An Overview of Samsung KNOX Active Directory-based Single Sign-On

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "An Overview of Samsung KNOX Active Directory-based Single Sign-On"

Transcription

1 C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android mobile environment for selected Samsung mobile devices. One of the key features included with KNOX is Active Directorybased Single Sign-On. This new capability, developed by Centrify Corporation, addresses password sprawl, allows users to securely and seamlessly login to corporate applications and gives organizations centralized access control for web-based and mobile applications. This White Paper provides an overview of the Single Sign-On features and benefits and introduces how this unique capability works within the Samsung KNOX environment. Centrify Corporation PHONE: +1 (408) (North America & Worldwide) 785 N. Mary, Suite (0) (EMEA) Sunnyvale, CA (+61) (APAC) (Latin America) WEB

2 Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation. Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Centrify, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property Centrify Corporation. All rights reserved. Centrify, DirectAudit, DirectControl and DirectSecure are registered trademarks and DirectAuthorize and DirectManage are trademarks of Centrify Corporation in the United States and other countries. Other brand names used in this document are the trademarks or registered trademarks of their respective companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE II

3 Contents Contents... iii Introduction... 1 What is Samsung KNOX?... 1 Background on Centrify... 1 An overview of Samsung KNOX Active Directory-based Single Sign-On... 1 The benefits of Samsung KNOX Active Directory-based Single Sign-On... 2 The KNOX End User SSO Experience... 3 How Samsung KNOX Active Directory-based Single Sign-On works... 6 What you install on your internal network... 7 Using the Centrify Cloud Service and the Centrify Cloud Manager... 8 Configuring and deploying web-based Single Sign-On apps Configuring and deploying mobile applications to Samsung KNOX containers Using Samsung KNOX Active Directory-based Single Sign-On Using the MyCentrify web-based user portal Using the two Centrify mobile apps on a Samsung KNOX device Using SSO-enabled mobile apps running in the KNOX container Summary Where to go for more information How to Contact Centrify CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE III

4 Introduction What is Samsung KNOX? Samsung KNOX is a new Android-based solution specifically designed to enhance the security of the open source Android platform. KNOX is not a product or a single feature; instead it is a suite of enhancements for selected Samsung Android devices designed to address the needs of government and enterprise IT managers as well as employees. It is important to note that while many of these features are unique to the Samsung KNOX platform, Samsung has maintained full compatibility with Android and the Google ecosystem so that existing Android applications will continue to work on Samsung KNOX devices. Central to the KNOX experience is the ability to run corporate IT-approved apps in a secure application container completely isolated from the user s other apps and data on the device. This container can be centrally managed by the IT department while still giving the user the ability to run personal applications in the standard Android environment. Another major feature of Samsung KNOX is the ability to deploy and manage Single Sign-On (SSO) enabled applications. These applications can be web-based Software-as-a-Service (SaaS) applications such as Salesforce.com or Office 365 or they can be native Android apps that have been modified to work with the KNOX SSO service. A key feature of the KNOX SSO environment is its integration with Microsoft Active Directory, the most popular user and computer identity management system in use today. The SSO solution has been developed for Samsung by Centrify Corporation, a leader in crossplatform identity management solutions. Background on Centrify Centrify provides Unified Identity Services across data center, cloud and mobile environments resulting in a single login for users and a unified identity infrastructure for IT. Centrify's software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across on-premise and cloud resources. More than 5000 customers have deployed Centrify across millions of computers, applications and mobile devices to increase agility and security. With Centrify, organizations are reducing the costs associated with identity lifecycle management and compliance by over 50%. Since releasing its initial product in 2005, Centrify has expanded its portfolio from one product to a suite of software and cloud services that span data center, cloud and mobile environments with comprehensive support for over 400 systems and 1,500+ applications. An overview of Samsung KNOX Active Directory-based Single Sign-On Samsung KNOX Active Directory-based Single Sign-On is a set of services that run on a KNOXenabled mobile device and remote systems that integrate and communicate with an Active Directory infrastructure CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 1

5 This Single Sign-On solution addresses password sprawl by providing users with an automated login experience while also giving organizations centralized control over access to web-based and mobile applications. Users will appreciate the simplicity of single sign-on and the self-service features that let them locate, lock, or wipe their mobile devices plus the ability to reset their Active Directory passwords. Administrators will appreciate the easy-to-deploy cloud-based service that delivers access control and visibility to application usage in addition to seamless integration with Microsoft Active Directory. Samsung KNOX Active Directory-based Single Sign-On decreases the cost of deploying and managing web-based and mobile applications while at the same time improving user adoption, satisfaction, security and productivity. The benefits of Samsung KNOX Active Directory-based Single Sign-On Samsung KNOX Active Directory-based Single Sign-On provides the IT administrator with control and flexibility in deploying web-based and mobile applications to users in the organization. With Samsung KNOX Active Directory-based Single Sign-On, an organization can: Enhance users productivity: Users can now go to a single portal to get one-click access to all of their web-based applications. Users experience less frustration, more satisfaction and more productivity by not having to remember multiple passwords to get their work done. Security and peace of mind increase as users no longer store passwords in non-secure locations or use passwords that are easy to remember but that don t meet corporate security guidelines. Users no longer have to remember passwords for every application Reduce your helpdesk burden: As much as 40% of IT helpdesk call volume can be related to password or account reset issues. Users lose productivity and experience greater frustration while IT experiences increased unnecessary expense. Samsung KNOX Active Directory-based Single Sign-On can quickly lower costs by gains in improved user productivity and reduce Web-based account or password reset calls by as much as a 95% CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 2

