ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES"

Transcription

1

2 CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML (SP)... 9 FORM post scenario Portal Access Logging and Reporting... 11

3 ABOUT TOOLS4EVER Since 2000 Tools4ever has offered a wide range of enterprise security-related solutions, specializing in Identity Management. Within the Identity Management portfolio, in addition to their user provisioning solution (IAM), Tools4ever offers a broad selection of password management products. HelloID is the most recent product in this portfolio. Other products in the line are: password synchronization between Active Directory, Mainframe, AS/400, Unix, Lotus Notes, SAP, etc. (PSM), password complexity within Active Directory (PCM) and self-service password reset (SSRPM). Thousands of clients around the world place their trust in Tools4ever and their software. The company attaches enormous importance to the reliability and certification of its software. Tools4ever has partnerships with many organizations with which their software is complimentary, including Microsoft, SAP, Citrix, IBM, Novell, and igel. Added to which, all relevant Tools4ever products are certified by Microsoft and Citrix. Due to the fact that Tools4ever wants to uphold a high standard regarding security; the company has signed a contract with Deloitte Risk Services. Deloitte Risk Services periodically tests HelloID for possible security issues. ABOUT DELOITTE RISK SERVICES This document details the security structure of HelloID. To qualify and verify the security measures by Tools4ever for HelloID, Tools4ever has setup an agreement with Deloitte Risk Services to verify these measures. Deloitte Risk Services is the most respected party for security verification of cloud based platforms. HelloID is periodically tested and verified by Deloitte Risk Services security professionals to make sure that HelloID complies to the highest security standards. Every production release has passed the Deloitte Risk Services tests.

4 HELLOID HelloID is Tools4ever s Cloud single sign-on (SSO) portal solution. The primary function of this solution is to provide unified access for end users to organizational resources, in the simplest way possible. The end user only needs to remember one URL, instead of a unique URL for each web-based application. The end user also needs to identify themselves only once with, for example their Active Directory Username and password, and is not required to repeatedly enter credentials for each web-based application. The end user first needs to authenticate themselves (login and, optionally, use two factor) before gaining access to the portal with links to the web-based applications. The links to the web-based applications are presented as easy to access icons to the end user. Based on the SSO functionality offered by the web-based application, HelloID uses the correct protocol to identify the end user to the application. HelloID offers SAML SP, HTTP Post, browser plugins and mobile device support. The diagram below shows the concept of the HelloID solution. This document details the security setup for the components in the diagram. SMS Softtoken Facial Social Keycard. SAML SP JIP HTTPS POST E-SSOM HelloID Login Two factor End user LDAP SAML AD ADFS SQL Plugin (CatchAll)

5 To be able to offer these features, HelloID needs access to the end-users usernames and passwords within the organization. These credentials are stored by HelloID for future use, and are shared between the various components of HelloID. Since these are critical organizational details, it is important that this data is managed with the utmost care within HelloID. This white paper describes how this security is achieved within HelloID. Note: a specific level of detail has been chosen to be shared, so that Tools4ever does not provide 100% insight, to prevent malicious parties from understanding exactly how HelloID s security model works and thus gaining unauthorized access. MICROSOFT AZURE HelloID is hosted on Microsoft s Azure cloud computing platform. This platform can be used to host many types of services including webservers, databases, virtual machines, and many more. The webservers, databases, backup and logging are all provided by Azure. Because Azure has datacenters around the world, it is possible to place the customer database in any country desired. Tools4ever has a long lasting Microsoft Gold Partnership and has built up specific security experience working with the Microsoft product suite.

