Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Size: px
Start display at page:

Download "Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect"

Transcription

1 Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect

2 The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner The movement of applications out of the enterprise domain The movement of user populations out of the enterprise domain The movement of devices out of the enterprise domain The movement of IAM out of the enterprise domain The movement of the enterprise domain itself F5 Agility

3 Federated Identity What is it? Companies outsource applications and infrastructure at very rapid pace Having each application enforce the authority over user s identity is cumbersome There is no cross-application password synchronization mechanism User s can t easily manage coterminous password expiration across various applications Not all applications can support the same userid format as being primarily used Companies need to provide access to customers and partners without increased headaches of manually managing user accounts and password resets F5 Agility

4 Federated Identity How does it help? Controls identity and access within the enterprise Flexibility to use cloud applications and infrastructure Creates a trust between two entities with industry standards Allows B2B authentication with cloud and SaaS providers Instant termination of authentication upon employee departure No need to duplicate directory everywhere F5 Agility

5 SAML Post vs. Artifact POST binding The user s browser will be in between all communications of the SP and IdP. The user browser acts as an intermediary for the transmission of all messages Disadvantages: All communications are going through the user s browser, so the messages could be intercepted by malicious code on the user s PC. Advantages: Simpler than Artifact binding Artifact binding Partial direct connection between the IDP and the SP. That connection will be leveraged during the <artifactresolve> <artifactresponse> phases, hence avoiding the security risk induced by a middle connection Disadvantages: Requires direct connection between IDP and SP, could lead to firewall/resolution/routing issues to be solved. The communication flow is longer and more complex. Advantages: Communications are considered more secure Does not require direct network connection between IDP and SP F5 Agility

6 OAuth 2.0 Open standard for Authorization OAuth is often described as a valet key for the web Proposed Standard RFC 6749 Key Driver Twitter, Facebook OAuth 2.0 is not compatible with 1.0 OAuth is often described as a valet key for the web F5 Agility

7 SAML 2.0 Using Assertions to Authenticate SAML Assertion is a Token/Cookie used to Auth users (Simplified) Signing the Assertion Encrypting the Assertion (Identity Provider) The device that authenticates the user The device that creates, signs, encrypts and inserts the Assertion The device that redirects the user to the target application with the Assertion SAML SP (Service Provider) The device that redirects the user request to the IdP for authentication The device that consumes the Assertion and validates it The device that redirects the authenticated user to the application 7 F5 Agility

8 SAML Design (Public SP Application) Academic Environment Internet User makes a SAML Supported request for a resource University App DMZ SAML SP Private/Public Cloud Research App F5 Agility

9 SAML Design (Public SP Application) Academic Environment Service provider(sp) application performs IdP Discovery to find out how to authenticate the user University App DMZ SAML SP Private/Public Cloud Research App F5 Agility

10 SAML Design (Public SP Application) APM Detects User s IdP and redirects user to their specific IdP using SP Initiated Post (or Redirect) University App DMZ SAML SP Private/Public Cloud Research App F5 Agility

11 SAML Design (Public SP Application) Internet User makes a SAML Supported request for a resource including the SAML Assertion University App DMZ SAML SP Private/Public Cloud Research App F5 Agility

12 SAML Design (Public SP Application) APM validates the assertion and sends request to Application APM also has the ability to perform LDAP/AD Query for further validation and to set appropriate ACL s based on variables such as: Domain User Device Type Origin Network - Etc University App DMZ SAML SP Private/Public Cloud LDAP Research App F5 Agility

13 Question - How will we detect users IdP - Host - URI - - Other - Anything that is constant and predictable can be used for IdP Discovery F5 Agility

14 IDP Discovery Demo

15 SAML Authenticating to the App without User/Pass SAML Assertion replaces the requirement for Password APM SSO to the Application will be Kerberos (KCD) or Custom Auth via Headers or something similar OWA.customer.com You must understand how the Application identifies the user and creates a session Any mechanism requiring a password will not work NTLM Basic Forms Post Unless the IDP passes original user s password as a parameter and it is valid in context of authenticating to the application then NTLM/Basic/Forms can be used Sharepoint.customer.com Internal Application F5 Agility