6 Improve security: According to the 2012 Verizon Data Breach Investigations Report, five of the top six attack vectors were focused on users passwords accounting for the majority of data breaches. Samsung KNOX Active Directory-based Single Sign-On reduces or eliminates the use of passwords for authenticating to users applications through the use of secure single sign-on. Additionally, access to all applications can be removed by simply disabling a user s Active Directory account when necessary. When using Samsung KNOX Active Directory-based Single Sign-On there are fewer passwords and password storage locations making the Samsung mobile device more secure. Improve IT visibility and control: Every organization s web-based application represents yet another set of identity and access control challenges. By controlling access to applications through Samsung KNOX Active Directory-based Single Sign-On and centrally authenticating users with their Active Directory identity, IT admins gain visibility into the history and usage patterns of applications, which allows further refinement of who needs access to which applications. When a person leaves an organization, access to all business-critical applications can be easily and quickly shut down. And unlike other solutions, Samsung KNOX Active Directory-based Single Sign-On does not duplicate existing identity data into the cloud and out of an organization s control it maintains an organization s identity inside Active Directory, keeping data more secure and centrally controlled. Reduce compliance overhead: With easy and thorough reporting on who has access to which applications and what each user did with that access privilege, compliance with regulations and industry best practices can more quickly be shown freeing up expensive IT resources to deliver on projects that are important to an organization s bottom line. Leverage existing infrastructure and skill sets: By providing the industry's tightest integration of web-based and mobile applications with Microsoft Active Directory, an organization can more cost-effectively deliver SSO and security because it can leverage existing technology, skill sets, and processes associated with an Active Directory environment. The KNOX End User SSO Experience When users enroll a device into Centrify s Cloud Service, the device is joined to the corporate Active Directory domain, the secure KNOX container is created and a certificate-based trust is established between the KNOX container, the user and Active Directory. This certificate is used to authenticate the user of the device with the cloud service, validate that the user has a current Active Directory account and look up the user s roles in order to know which applications the user will be allowed to run. With this trust in place, secure single sign-on is then possible. In fact, this experience could be described more aptly as Zero Sign-On since a certificate is used to authenticate access to applications rather than requiring the user to enter credentials. Before providing more details on how this SSO solution works on Samsung KNOX it is worth highlighting what end users will experience on their Samsung KNOX devices. There are two types of SSO-enabled apps available to users: web-based SaaS apps and native mobile apps CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 3

7 Web-based Single Sign-On Apps Administrators and end users can setup and deploy web-based or SaaS single sign-on applications for use inside the Samsung KNOX container using Centrify s cloud-based tools. These web-based apps are listed in the Centrify for KNOX native app that runs inside the KNOX container. Users simply go into the KNOX container (after providing their KNOX password), click on the Centrify for KNOX app, select the app they want to run and they are instantly taken to the app in their browser. The KNOX SSO Service handles authenticating the user using his or her certificate and allows role-based access based on the SSO parameters setup in the Centrify Cloud Service. Steps to run Office 365 web-based SSO-enabled app in a Samsung KNOX container 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 4

8 Native Mobile Single Sign-On Apps Centrify s solution also supports adding SSO capabilities to native Android apps that run in a Samsung KNOX container. Once a native Android app is modified to take advantage of the protected KNOX container environment and enhanced to support the KNOX SSO service, both users and IT administrators can deploy these approved apps into the KNOX container using Centrify s cloud-based tools. And again, the end user experience is extremely straight forward. Users go into the KNOX container, where they will see the apps that have been deployed using the Centrify cloud-based tools. Users click on the native app and they are instantly taken to an app session without having to login or provide credentials. Certificate-based authentication is handled through the Centrify SSO APIs which call the KNOX SSO Service. Steps to run Box native Android SSO-enabled app in a Samsung KNOX container 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 5

