile Security FAQ

Workday Mobile Security FAQ Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy

More information

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT Executive Overview SAML (Security Assertion Markup Language) is a standard that facilitates the exchange of security information. Developed by

More information

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

White Paper. Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare

White Paper. Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare White Paper Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare June 2015 Introduction The primacy of healthcare cyber security is accompanied by challenges unique to the

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

AVG Business Secure Sign On Active Directory Quick Start Guide

AVG Business Secure Sign On Active Directory Quick Start Guide AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and

More information

How Intel Cloud SSO Works

How Intel Cloud SSO Works TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

Kony Mobile Application Management (MAM)

Kony Mobile Application Management (MAM) Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview

More information

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

expanding web single sign-on to cloud and mobile environments agility made possible

expanding web single sign-on to cloud and mobile environments agility made possible expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

TrustedX - PKI Authentication. Whitepaper

TrustedX - PKI Authentication. Whitepaper TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...

More information

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates As enterprises move their applications to the Web and mobile platforms, providing strong security

More information

TrustedX: eidas Platform

TrustedX: eidas Platform TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,

More information

Active Directory Self-Service FAQ

Active Directory Self-Service FAQ Active Directory Self-Service FAQ General Information: info@cionsystems.com Online Support: support@cionsystems.com CionSystems Inc. Mailing Address: 16625 Redmond Way, Ste M106 Redmond, WA. 98052 http://www.cionsystems.com

More information

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory and Group Policy Features C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

ADAPTIVE USER AUTHENTICATION

ADAPTIVE USER AUTHENTICATION ADAPTIVE USER AUTHENTICATION SMS PASSCODE is the leading technology in adaptive multi-factor authentication, improving enterprise security and productivity through an easy to use and intelligent solution

More information

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module Version 1.0.1 ForeScout Mobile Table of Contents About the Integration... 3 ForeScout MDM... 3 Additional Documentation...

More information

AVG Business SSO Connecting to Active Directory

AVG Business SSO Connecting to Active Directory AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Symantec Managed PKI Service Deployment Options

Symantec Managed PKI Service Deployment Options WHITE PAPER: SYMANTEC MANAGED PKI SERVICE DEPLOYMENT............. OPTIONS........................... Symantec Managed PKI Service Deployment Options Who should read this paper This whitepaper explains

More information

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity Comparison Feature Sheet Feature Sheet is a next generation password management and password synchronization tool that provides users with reduced sign on experience across all applications and password

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Okta/Dropbox Active Directory Integration Guide

Okta/Dropbox Active Directory Integration Guide Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management EOH Cloud EOH Cloud Services - EOH Cloud Page 1 EOH Mobile Device Management Manage a fleet of diverse mobile devices, support new secure mobile workflows and effectively distribute apps. The evolving

More information

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

The Cloud, Mobile and BYOD Security Opportunity with SurePassID The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs January 2014 SurePassID At A Glance Founded 2009 Headquartered in Orlando, FL 6 sales offices in North America,

More information

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access To strengthen KBR information security and safeguard company data, Information Technology will implement two-factor authentication

More information

Secure, Centralized, Simple

Secure, Centralized, Simple Whitepaper Secure, Centralized, Simple Multi-platform Enterprise Mobility Management 2 Controlling it all from one place BlackBerry Enterprise Service 10 (BES10) is a unified, multi-platform, device, application,

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

Advanced Configuration Steps

Advanced Configuration Steps Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings

More information

Interwise Connect. Working with Reverse Proxy Version 7.x

Interwise Connect. Working with Reverse Proxy Version 7.x Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt

More information

Configuring and Monitoring Citrix Branch Repeater

Configuring and Monitoring Citrix Branch Repeater Configuring and Monitoring Citrix Branch Repeater eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of

More information

Gateway Apps - Security Summary SECURITY SUMMARY

Gateway Apps - Security Summary SECURITY SUMMARY Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference

More information

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication with Active Directory Applicable

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

Identity Implementation Guide

Identity Implementation Guide Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Azure Security Services, Features and Options. Ioannis Stavrinides Technical Evangelist, CEE MC

Azure Security Services, Features and Options. Ioannis Stavrinides Technical Evangelist, CEE MC Azure Security Services, Features and Options Ioannis Stavrinides Technical Evangelist, CEE MC Agenda for today General security features Encryption Other security mechanisms Azure Active Directory security

More information

How to Implement Enterprise SAML SSO

How to Implement Enterprise SAML SSO How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and

More information

A guide to enterprise mobile device management.