16 Exchange Hybrid Federation Scenario User with mailbox on premises login.f5se.com Customer DataCenter User ActiveDirectory CAS Array Azure Cloud 1. User goes to https://mail.f5se.com 2. Exchange SP Virtual send them to IDP login.f5se.com with SAML AuthN request 3. User enters their credentials and authenticates to login service 4. Login responds with SAML Assertion that contains username and password, it gets sent to OWA SP, 5. Exchange SP Policy checks if user is on-premises and forwards to CAS mail.f5se.com F5 Agility

17 Exchange Hybrid Federation Scenario User with mailbox hosted in Office 365 login.f5se.com Customer DataCenter User ActiveDirectory mail.f5se.com CAS Array 1. User goes to https://mail.f5se.com 2. Exchange SP Virtual send them to IDP login.f5se.com with SAML AuthN request 3. User enters their credentials and Azure Cloud authenticates to login service 6. Office 365 sends authentication request to 4. Login responds with SAML Assertion that login.f5se.com contains username and password, it gets 7. Login.f5se.com IDP responds with SAML sent to https://mail.f5se.com assertion(user has already authenticated to 5. Exchange SP Policy determines user is it in step 3) and user is signed on to OWA hosted in Office 365 and redirects them to in the Office 365 F5 Agility 2014 https://outlook.com/owa/f5se.com 17

18 SAML- Federating APM s Authentication to the App (With and Without Password) Data Center 1 Client successfully logs on to an Internal Application where the APM VIP Requires SAML Authentication Login.customer.com Users Portal.customer.com Private/Public Cloud OWA.customer.com Sharepoint.customer.com Internal Application F5 Agility

19 SAML- Federating APM s Authentication to the App (With and Without Password) Data Center 1 The BIG-IP VIP should be configured to redirect to the Corporate Login.customer.com Users Portal.customer.com Private/Public Cloud OWA.customer.com Sharepoint.customer.com Internal Application F5 Agility

20 SAML- Federating APM s Authentication to the App (With and Without Password) An SP Initiated Post is sent back to the client in the form of a redirect to the IdP (https://login.f5se.com) Data Center 1 Login.customer.com Client is presented with a Username/Password Form from the IdP (Including 2 factor based on policy) Users Portal.customer.com Private/Public Cloud OWA.customer.com Sharepoint.customer.com Internal Application F5 Agility

21 SAML- Federating APM s Authentication to the App (With and Without Password) The APM Policy is run to Authenticate the user against their user store Data Center 1 Login.customer.com The user browser is presented with a SAML Assertion Users Portal.customer.com Private/Public Cloud OWA.customer.com Sharepoint.customer.com Internal Application F5 Agility

22 SAML- Federating APM s Authentication to the App (With and Without Password) Data Center 1 Client is redirected to the VIP and APM successfully logs the user on to an Internal Application Login.customer.com Users Portal.customer.com Private/Public Cloud OWA.customer.com Sharepoint.customer.com Internal Application F5 Agility

23 SAML- Federating APM s Authenticationg to the App (With and Without Password) Let s look at how the Applications create Session: OWA authenticates Users via Kerberos so no Password is required Sharepoint uses NTLM. F5 APM as an IdP can be configured to insert session.logon.last.password into the Assertion as a SAML Variable. The APM functioning as SP can use this when creating the Session for the user The Internal Application authenticates the user via HTTP Header and trusts the BIG-IP The variable ${session.logon.last.password} is not required to be inserted by the IdP for use at the SP F5 Agility

24 Demo Authenticating to Sharepoint using SAML on the front and NTLM to the server

25 SAML SLO Single LogOut Initiated from APM As SP: Final Logout 9 Post is done to logout URL in IdP connector As IdP: 8 5 Logout RSP SP2 Logout RSP1 Logout RQ SP2 6 IDP Post is done to logout URL in SP connectors Users 1 Logout URL Done whenever my.logout.php3 URL is encountered Logout SP1 2 Initiated from Elsewhere APM as SP: 3 Logout RQ1 Logout RSP1 4 SP1 We kill the session, and do a POST to response URL in IdP connector As IdP: We kill the session, and do a POST to response URL in SP connector 6 Logout RQ SP2 Logout RQ SP2 7 SP2 F5 Agility