9 Both classes of SSO apps run within the secure KNOX container and relieve the user of having to remember complex password for each app, or worse, use easily-remembered weak or common passwords. This is a win-win solution for organizations since one application simultaneously increases both user productivity and corporate application security. How Samsung KNOX Active Directory-based Single Sign-On works Samsung KNOX Active Directory-based Single Sign-On uses Microsoft Active Directory to centrally manage policies for accessing and authenticating web-based and mobile applications. Samsung KNOX Active Directory-based Single Sign-On is a complete security and SSO solution that is delivered by way of the Centrify Cloud Service. Users can access web-based or SaaS applications from the Centrify user portal or Centrify for KNOX app, based on their identity and role. Mobile applications are deployed into the KNOX container based on roles and policies established by IT management. The Centrify Cloud Service provides secure communication from an on-premise computer with Active Directory to web-based applications accessed from the Centrify user portal. The Centrify Cloud Service facilitates secure SSO and controls access to an organization s web-based applications by acting as a security token service. In addition, SSO-enabled versions of mobile apps can be deployed within the Samsung KNOX container and use the same SSO service for authentication. As a security token service, the Centrify Cloud Service authenticates users to the Centrify user portal with Kerberos, SAML, or an Active Directory user name and password. Once a user unlocks his or her KNOX container, PKI credentials are used to enable strong secondary authentication to the Centrify Cloud Service. A SAML, Oauth or OpenID Connect token is then generated which enables user access to SSO-enabled applications. The Centrify Cloud Proxy Server is a simple Windows service that runs behind a firewall and provides real-time authentication, policy, and access to user profiles without synchronizing an organization s data to the cloud. Organizations maintain control of their valuable Active Directory data while providing a common-sense user experience. The Centrify Cloud Manager provides a single, easy-to-use tool to administer application access, mobile devices, and user profile changes. Also, this tool can be used to report and monitor all webbased and mobile activity. Not only does this improve security and compliance through improved visibility, but also lowers administrative complexity by reducing the number of solutions with different monitoring and reporting interfaces or integrations. Administrators can quickly audit all administrative and user activities. In the Centrify user portal, a user clicks a simple link to a web-based app and the Centrify Cloud Service logs the user in to the app. The Centrify portal provides multiple self-service options for users to update their Active Directory profiles and remotely administer their mobile devices CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 6

10 Here s how the main components in the Samsung KNOX Active Directory-based Single Sign-On architecture work together: An overview of the Active Directory-based Single Sign-On Architecture In addition, the Samsung KNOX Active Directory-based Single Sign-On solution extends SSO capabilities to native Android apps which run in the secure Samsung KNOX environment. These apps have been modified to take advantage of the KNOX SSO APIs and can only be run in the Samsung KNOX application container. What you install on your internal network The Samsung KNOX Active Directory-based Single Sign-On solution requires very little in the way of additional software or services in order to function correctly with a KNOX-enabled device and an existing Active Directory installation. The process begins by installing the Centrify Cloud Management Suite in an organization s internal network, and this installs the following items: Centrify Cloud Proxy Server: The Centrify Cloud Proxy Server is a process that runs on a host computer with internal connections to an Active Directory server and external internet connections. This server manages communications between Active Directory and the Centrify Cloud Service. No changes are required to an existing internal Active Directory environment and Active Directory continues to be used to create and manage users, groups and devices CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 7

11 Centrify Cloud Proxy Server configuration application: The Centrify Cloud Proxy Server configuration application provides a user interface that configures the Centrify Cloud Proxy Server. Active Directory Users and Computers console extension: If the organization is planning on using the Centrify Cloud Management Suite for mobile device and container management, then an Active Directory console extension is installed which provides additional properties and commands for managing mobile devices. This console extension lets administrators use the existing Active Directory infrastructure and familiar tools to manage mobile users and devices. It adds two tabs to a device s Properties display and a single tab to each mobile user s Properties display. The tabs in the device Properties display mobile device-specific information and applications installed on the device. The user Properties tab lists the devices enrolled by that user. In addition, this extension adds a series of mobile device and Samsung KNOX container commands for example, lock and unlock the container that can be sent to one or more devices from the Active Directory Users and Computers console. Group Policy console extension: Again, if the organization is planning on using the Centrify Cloud Management Suite for mobile device and container management, additional group policies for mobile devices and Samsung KNOX containers are installed. This is an Active Directory group policy console extension with a comprehensive set of group policies that can be used to configure and control mobile devices. Familiar tools are used to create group policy objects for the mobile devices. The cloud service then automatically installs the policies on the devices. NOTE: Neither extension modifies Active Directory they are both console extensions only. After the above components have been installed, the Centrify Cloud Manager can be accessed. Using the Centrify Cloud Service and the Centrify Cloud Manager The Centrify Cloud Service is a multi-tenanted service that provides secure communication from an on-premise Active Directory environment to mobile devices. The Centrify Cloud Service is hosted in Centrify s secure datacenter. Each organization must register with Centrify in order to enable the cloud services that manage communications between the organization s Active Directory environment and managed mobile devices. This communications channel is used for secure user authentication and device management controls such as installing group policies, sending commands to individual or groups of devices, and deploying applications to specific sets of users. The Centrify Cloud Manager is the Centrify Cloud Service administrator tool. Administrators use Centrify Cloud Manager to configure cloud service settings, deploy applications, manage users and devices and monitor cloud service activities. The Centrify Cloud Manager is also used to define roles for users and administrators. User roles define which applications are deployed to which users. Access control and configuration for SSO-enabled apps are also managed through this tool. Deploying SSO access to an application in the Centrify Cloud Manager is straightforward. Below is a brief overview of the process. 1. Apps are added in the Centrify Cloud Manager Apps page by selecting apps from the Centrify Cloud Manager App catalog CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 8