6 HELLOID SECURITY ARCHITECTURE The HelloID environment consists of several components. The diagram below provides an overview of the most important components and their interactions. Whether information is in transit or is stored (temporarily), the information is always encrypted. The diagram shows which security mechanisms are applied for each level. The degree of security differs per level and depends on the extent of impact, risk, and technical applicability. Diagram Description Item A B The Tools4ever database contains global configuration settings and customer information. This information is encrypted using an RSA 1024 bit encryption key. The customer database contains all of the customer specific configuration as well as the user data. All sensitive data is encrypted using an RSA 1024 bit encryption key. Each customer has their own separate database and encryption key. The location of the customer database depends on the location of the customer. US based customers will use a database hosted in the US., while customers from Europe will use a database hosted in the Netherlands. Databases are on a continuous backup schedule. System admins can request an (incremental) restore to any given point in time.

7 C The HelloID webserver hosts the portal. It is hosted on Microsoft s Azure cloud platform. D A E The HelloID webserver communicates with components over the internet using https. The level of encryption is TLS 1.2, AES with 256 bit encryption. HelloID can use various sources to authenticate users. One of these sources is Active Directory. This feature is facilitated by the Active Directory Connector that is installed in the organizational network. The connector does not synchronize credentials to the HelloID portal. It only authenticates users against Active Directory on a per-use basis. The Active Directory connector connects using https and authenticates to the portal using a encrypted key. F G H I The Active Directory Identity Provider is used to authenticate users from inside the corporate network, allowing the user to log in without providing their credentials (so called integrated Active Directory Login, AD SSO). If the user is logged on to Active Directory, the user will automatically be logged in to HelloID. HelloID can interact with a SAML capable Identity Provider allowing the users to authenticate themselves in HelloID using an external Identity Provider. This method does not require any form of credential synchronization with HelloID. HelloID does not store the credentials used to logon to the identity provider. Authentication is purely based on SAML standards, and HelloID redirects to the IDP portal for authentication and identification purposes. The certificate for setting up a connection between IDP and HelloID is managed by a system administrator of the client organization, and the certificate is stored in the customer database. Please refer to the IDP scenario section for a detailed description of a SAML connection with an external IDP. No credentials or other personal information is stored locally in a browser plugin. For every new session with an application, a request is made to the HelloID portal to verify if the user is still logged in. A request is then made for credential details of the requested application by the end user. For every mobile platform (smartphones and tablets) HelloID has an app available to interact with the HelloID portal for primary authentication and for SSO purposes on mobile websites. The end user is required to identify themselves once in a configurable timeframe (standard every 30 days). The timeframe can be 0 days to permanent. The IDP credentials are stored in runtime memory. Credentials are never stored on the device. For credential management the same mechanism as for plugins (see H above) is used. There is no local storage or caching of application credentials.

8 J HelloID can log on to applications using SAML. This allows HelloID to login to applications without providing credentials. Please refer to the SP scenario section for a detailed description of a SAML connection with an external service provider. SCENARIOS The previous section explained the different components in the HelloID solution. This section will explain in more detail the security items for end user authentication/sso scenario. The main scenarios are detailed. SAML IDENTITY PROVIDER (IDP) The SAML IDP provides the mechanisms to identify an end user by another trusted party (the IDP). Known IDP parties are Salesforce, Google and Amazon, but smaller/local hosting parties can also easily serve as a trusted IDP. The protocol for IDP is SAML 2.0 and HelloID can be configured to trust the IDP. Certificates can be exchanged and set by system administrators in the HelloID portal. The certificate information is stored in the customer database. The diagram below shows the process flow. 1. The user accesses the HelloID portal over HTTPS. Each client will receive their own unique domain/url. The first step is authentication of the end user. Multiple authentication methods are available for configuration. The diagram above explains the IDP SAML setup.