26 Putting it all together

27 SAML Lab Overall Use Cases Users Login.customer.com Active Directory Portal.customer.com Data Center 2 Private/Public Cloud OWA.customer.com SaaS - PaaS Business Partners Sharepoint.customer.com ADFS Internal Application F5 Agility

28

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities

More information

SINGLE & SAME SIGN-ON ASPECTS

SINGLE & SAME SIGN-ON ASPECTS SINGLE & SAME SIGN-ON ASPECTS OF AZURE ACTIVE DIRECTORY Harold Baele Senior ICT Trainer JULY 2, 2015 SLIDE 1 TRAINER INFO Harold Baele MCT at RealDolmen Education Harold.baele@realdolmen.com - @hbaele

More information

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

OpenLogin: PTA, SAML, and OAuth/OpenID

OpenLogin: PTA, SAML, and OAuth/OpenID OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

LICENSTJEK OUTSOURCING

LICENSTJEK OUTSOURCING LICENSTJEK CLOUD OUTSOURCING DEPLOYMENT 1 Agenda Speaker Cloud Cloud Services DEMO Considerations Hosting EG Hosting Services DEMO Considerations Questions 2 Speaker Peter Schmidt Infrastructure Architect

More information

Technology Day 2015 Xylos

Technology Day 2015 Xylos Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)

More information

Mobile Security. Policies, Standards, Frameworks, Guidelines

Mobile Security. Policies, Standards, Frameworks, Guidelines Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Agenda What is SSO? How does it work? Tools for SSO on ClearPath Integrating Active Directory

More information

Identity. Provide. ...to Office 365 & Beyond

Identity. Provide. ...to Office 365 & Beyond Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A

More information

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning. PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:

More information

Building Secure Applications. James Tedrick

Building Secure Applications. James Tedrick Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS

More information

How to create a SP and a IDP which are visible across tenant space via Config files in IS

How to create a SP and a IDP which are visible across tenant space via Config files in IS How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Azure Active Directory

Azure Active Directory Azure Active Directory Your Cloud Identity Brian Mansure Azure Specialist bmansure@enpointe.com Agenda What Azure Active Directory is What Azure Active Directory is not Hybrid Identity Features Roadmap

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

Centrify Cloud Connector Deployment Guide

Centrify Cloud Connector Deployment Guide C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS Single Sign-On (SSO) Solution For University Information Systems (UIS) May 9, 2013 2 University of Colorado

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

SECUREAUTH IDP AND OFFICE 365

SECUREAUTH IDP AND OFFICE 365 WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

More information

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment

More information

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015 Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding

More information

Identity Management. Dave Romig, Sr Founder, CTO

Identity Management. Dave Romig, Sr Founder, CTO Identity Management Dave Romig, Sr Dave.Romig@TCSC.com Founder, CTO Identity Management What it is What it does What it means What it is Problem statement Connected apps must handle two functions Authenticate

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

Adobe Sign. Enabling SAML Single Sign-On with OneLogin Reference Guide

Adobe Sign. Enabling SAML Single Sign-On with OneLogin Reference Guide Enabling SAML Single Sign-On with OneLogin Reference Guide 2016 Adobe Systems Incorporated. All Rights Reserved. Products mentioned in this document, such as the services of identity provider Onelogin,

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

PERSPECTIVES. State of the Art. Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync

PERSPECTIVES. State of the Art. Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync State of the Art Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync This document describes a secure single sign-on (SSO) solution for accessing Microsoft Exchange on tablets and smartphones.