12 2. Once an app is added it can be modified to configure the application settings, such as how authentication takes place (e.g. username and password or SAML-based SSO). 3. One or more roles are then assigned to the application to control who can have access to the application. For each role, an application can be deployed as automatic or optional. An automatic install makes the application appear in the users Centrify portal by default. An optional install makes the application available to be added by each user. A tool is provided to allow administrators to create or modify roles. Once a role is created, the admin can assign Active Directory users and groups to roles as needed. After a role has been assigned to the application, the application state changes to deployed and the assigned users can access the application. The Centrify Cloud Manager user interface provides multiple views into an organization s applications, role access and activity, and allows changes to be made. Use the Apps page to see all the applications that have been added and deployed. An application s settings or user access options can also be modified. Use the Roles page to add, modify, or delete roles. Active Directory users and groups can be added to roles. Roles can be assigned to applications to control access to those applications. Use the Users page to view all users who ve logged in at least once and to specify login exceptions for specific users and applications. The Devices page lists all managed KNOX devices. If the Centrify User Suite SaaS Edition has been licensed for other platforms, Android, ios and Mac devices joined to the domain are also listed. The Dashboards provide multiple views into recent application, user, and device activity. In the User Activity view, top users and recently logged-in users can be seen. The Device Activity view displays information about users mobile device usage. In the App Activity view, an IT administrator can see which applications are getting used the most. Use the Settings page to check the status of proxy servers and other settings. Centrify Cloud Manager 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 9

13 Configuring and deploying web-based Single Sign-On apps When an application is deployed, the IT admin configures how KNOX grants access to that application for users. There are some options for how users SSO access to web-based applications can be provided. User account mapping options The first choice involves how Active Directory accounts are mapped to the application user accounts. Depending on the application, there are the following options: Use an Active Directory field: Use this option if the user accounts are based on Active Directory user names. Specify an Active Directory field such as mail or userprincipalname. Everyone shares the same user name and password: Use this option if access to an account is to be shared but the user name and password are not. For example, some people share an application developer account. User provides the user name and password: Use this option if the application user accounts are not related to Active Directory and each user has his or her own login information. The user enters the user name and password the first time that he or she launches the application from the Centrify portal or app. The Centrify Cloud Service retains the login information so that the user doesn t have to try to remember it or store it in a non-secure location. Login script: The user account mapping can be customized by supplying a custom script to generate the user account login name. Application types There are also different kinds of applications that can be added and deployed to users. The Centrify App Catalog lists the name and application type for each application. Web application with user name and password authentication: Some web applications are configured for user name and password authentication only. This option is used if either the application only supports user name and password authentication or if the application is not going to be configured for SAML SSO at this time. Web application with SAML authentication: This option is used if the application account has SAML SSO as an option and the application will be configured to use SAML SSO. Bookmark application: The option is simply a link to the URL of the application but doesn t provide any login authentication mechanism. A bookmark application can be used to provide a convenient link to an internal application available to users. Add the Generic Bookmark application to the list of applications, and then configure the application with the desired application URL CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 10

14 SAML SSO options There are also options for applications that support SAML authentication. Different applications provide different authentication options. The main choices are: Identity Provider (IdP)-initiated only Service Provider (SP)-initiated only IdP-initiated or SP-initiated The Identity Provider (IdP) is a service such as the Centrify Cloud Service which provides a way to authenticate users securely. A Service Provider (SP) is the provider of the web application, such as Salesforce, Office 365 or Google Apps; the service provider uses the SAML tokens produced by the IdP. Samsung KNOX Active Directory-based Single Sign-On works with both IdP-initiated and SP-initiated SAML SSO. If the application provider offers both IdP-initiated and SP-initiated SAML SSO, choose which one to use and configure the application accordingly. Here are some things to consider: In most cases, if IdP-initiated SAML SSO is deployed, users can still access the application directly using their user name and password. If SP-initiated SAML SSO is deployed, users are redirected to the MyCentrify portal if they attempt to log in directly to the web application. Some applications prevent user name and password logins. Configuring and deploying mobile applications to Samsung KNOX containers This section describes how to deploy mobile applications to the Samsung KNOX container. As with deploying web-based apps, mobile applications are deployed to Samsung KNOX containers using the Centrify Cloud Manager; however, there are some procedural differences. Note the following important points about deploying mobile applications for use in a Samsung KNOX container: In order for a mobile application to use SSO inside of a Samsung KNOX container, the mobile application vendor must use the Centrify Samsung SDK to enable their mobile application for SSO inside the Samsung KNOX container. Not all applications are appropriate for SSO; for example, a SSO is not needed for an application that does not require a login (such as a clock, for example). Before an Android application can be deployed for the Samsung KNOX container, the mobile application must be signed by Samsung, Centrify, or another MDM/MCM vendor in a process referred to as App wrapping, (also known as Redexing). Only mobile applications that have been wrapped can be installed into the Samsung KNOX container CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 11