A guide to enterprise mobile device management. WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an

More information

Password Reset PRO INSTALLATION GUIDE

Password Reset PRO INSTALLATION GUIDE Password Reset PRO INSTALLATION GUIDE This guide covers the new features and settings available in Password Reset PRO. Please read this guide completely to ensure a trouble-free installation. March 2009

More information

WHITE PAPER SECURE, DEPLOYABLE BILATERAL (CLIENT/SERVER) AUTHENTICATION

WHITE PAPER SECURE, DEPLOYABLE BILATERAL (CLIENT/SERVER) AUTHENTICATION WHITE PAPER SECURE, DEPLOYABLE BILATERAL (CLIENT/SERVER) AUTHENTICATION SecureAuth Secure, Deployable Bilateral (Client/Server) Authentication As enterprises move their applications to the Web and mobile

More information

Leverage Active Directory with Kerberos to Eliminate HTTP Password

Leverage Active Directory with Kerberos to Eliminate HTTP Password Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com

More information

Managing policies. Chapter 7

Managing policies. Chapter 7 Chapter 7 Managing policies You use the Policies tab in Admin Portal to create policy sets for roles. A policy set lets you configure the following categories of policies: Mobile Device Policies Use to

More information

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Technologies and Features 4 Dynamic Configuration and

More information

PrinterOn Print Management Overview

PrinterOn Print Management Overview PrinterOn Print Management Overview Table of Contents 1. PrinterOn and Print Management Overview... 4 1.1. Combined PrinterOn and Print Management Capabilities... 5 1.1.1. Comprehensive Workflow Tracking

More information

Office 365 deployment checklists

Office 365 deployment checklists Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.

More information

Active Directory Compatibility with ExtremeZ-IP

Active Directory Compatibility with ExtremeZ-IP Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices White Paper Group Logic White Paper October 2010 About This Document The purpose of this technical paper is to discuss how ExtremeZ-IP

More information

THE MOBILE HELIX SECURE DELIVERY PLATFORM

THE MOBILE HELIX SECURE DELIVERY PLATFORM SECURE ENTERPRISE HTML5 THE MOBILE HELIX SECURE DELIVERY PLATFORM A MOBILE HELIX WHITEPAPER THE MOBILE HELIX SECURE DELIVERY PLATFORM This whitepaper describes the way the Mobile Helix solution delivers

More information

Mobile Iron User Guide

Mobile Iron User Guide 2015 Mobile Iron User Guide Information technology Sparrow Health System 9/1/2015 Contents...0 Introduction...2 Changes to your Mobile Device...2 Self Service Portal...3 Registering your new device...4

More information

Fairsail REST API: Guide for Developers

Fairsail REST API: Guide for Developers Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

Identity. Provide. ...to Office 365 & Beyond

Identity. Provide. ...to Office 365 & Beyond Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A

More information

Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

More information

UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab

UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab Description The Symantec App Center platform continues to expand it s offering with new enhanced support for native agent based device management

More information

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management Security Comparison Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309

More information

Google Apps Deployment Guide

Google Apps Deployment Guide CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

More information

Risk Based Authentication and AM 8. What you need to know!

Risk Based Authentication and AM 8. What you need to know! Risk Based Authentication and AM 8 What you need to know! Agenda Authentication Manager 8 Customer Use Cases Risk Based Authentication (RBA) RBA Integration and Deployment 2 SecurID / Authentication Manager

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

Getting Started with Clearlogin A Guide for Administrators V1.01

Getting Started with Clearlogin A Guide for Administrators V1.01 Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

NetIQ Advanced Authentication Framework

NetIQ Advanced Authentication Framework NetIQ Advanced Authentication Framework Security Officer Guide Version 5.2.0 1 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Authenticators Management 4 Card 8 Email OTP

More information

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

New Features: What s new in Windows Intune?

New Features: What s new in Windows Intune? New Features: What s new in Windows Intune? Contents Release Overview... 2 Unified Enterprise Management Solution... 2 User-based Licensing... 5 Extending Client Support... 5 Understanding Mobile Device

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information