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

Federated Identity for Cloud Computing and Cross-organization Collaboration

Federated Identity for Cloud Computing and Cross-organization Collaboration Federated Identity for Cloud Computing and Cross-organization Collaboration Steve Moitozo Strategy and Architecture SIL International 20110616.2 (ICCM) Follow me @SteveMoitozo2 2 Huge Claims You want federated

More information

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner Planning your Microsoft Application Strategy in a Cloud Crazy World Steve Soper Senior Managing Partner Who is AdaptivEdge Founded in June 2013 Partnered with Nth Generation for 2+ years and delivered

More information

Single Sign-On for the UQ Web

Single Sign-On for the UQ Web Single Sign-On for the UQ Web David Gwynne Infrastructure Architect, ITIG, EAIT Taxonomy Authentication - Verification that someone is who they claim to be - ie, only the relevant user

More information

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service

More information

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 12.1

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 12.1 BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 12.1 Table of Contents Table of Contents Authentication Concepts...15 About AAA server support...15 About AAA high availability

More information

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator

More information

WHITE PAPER. Active Directory and the Cloud

WHITE PAPER. Active Directory and the Cloud WHITE PAPER Active Directory and the Cloud HyperOffice, 2011 What is Active Directory? What are its benefits? Active Directory (AD) is a directory service created by Microsoft. Active Directory is popularly

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

F5 BIG-IP: Configuring v11 Access Policy Manager APM

F5 BIG-IP: Configuring v11 Access Policy Manager APM coursemonster.com/uk F5 BIG-IP: Configuring v11 Access Policy Manager APM View training dates» Overview This three day course gives networking professionals a functional understanding of the BIG-IPÂ APM

More information

Active Directory Integration 855.426.7227. www.onelogin.com twitter.com/onelogin ONELOGIN WHITEPAPER

Active Directory Integration 855.426.7227. www.onelogin.com twitter.com/onelogin ONELOGIN WHITEPAPER Active Directory Integration Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role in how information

More information

OpenID Single Sign On and OAuth Data Access for Google Apps. Ryan Boyd @ryguyrg Dave Primmer May 2010

OpenID Single Sign On and OAuth Data Access for Google Apps. Ryan Boyd @ryguyrg Dave Primmer May 2010 OpenID Single Sign On and OAuth Data Access for Google Apps Ryan Boyd @ryguyrg Dave Primmer May 2010 Why? View live notes and questions about this session on Google Wave: http://bit.ly/magicwave Agenda

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

Logout Support on SP and Application

Logout Support on SP and Application Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some

More information

Department Service Integration with e-pramaan

Department Service Integration with e-pramaan Department Service Integration with e-pramaan How to integrate a.net Application.NET specific integration details are provided in this document. Read e-pramaan Departments Integration Document before proceeding.

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

Configuration Guide - OneDesk to SalesForce Connector

Configuration Guide - OneDesk to SalesForce Connector Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

DocuSign Single Sign On Implementation Guide Published: March 17, 2016 DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

Using Shibboleth for Single Sign- On

Using Shibboleth for Single Sign- On Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review

More information

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER Total Cost of Ownership Overview vs OneLogin WHITEPAPER Are you really going to double down on machines, software and professional services to extend Active Directory (AD)? Executive Summary Are you planning

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific Q: Is the challenge required or can pass through authentication be used with regard to automatic login after you login to your corporate domain? A: You can configure the system to pass on the challenge

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

SharePoint 2013 Extranets: How will SharePoint 2013 connect you to your partners? Brian Culver

SharePoint 2013 Extranets: How will SharePoint 2013 connect you to your partners? Brian Culver SharePoint 2013 Extranets: How will SharePoint 2013 connect you to your partners? Brian Culver 0 Welcome to SharePoint Saturday Houston Thank you for being a part of the 4 th Annual SharePoint Saturday

More information

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server This blog will explain how to use Microsoft Azure as a Federated Authenticator for WSO2 Identity Server 5.0.0. In this example

More information

Hybrid Architecture. Office 365. On-premises Exchange org (Exchange 2007+) Provisioned via DirSync. Secure Mail flow