15 When deploying a Samsung KNOX-wrapped mobile application, use the Android InHouse application from the Centrify app catalog. Google Play applications cannot be deployed into the Samsung KNOX container. When deploying a Samsung KNOX-wrapped mobile application that is also configured for SSO, a corresponding SAML application must also be deployed to the same set of users who get the mobile application. Using Samsung KNOX Active Directory-based Single Sign-On Samsung KNOX users have three ways to use Active Directory-based Single Sign-On enabled applications: 1. MyCentrify web-based user portal: Users can gain access to approved SSO-enabled web applications by going to the MyCentrify portal using a browser from any internet-connected device. An Active Directory username and password is required to enter the portal. Clicking the app from the list launches the app in the browser and the SSO service authenticates the user without the need to provide a username or password for each application. This portal can also be used for deploying optional apps, managing devices and provides the user with a number of selfservice administrative functions, such as changing the user s Active Directory password. 2. Centrify for KNOX app: The Centrify for KNOX app is installed in the user s KNOX container and is used to access and run all authorized web-based applications. Users who enter their KNOX password to start the KNOX environment receive a certificate-based token which allows the Centrify for KNOX app to run without the user being prompted for a password. Users can then run web-based apps by simply selecting the app from the list, again without needing to provide login credentials. There is also a Centrify app that runs in the standard Android environment on a Samsung KNOXcapable device. This app is used to configure the SSO and Active Directory integrated experience including enrolling the device in the Centrify Cloud Service. Once enrolled, the service then issues PKI Certificates that identify the user and the device to the cloud service. These certificates enable strong mutual authentication of the device to the cloud service for all subsequent communications to ensure that the device is communicating with the trusted security service provider. The Centrify Cloud Service can then both manage the device and the KNOX Container security policies (depending on the Group Policy configuration chosen by the administrator) as well as provide Zero Sign-On services. 3. SSO-enabled mobile apps running in the KNOX container: Users and administrators can also deploy special versions of popular native Android apps that have been modified to run in the KNOX environment and use the KNOX SSO APIs. These apps run just like standard Android apps except they support SSO, meaning users do not have to enter their credentials to access the app. The following sections provide more details on each of these three options CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 12

16 Using the MyCentrify web-based user portal Users first log in to MyCentrify, their single portal that provides access to their web applications, their mobile devices, and their Active Directory account profiles. The MyCentrify portal is delivered through the Centrify Cloud Service. MyCentrify web-based user portal The MyCentrify portal provides users a single location from which they can access all of their business web applications. Also, users can access their web applications without having to enter a separate user name and password each time they need to access an application. Users can also easily organize their web applications with tags that they create. Administrators can empower users with Samsung KNOX Active Directory-based Single Sign-On by providing them with a simple, self-service portal where they can change their network password and update their personal information that is stored in Active Directory. Users can also easily manage their own devices, track the location of their devices, and remotely lock or wipe data from those devices in cases of loss or theft CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 13

17 Using the two Centrify mobile apps on a Samsung KNOX device There are two Centrify mobile apps that run on a Samsung KNOX device. The first Centrify app, simply called Centrify, gets installed from the Google Play store and runs in the standard Android environment. This app is used for: enrolling and unenrolling the device in the Centrify Cloud Service and Active Directory creating the KNOX container establishing the certificate-based trust between the cloud service, the device and the user, which enables the SSO experience reviewing and setting up mobile apps and app updates that get installed in the KNOX container reviewing and deploying centrally-managed policies for both the device and the container. Once a mobile app is listed and installed via this tool, it appears as an installed mobile app in the KNOX container. The second Centrify app, called Centrify for KNOX, runs exclusively in the KNOX container. This mobile app is installed from the Samsung KNOX Apps store and is used to access web-based, SSOenabled applications that have been setup by the user or the IT administrator using the Centrify Cloud Manager or the MyCentrify web-based user portal. Users run these SSO-enabled web apps by simply selecting the app from the list that is displayed. Centrify app for Android Centrify for KNOX app for KNOX Container 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 14

18 Using SSO-enabled mobile apps running in the KNOX container The third way to run SSO-enabled apps in the KNOX environment is to execute a special class of native Android apps in the KNOX container environment. These apps are special in two ways. First, the app has been put through a process to digitally sign the app to allow it to run in the KNOX container environment. This signing process, which can be done by Samsung, Centrify or other MDM vendors, ensures that the app is safe and approved to run in the KNOX container environment. Only Android apps that have been put through this process can run in the KNOX container. Other standard Android apps cannot be installed in the container to decrease the possibility of a rogue app introducing malware into the container. The second characteristic of this class of mobile applications is the support for SSO. These apps have been modified by the app vendor to incorporate and take advantage of Centrify s SSO APIs that are a unique feature of the KNOX environment. By adding certificate-based SSO capabilities to a mobile app, the user no longer needs to enter a username and password to use the app but instead is automatically authenticated by the Centrify Cloud Service. This relieves the user of the burden of remembering passwords for each app and also gives access control to the IT administrator who can turn access to the mobile app on or off. Box and DropBox are examples of SSO-enabled KNOX apps 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 15