9 2. If no valid SAML session is detected, the user is redirected to the Identity Provider and is asked to identify themselves (step 3). If a valid session is available, the end user is redirected to the HelloID portal and applications are shown (step 6). 3. The user logs into the Identity Provider. HelloID fully trusts the authentication provided by this IDP (as configured in HelloID). 4. After successful identification, a SAML session is created by the IDP and passed to HelloID. 5. The user is redirected to the HelloID portal and is logged in. SERVICE PROVIDER SAML (SP) The most common and accepted SSO mechanism for web based applications is SAML 2.0. The protocol is widely adapted and implemented by many different software companies. HelloID can serve as a trusted IDP party for a SAML enabled application. After successful HelloID portal authentication, HelloID will provide a SAML-session to the SP. The diagram below shows the process flow. 1. The user browses to the HelloID portal over HTTPS. Each client will receive their own unique domain/url. The first step is authentication of the end user. The authentication method can vary and is not determined by the SSO method from the portal. As an example, an end user can use the Active Directory Connector identification and use SAML SP to SSO. 2. HelloID displays the users dashboard containing the applications that they can access. 3. The user chooses the service provider. (In this case Zendesk)

10 4. HelloID creates a SAML session and creates a session with the browser. The effective type of session is determined by the SP. This can be a browser memory session or a session stored in a cookie. 5. The browser is instructed to redirect to the service provider. 6. The user is automatically logged into Zendesk. FORM POST SCENARIO The form post SSO mechanism relies on putting the username and password in the HTTP post header to the web based application. This mechanism is also used if a user is using the normal provided login page. The login page posts the credentials in the header (client side) and the application on server sides reads these credentials, verifies them, and performs a login. The HelloID portal is using the same mechanism to perform SSO. The end user will experience the same effect as with SAML (no login screen, transparent login). HelloID supports both HTTP and HTTPS, however HTTPS is strongly preferred, as HTTP credentials are in clear text in transit. The use protocol however is determined by the system admin setting up the HelloID configuration. The diagram below shows the process flow. 1. The user accesses the HelloID portal over HTTPS. Each client will receive their own unique domain/url. The first step is authentication of the end user. 2. HelloID displays the users dashboard containing the applications that the user can choose. 3. The user selects the application. 4. The user is redirected to the application with a form POST containing the users credentials.

11 5. The user is logged into the application. PORTAL ACCESS Portal access may be restricted by various methods to prevent unauthorized access, hacking attempts, and/or access outside of work hours. Access may be restricted to certain applications only. This feature is currently scheduled to be released by the end of Q Geographic restrictions: Ranges of IP addresses can be blocked to prevent access from certain locations/countries. This feature increases security for companies that do not have the need to access the portal from specified countries. Time restrictions: Access to groups of users can be restricted based on the time of day, day of the week, or specific dates. Two factor Authentication: Users can be asked to perform two factor authentication based on the previous restrictions allowing the users to login even though above restrictions apply. LOGGING AND REPORTING HelloID logs all important events. These events include successful and failed logins, application access, and denied access due to access policy. These events can be used to create detailed security reports. These reports may be used to identify possible threats and/or provide an audit trail. This feature is currently scheduled to be released by the end of Q Reports can (among others) be created for the following scenarios: Multiple login failures for specific accounts Attempted access when access policies apply Failed two factor authentication Application access for specific account

12

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies

More information

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

HP Software as a Service

HP Software as a Service HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

Manage all your Office365 users and licenses

Manage all your Office365 users and licenses Manage all your Office365 users and licenses Delegate 365 White Paper Authors: Toni Pohl, Martina Grom Version: 1.2 of December 2014 atwork information technology gmbh. All rights reserved. For information

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means

More information

Active Directory Self-Service FAQ

Active Directory Self-Service FAQ Active Directory Self-Service FAQ General Information: info@cionsystems.com Online Support: support@cionsystems.com CionSystems Inc. Mailing Address: 16625 Redmond Way, Ste M106 Redmond, WA. 98052 http://www.cionsystems.com

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

Identity. Provide. ...to Office 365 & Beyond

Identity. Provide. ...to Office 365 & Beyond Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A

More information

Interwise Connect. Working with Reverse Proxy Version 7.x

Interwise Connect. Working with Reverse Proxy Version 7.x Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web