Hybrid Architecture. Office 365. On-premises Exchange org (Exchange 2007+) Provisioned via DirSync. Secure Mail flow Hybrid Deployment Hybrid Architecture Provisioned via DirSync Exchange 2010 (HUB/CAS) Exchange 2013 CAS & MBX Secure Mail flow Exchange Federation (Free/Busy, Mail Tips, Archive, etc.) Mailbox data via

More information

SSO for Modern Applications

SSO for Modern Applications SSO for Modern Applications Modern Applications - Big shift in how we do web applications - Classic: - Compose HTML on the server - Use server-side frameworks like JSF / JSP, PHP, ASP - In a browser every

More information

Microsoft SharePoint Architectural Models

Microsoft SharePoint Architectural Models Microsoft SharePoint This topic is 1 of 5 in a series Introduction to Fundamental SharePoint This series is intended to raise awareness of the different fundamental architectural models through which SharePoint

More information

CA Single Sign-On Migration Guide

CA Single Sign-On Migration Guide CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for

More information

CLAIMS-BASED IDENTITY FOR WINDOWS

CLAIMS-BASED IDENTITY FOR WINDOWS CLAIMS-BASED IDENTITY FOR WINDOWS TECHNOLOGIES AND SCENARIOS DAVID CHAPPELL FEBRUARY 2011 SPONSORED BY MICROSOFT CORPORATION CONTENTS Understanding Claims-Based Identity... 3 The Problem: Working with

More information

Novell Cloud Security Service Reducing Risk by Securing the Cloud. Stefan Stiehl Senior Sales Technology Specialist sstiehl@novell.

Novell Cloud Security Service Reducing Risk by Securing the Cloud. Stefan Stiehl Senior Sales Technology Specialist sstiehl@novell. Novell Cloud Security Service Reducing Risk by Securing the Cloud Stefan Stiehl Senior Sales Technology Specialist sstiehl@novell.com Disclaimer for Product in Development Unpublished Work of Novell, Inc.

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers

Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers Deployment Guide Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers Welcome to the F5 and Microsoft Exchange 2010 and 2013 Client Access Server deployment guide.

More information

How to Get to Single Sign-On

How to Get to Single Sign-On How to Get to Single Sign-On Gregg Kreizman Neil Wynne Twitter: @neilwynne Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Office 365 deployment checklists

Office 365 deployment checklists Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.

More information

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4 Identity Management is

More information

Load Balancing Microsoft AD FS. Deployment Guide

Load Balancing Microsoft AD FS. Deployment Guide Load Balancing Microsoft AD FS Deployment Guide rev. 1.1.1 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 Loadbalancer.org Software

More information

Enabling Single Sign- On for Common Identity using F5

Enabling Single Sign- On for Common Identity using F5 Enabling Single Sign- On for Common Identity using F5 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS

More information

Identity and Access Management for the Hybrid Enterprise

Identity and Access Management for the Hybrid Enterprise Identity and Access Management for the Hybrid Enterprise Redmond Identity Summit 2014 Directories Devices Identity Keith Brintzenhofe Microsoft Corporation Thank You to our Sponsors Gold Silver Plus Silver

More information

Active Directory Integration WHITEPAPER

Active Directory Integration WHITEPAPER Active Directory Integration WHITEPAPER Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role

More information

SAML and OAUTH comparison

SAML and OAUTH comparison SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single

More information

Secure the Web: OpenSSO

Secure the Web: OpenSSO Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based

More information

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications Matt Weisberg Vice President & CIO, Weisberg Consulting, Inc. matt@weisberg.net Paul McKeith Technical Sales, Novell, Inc. pmckeith@novell.com

More information

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

More information

Office 365 deploym. ployment checklists. Chapter 27

Office 365 deploym. ployment checklists. Chapter 27 Chapter 27 Office 365 deploym ployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of

More information

IT Exam Training online / Bootcamp

IT Exam Training online / Bootcamp DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft

More information

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper HotSpot Enterprise Mobile Printing Solution Security Whitepaper August, 2012 2012, Ricoh Americas Corporation. All rights reserved. Ricoh and the Ricoh logo are registered trademarks of Ricoh Company,

More information