19 Summary This concludes the overview of the Samsung KNOX Active Directory-based Single Sign-On capabilities. This unique capability not only helps users to be more productive and secure but also provides IT management with powerful tools for controlling access to important IT applications and data. Centrify also provides Single Sign-On products for a number of mobile platforms. For more information on these products, visit the Centrify web site or contact a Centrify sales representative. Where to go for more information For more information, please review the documentation and help pages for the various components of the Samsung KNOX Active Directory-based Single Sign-On solution: The Samsung KNOX Active Directory-based Mobile Container Management and Single Sign-On Installation and Configuration Guide provides the installation and configuration instructions for two solutions from Centrify that are part of Samsung KNOX. o Samsung KNOX Active Directory-based Mobile Container Management: A comprehensive suite that simplifies user authentication, mobile device and Samsung KNOX container management, and application deployment. o Samsung KNOX Active Directory-based Single Sign-On: An easy-to-integrate solution that provides silent authentication for applications opened from within the Samsung KNOX container. The Centrify Cloud Manager online help provides task-oriented information for administrators who need to modify applications, manage roles and users, and configure settings in the Centrify Cloud Manager. To open this, click Help from the user name menu in the Centrify Cloud Manager. The Centrify Cloud Manager Application Configuration help provides specific details for configuring each kind of application individual web-based applications for SSO, user-password applications, and mobile applications. To open this, click the Help link from an application in the App Catalog or an Application Settings dialog box. The MyCentrify help provides task-oriented information for users to navigate and launch their deployed applications, view their activity, manage their own mobile devices, and specify some Active Directory settings. To open this, click Help from the user name menu in the MyCentrify user portal. For more information on Samsung KNOX visit the All Things KNOX Resource Center at: CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 16

20 How to Contact Centrify Worldwide Headquarters Centrify Corporation 785 N. Mary, Suite 200 Sunnyvale, CA United States Product & Sales Information North America: +1 (408) EMEA: +44 (0) APAC Latin America: Phone: +1 (408) Online: CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 17

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory and Group Policy Features C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

Stop Password Sprawl with SaaS Single Sign-On via Active Directory

Stop Password Sprawl with SaaS Single Sign-On via Active Directory CENTRIFY WHITE PAPER Stop Password Sprawl with SaaS Single Sign-On via Active Directory Abstract Organizations are rushing to SaaS in an effort to move business initiatives along faster than the traditional

More information

Centrify Mobile Authentication Services for Samsung KNOX

Centrify Mobile Authentication Services for Samsung KNOX Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under

More information

Samsung KNOX: An Overview for Business Customers

Samsung KNOX: An Overview for Business Customers CENTRIFY WHITE PAPER. SEPTEMBER 2013 Samsung KNOX: An Overview for Business Customers Abstract Samsung, the mobile device market leader, has introduced Samsung KNOX for its Android-based mobile platforms

More information

Centrify Cloud Management Suite

Centrify Cloud Management Suite Centrify Cloud Management Suite Installation and Configuration Guide April 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Google Apps Deployment Guide

Google Apps Deployment Guide CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

More information

Centrify Mobile Authentication Services

Centrify Mobile Authentication Services Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license

More information

AVG Business SSO Partner Getting Started Guide

AVG Business SSO Partner Getting Started Guide AVG Business SSO Partner Getting Started Guide Table of Contents Overview... 2 Getting Started... 3 Web and OS requirements... 3 Supported web and device browsers... 3 Initial Login... 4 Navigation in

More information

Office 365 Single Sign-On: High Availability Without High Complexity

Office 365 Single Sign-On: High Availability Without High Complexity WHITE PAPER Office 365 Single Sign-On: High Availability Without High Complexity WWW.CENTRIFY.COM Office 365 Single Sign-On: High Availability without High Complexity Contents Abstract 3 Introduction 4

More information

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated. Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated

More information

A Practical Path to Unified Identity Across Data Center, Cloud and Mobile

A Practical Path to Unified Identity Across Data Center, Cloud and Mobile C E N T R I F Y W H I T E P A P E R A Practical Path to Unified Identity Across Data Center, Cloud and Mobile Abstract The major trends challenging IT organizations today are the increasing heterogeneity

More information

Centrify Identity Service and Mac - Online Training

Centrify Identity Service and Mac - Online Training C E N T R I F Y D A T A S H E E T M A R C H 2015 Centrify Identity Service and Mac - Online Training Overview This course is designed for administrators of the Centrify User Suite and mobile devices. At

More information

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution WHITE PAPER Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution WWW.CENTRIFY.COM Top Six Things to Consider with an Identity as a Service (IDaaS) Solution Contents Executive Summary