More information

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

Single Sign-On. Vijay Kumar, CISSP

Single Sign-On. Vijay Kumar, CISSP Single Sign-On Vijay Kumar, CISSP Agenda What is Single Sign-On (SSO) Advantages of SSO Types of SSO Examples Case Study Summary What is SSO Single sign-on is a user/session authentication process that

More information

Citrix Virtual Classroom. Deliver file sharing and synchronization services using Citrix ShareFile. Self-paced exercise guide

Citrix Virtual Classroom. Deliver file sharing and synchronization services using Citrix ShareFile. Self-paced exercise guide Deliver file sharing and synchronization services using Citrix ShareFile Self-paced exercise guide Table of Contents Table of Contents... 2 Overview... 3 Exercise 1: Setting up a ShareFile Account... 6

More information

SINGLE & SAME SIGN-ON ASPECTS

SINGLE & SAME SIGN-ON ASPECTS SINGLE & SAME SIGN-ON ASPECTS OF AZURE ACTIVE DIRECTORY Harold Baele Senior ICT Trainer JULY 2, 2015 SLIDE 1 TRAINER INFO Harold Baele MCT at RealDolmen Education Harold.baele@realdolmen.com - @hbaele

More information

WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION

WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION Executive Overview The explosion of devices laptops, desktops and now the plethora of mobile devices has left enterprises

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

SAP Cloud Identity Service

SAP Cloud Identity Service SAP Cloud Identity Service Secure Authentication, Single Sign-On and User Management in the Cloud December 2015 Introduction SAP Cloud Identity Service In the SAP IT application security product portfolio

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

Architecture Guidelines Application Security

Architecture Guidelines Application Security Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation

More information

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management Security Comparison Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309

More information

CA SiteMinder SSO Agents for ERP Systems

CA SiteMinder SSO Agents for ERP Systems PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer

More information

Configuration Guide - OneDesk to SalesForce Connector

Configuration Guide - OneDesk to SalesForce Connector Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Office 365 deploym. ployment checklists. Chapter 27

Office 365 deploym. ployment checklists. Chapter 27 Chapter 27 Office 365 deploym ployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

AVG Business Secure Sign On Active Directory Quick Start Guide

AVG Business Secure Sign On Active Directory Quick Start Guide AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and

More information

Mobile Admin Architecture

Mobile Admin Architecture Mobile Admin Architecture Introduction Mobile Admin is an enterprise-ready IT Management solution that enables system administrators to monitor and manage their corporate IT infrastructure from a mobile

More information

Active Directory Integration WHITEPAPER

Active Directory Integration WHITEPAPER Active Directory Integration WHITEPAPER Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role

More information

Increase the Security of Your Box Account With Single Sign-On

Increase the Security of Your Box Account With Single Sign-On A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Approaches to Enterprise Identity Management: Best of Breed vs. Suites Approaches to Enterprise Identity Management: Best of Breed vs. Suites 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Executive Summary 1 3 Background 2 3.1 Enterprise Identity

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

How Intel Cloud SSO Works

How Intel Cloud SSO Works TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities

More information

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved. DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,

More information

Release Notes. Cloud Attached Storage 2.5.32

Release Notes. Cloud Attached Storage 2.5.32 Release Notes Cloud Attached Storage 2.5.32 January 2011 Copyright 2009-2011 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

An Overview of Samsung KNOX Active Directory-based Single Sign-On

An Overview of Samsung KNOX Active Directory-based Single Sign-On C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

Centrify Cloud Connector Deployment Guide

Centrify Cloud Connector Deployment Guide C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as

More information

Contextual Authentication: A Multi-factor Approach

Contextual Authentication: A Multi-factor Approach Contextual Authentication: A Multi-factor Approach Multi-factor Authentication Layer v.3.2-003 PortalGuard dba PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail:

More information

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE Copyright 1998-2015 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in

More information

Extending Identity and Access Management

Extending Identity and Access Management Extending Identity and Access Management Michael Quirin Sales Engineer Citrix Systems 1 2006 Citrix Systems, Inc. All rights reserved. Company Overview Leader in Access Infrastructure NASDAQ 100 and S&P

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE Copyright 1998-2015 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by

More information

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper Security for Cloud- and On Premise Deployment Mendix App Platform Technical Whitepaper Security for Cloud- and On Premise Deployment EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 THE MENDIX APP PLATFORM...