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce. Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 34 Configurin guring g Clarizen Configure the Clarizen Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with Clarizen. Configuration also specifies how the application

More information

Configuring. SugarCRM. Chapter 121

Configuring. SugarCRM. Chapter 121 Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML

More information

Configuring. SuccessFactors. Chapter 67

Configuring. SuccessFactors. Chapter 67 Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

Configuring Salesforce

Configuring Salesforce Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

Configuring SuccessFactors

Configuring SuccessFactors Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about

More information

Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory

Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory W H I T E P A P E R C E N T R I F Y C O R P. M A Y 2008 Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory The Active Directory-Based Single Sign-On Solution

More information

Active Directory and DirectControl

Active Directory and DirectControl WHITE PAPER CENTRIFY CORP. Active Directory and DirectControl APRIL 2005 The Right Choice for Enterprise Identity Management and Infrastructure Consolidation ABSTRACT Microsoft s Active Directory is now

More information

Speeding Office 365 Implementation Using Identity-as-a-Service

Speeding Office 365 Implementation Using Identity-as-a-Service August 2015 www.sarrelgroup.com info@sarrelgroup.com Speeding Office 365 Implementation Using Identity-as-a-Service White paper August 2015 This white paper is sponsored by Centrify. August 2015 www.sarrelgroup.com

More information

Centrify Cloud Connector Deployment Guide

Centrify Cloud Connector Deployment Guide C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as

More information

Automating Cloud Security with Centrify Express and RightScale

Automating Cloud Security with Centrify Express and RightScale QUICK START GUIDE. MAY 2011 Automating Cloud Security with Centrify Express and RightScale How to secure cloud systems by joining them to your Active Directory infrastructure Abstract This Quick Start

More information

Managing UNIX Generic and Service Accounts with Active Directory

Managing UNIX Generic and Service Accounts with Active Directory APPLICATION NOTE Managing UNIX Generic and Service Accounts with Active Directory Published: June 2007 Abstract Generic accounts are commonly used to enable UNIX administrative staff to log on to a computer

More information

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.

SAP NetWeaver Fiori. For more information, see Creating and enabling a trusted provider for Centrify on page 108-10. Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori

More information

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview) Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in

More information

Centrify Identity and Access Management for Cloudera

Centrify Identity and Access Management for Cloudera Centrify Identity and Access Management for Cloudera Integration Guide Abstract Centrify Server Suite is an enterprise-class solution that secures Cloudera Enterprise Data Hub leveraging an organization

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

Configuring on-premise Sharepoint server SSO

Configuring on-premise Sharepoint server SSO Chapter 112 Configuring on-premise Sharepoint server SSO You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview of

More information

Advanced Configuration Steps

Advanced Configuration Steps Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

What s New in Centrify Privilege Service Centrify Identity Platform 15.4 CENTRIFY PRIVILEGE SERVICE WHAT S NEW What s New in Centrify Privilege Service Centrify Identity Platform 15.4 Centrify Privilege Service Centrify Privilege Service is a cloud-based password and access

More information

Best Practices for Adding Macs to Microsoft Networks

Best Practices for Adding Macs to Microsoft Networks WHITE PAPER Best Practices for Adding Macs to Microsoft Networks WWW.CENTRIFY.COM Best Practices for Adding Macs to Microsoft Networks Contents Abstract 3 Introduction 4 Requirements for Solving the Challenge

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies

More information

Configuring. Moodle. Chapter 82

Configuring. Moodle. Chapter 82 Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare

More information

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox VMware Identity Manager SEPTEMBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Dropbox Table of Contents

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

Configuring Parature Self-Service Portal

Configuring Parature Self-Service Portal Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

More information

How Intel Cloud SSO Works

How Intel Cloud SSO Works TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

Sharepoint server SSO

Sharepoint server SSO Configuring g on-premise Sharepoint server SSO Chapter 99 You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview

More information

Administering Jive Mobile Apps

Administering Jive Mobile Apps Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Native Apps and Push Notifications...4 Custom App Wrapping for ios... 5 Native

More information

Identity Implementation Guide

Identity Implementation Guide Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta. Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta

More information

Sophos Mobile Control user help. Product version: 6.1

Sophos Mobile Control user help. Product version: 6.1 Sophos Mobile Control user help Product version: 6.1 Document date: May 2016 Contents 1 About this help...4 2 About Sophos Mobile Control...5 3 Login to the Self Service Portal...6 3.1 First login...6

More information

Office 365 deployment checklists

Office 365 deployment checklists Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Office 365 deploym. ployment checklists. Chapter 27

Office 365 deploym. ployment checklists. Chapter 27 Chapter 27 Office 365 deploym ployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of

More information

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services 1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

User Self-Service Configuration Overview

User Self-Service Configuration Overview User Self-Service Configuration Overview Version 8.2 Mobile Service Manager Legal Notice This document, as well as all accompanying documents for this product, is published by Good Technology Corporation