More information

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other. w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to

More information

Security Best Practices for Microsoft Azure Applications

Security Best Practices for Microsoft Azure Applications Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT Service Lines Application Security Infrastructure

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide BlackBerry Resource Kit for BlackBerry Enterprise Service 10 Version 10.2 Published: 2015-11-12 SWD-20151112124827386 Contents Overview: BlackBerry Enterprise Service

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

ShareFile Security Overview

ShareFile Security Overview ShareFile Security Overview ShareFile Company Policy All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The

More information

304 - APM TECHNOLOGY SPECIALIST

304 - APM TECHNOLOGY SPECIALIST ABOUT THE 304-APM TECHNOLOGY SPECIALIST EXAM. The 304-APM Technology Specialist exam is the required to achieve Certified F5 Technology Specialist, APM status. Successful completion of the APM Technology

More information

The Essential Security Checklist. for Enterprise Endpoint Backup

The Essential Security Checklist. for Enterprise Endpoint Backup The Essential Security Checklist for Enterprise Endpoint Backup IT administrators face considerable challenges protecting and securing valuable corporate data for today s mobile workforce, with users accessing

More information

Safewhere*Identify 3.4. Release Notes

Safewhere*Identify 3.4. Release Notes Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.

More information

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER UMANTIS CLOUD SSO CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER THIS DOCUMENT DESCRIBES THE REQUIREMENTS TO SETUP A SINGLE SIGN ON (SSO) CONFIGURATION ON UMANTIS CLOUD BASED SOLUTIONS

More information

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 Okta White paper Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-dint-053013 Table of Contents

More information

SECUREAUTH IDP AND OFFICE 365

SECUREAUTH IDP AND OFFICE 365 WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

GET IN NOW Step 2: Add Users

GET IN NOW Step 2: Add Users GET IN NOW Step 2: Add Users 1. Match My Email User Roles During the set-up of Match My Email Lite, a MME account is created. The individual whose credentials are used to create an account becomes the

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Configuring Salesforce

Configuring Salesforce Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

Hybrid Cloud Identity and Access Management Challenges

Hybrid Cloud Identity and Access Management Challenges Hybrid Cloud Identity and Access Management Challenges Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field Engineer, SQL Server, Washington, DC CISA, CISM, CISSP, ITIL V3,

More information

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity Comparison Feature Sheet Feature Sheet is a next generation password management and password synchronization tool that provides users with reduced sign on experience across all applications and password

More information

Enterprise Self Service Quick start Guide

Enterprise Self Service Quick start Guide Enterprise Self Service Quick start Guide Software version 4.0.0.0 December 2013 General Information: info@cionsystems.com Online Support: support@cionsystems.com 1 2013 CionSystems Inc. ALL RIGHTS RESERVED.

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

Okta/Dropbox Active Directory Integration Guide

Okta/Dropbox Active Directory Integration Guide Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

Configuring Parature Self-Service Portal

Configuring Parature Self-Service Portal Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

More information

User Roles & Adding Domains & Users

User Roles & Adding Domains & Users User Roles & Adding Domains & Users 1. MME User Roles During the set-up of Match My Email, a MME account is created. That account is for the company, set up by an individual that has administrative privileges

More information

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com OpenSSO: Simplify Your Single-Sign-On Needs Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com 1 Agenda Enterprise security needs What is OpenSSO? OpenSSO features > > > > SSO and

More information

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple

More information