More information

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

Improving Mobile Device Security and Management with Active Directory

Improving Mobile Device Security and Management with Active Directory CENTRIFY WHITE PAPER, FEBUARY 2012 Improving Mobile Device Security and Management with Active Directory An overview of mobile device market trends, challenges and approaches to securing and managing smart

More information

Hyper-V Server 2008 Setup and Configuration Tool Guide

Hyper-V Server 2008 Setup and Configuration Tool Guide Hyper-V Server 2008 Setup and Configuration Tool Guide Microsoft Corporation Published: October 2008 Author: Cynthia Nottingham Abstract This guide will help you set up and configure Microsoft Hyper-V

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager NetSuite Cloud Connector Guide McAfee Cloud Identity Manager version 2.0 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0 Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

Deploying the Workspace Application for Microsoft SharePoint Online

Deploying the Workspace Application for Microsoft SharePoint Online Microsoft Dynamics GP Deploying the Workspace Application for Microsoft SharePoint Online Microsoft Dynamics GP Workspace is a method to enable Microsoft Excel-based dashboards for SharePoint Online. This

More information

Creating a generic user-password application profile

Creating a generic user-password application profile Chapter 4 Creating a generic user-password application profile Overview If you d like to add applications that aren t in our Samsung KNOX EMM App Catalog, you can create custom application profiles using

More information

Macintosh Printer Management using Centrify DirectControl Group Policies

Macintosh Printer Management using Centrify DirectControl Group Policies WHITE PAPER CENTRIFY CORP. MARCH 2010 Macintosh Printer Management using Centrify DirectControl Group Policies ABSTRACT This white paper examines various approaches to managing printer configuration files

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services VMware Identity Manager OCTOBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Amazon Web

More information

Copyright Pivotal Software Inc, 2013-2015 1 of 10

Copyright Pivotal Software Inc, 2013-2015 1 of 10 Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10

More information

How to Secure a Groove Manager Web Site

How to Secure a Groove Manager Web Site How to Secure a Groove Manager Web Site Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations,

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

MBAM Self-Help Portals

MBAM Self-Help Portals MBAM Self-Help Portals Authoring a self-help portal workflow for BitLocker Recovery Using Microsoft BitLocker Administration and Monitoring (MBAM) Technical White Paper Published: September 2011 Priyaa

More information

Introduction to Cloud-Based Mobile Device Management with Intune

Introduction to Cloud-Based Mobile Device Management with Intune Introduction to Cloud-Based Mobile Device Management with Intune Information in this document, including URLs and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner. 2015 Pipelinersales Inc. www.pipelinersales.com

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner. 2015 Pipelinersales Inc. www.pipelinersales.com Getting Started with Pipeliner 05 Pipelinersales Inc. www.pipelinersales.com Getting Started with Pipeliner Learn How to Get Started with Pipeliner Sales CRM Application. CONTENT. Setting up Pipeliner

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Mobility Manager 9.5. Users Guide

Mobility Manager 9.5. Users Guide Mobility Manager 9.5 Users Guide LANDESK MOBILITY MANAGER Copyright 2002-2013, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or trademarks

More information

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15 Product Manual MDM On Premise Installation Version 8.1 Last Updated: 06/07/15 Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com

More information

Increase the Security of Your Box Account With Single Sign-On

Increase the Security of Your Box Account With Single Sign-On A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability

More information

CA Mobile Device Management 2014 Q1 Getting Started

CA Mobile Device Management 2014 Q1 Getting Started CA Mobile Device Management 2014 Q1 Getting Started This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Good Share Client User Guide for ios Devices

Good Share Client User Guide for ios Devices Good Share Client User Guide for ios Devices Product Version: 3.1.3 Doc Rev 3.1 Last Updated: 24-Feb-15 Good Share TM Table of Contents Introducing Good Share 1 Installing the Good Share App 1 Getting

More information

USER TRAINING. Enterprise Mobility Solutions October 23, 2013

USER TRAINING. Enterprise Mobility Solutions October 23, 2013 USER TRAINING Enterprise Mobility Solutions October 23, 2013 Using Samsung KNOX Samsung KNOX is a new Android-based platform designed specifically to overcome the shortcomings of the current open source

More information

MaaS360 Mobile Enterprise Gateway

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software

More information

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

PrinterOn Mobile Applications for ios and Android

PrinterOn Mobile Applications for ios and Android PrinterOn Mobile Applications for ios and Android Table of Contents 1. Key Features & Functionality... 4 1.1. Printer Discovery... 4 1.1.1. Location-Based Search... 4 1.1.2. Keyword Search... 5 1.1.3.

More information

MaaS360 Mobile Enterprise Gateway

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Using Apple Remote Desktop to Deploy Centrify DirectControl

Using Apple Remote Desktop to Deploy Centrify DirectControl APPLICATION NOTE Using Apple Remote Desktop to Deploy Centrify DirectControl Published: June 2007 Abstract Apple Remote Desktop is commonly used by administrators to perform various administrative management

More information