PERSPECTIVES. State of the Art. Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync

Size: px
Start display at page:

Download "PERSPECTIVES. State of the Art. Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync"

Transcription

1 State of the Art Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync This document describes a secure single sign-on (SSO) solution for accessing Microsoft Exchange on tablets and smartphones. It is based on Evidian Web Access Manager PERSPECTIVES

2 White Paper > June

3 Protecting Microsoft Exchange in a Cloud Environment An ing system such as Microsoft Exchange is one of the most critical resources of any business. It is therefore essential that its access be protected. This is all the more important since most web applications now use to transmit or reset passwords. The ing system, if not adequately protected, thus becomes a weak link in the information system. To protect and simplify access to web applications, single sign-on (SSO) solutions are growing in popularity. After an initial sign-on (password, smart card, OTP token), the user accesses all the applications for which he or she has rights, without having to know the passwords of the applications themselves. How can Microsoft Exchange be easily integrated into an SSO access security system? In practice, there are obstacles to overcome: Web access to Microsoft Exchange is not natively compatible with most modern strong authentication mechanisms. Microsoft Exchange web access requires the Windows password, which the user may not know. The IT department must therefore ensure that the corporate web authentication system can effectively protect Microsoft Outlook

4 What are Microsoft Outlook Web App and Microsoft ActiveSync? Microsoft supplies two main solutions to access Microsoft Exchange from outside the Windows ecosystem. One solution makes it possible to consult a mailbox via a web browser; the other one directly connects a native mail reader to the Microsoft Exchange server. Microsoft Outlook Web App (OWA) is the web interface used to access Microsoft Exchange mailboxes. The ergonomics differs according to the browser, e.g. Internet Explorer (which supports ActiveX), Firefox or Chrome (which do not support ActiveX). Microsoft ActiveSync is the protocol that enables a Microsoft Exchange mailbox to be synchronized on a mobile phone or another mobile device, such as a tablet. This protocol is based on OWA and IIS 1 ; it uses a subset of the HTTP protocol. Organizations using Microsoft Exchange must generally activate both solutions at the same time in order to cover the various uses of their employees. What is Evidian Web Access Manager? Evidian Web Access Manager is a single sign-on (SSO) solution for web applications. It requires no installation on the workstation, which can be a tablet or a smartphone. Evidian Web Access Manager can be used alone or in cooperation with Evidian Enterprise SSO, a solution based on a local Windows client that provides access to web and non-web applications. Evidian 1 Microsoft Internet Information Services - 4 -

5 Enterprise SSO and Evidian Web Access Manager can share information about a web application s user account and login as well as Windows login. This document uses Evidian Web Access Manager to illustrate examples of web access to Microsoft Outlook via single sign-on mechanisms

6 Use Case: Single Sign-On to Microsoft Outlook Outlook Web App and ActiveSync are web applications that can be controlled by a single sign-on web solution such as Evidian Web Access Manager. Evidian Web Access Manager can control access to Outlook Web App just like it does for any traditional web application. Evidian Web Access Manager can also control mobile accesses to the ing system, using the ActiveSync protocol. Use Case with Outlook Web App (OWA) A mobile user accesses his Outlook mailbox via the Outlook Web App interface. To log in to this interface, the Windows password must usually be entered. However, the user may not know the Windows password required by Outlook Web App: On his desktop PC, the user does not always use the Windows password. Access may be managed by a local tool, such as Evidian Enterprise SSO or Authentication Manager. Similarly, the user may enter a single-use password (One-Time Password, OTP RADIUS) or an X.509 certificate for remote web access via Evidian Web Access Manager. In this case, Evidian Web Access Manager uses the Windows password known by Evidian Enterprise SSO to authenticate on the OWA server. Result: once logged onto Evidian Web Access Manager, the user accesses OWA via his or her browser, without having to enter another password

7 Use Case with ActiveSync Via a mobile phone (iphone, Android, Windows Phone) or a tablet (ipad, Android, etc.), the user synchronizes his s and calendar with his OWA account via Wi-Fi or 3G. The ActiveSync client application must be able to authenticate and access the OWA resources using the ActiveSync protocol. However, as we have seen, the user does not necessarily know his Windows password. He may not therefore be able to use it to configure the ActiveSync client application. In this case, the user is provided with a password dedicated to ActiveSync authentication thanks to Evidian Web Access Manager. The ActiveSync client application, on the phone or tablet, is configured to use Evidian Web Access Manager as an server. Evidian Web Access Manager uses the dedicated Active Sync password to authenticate the user, then injects instead the Windows password known by Evidian Enterprise SSO for the authentication on the ActiveSync interface of the OWA server. Result: the client automatically logs on to Evidian Web Access Manager to access OWA, without de-synchronization risk when the Windows password is changed

8 Architecture Principles with Outlook Web App The figure below shows a typical architecture to enable access via the web to mailboxes under Outlook Web App (OWA). Figure 1: Architecture for Outlook Web App The nomad user authenticates thanks to an OTP (one-time-password) type method, via a device or application synchronized with an OTP server. When he/she accesses the Evidian Web Access Manager portal, authentication is checked by the OTP server using RADIUS protocol. Then Evidian Web Access Manager identifies the user in the Active Directory. Evidian Web Access Manager can obtain the user s application passwords and Windows password from Evidian Enterprise SSO, if it is present. The Windows password is thus used to authenticate on the OWA servers. The authentication type may be integrated Microsoft authentication (NTLMv2), form-based authentication or basic HTTP authentication

9 Principles and Architecture with Microsoft ActiveSync The ActiveSync protocol is a sub-set of the HTTP protocol; it does not support: 301 and 302 redirections HTTP/HTTPS ports other than 80 and 443 ActiveSync therefore imposes constraints in its portalization via a web single sign-on solution such as Evidian Web Access Manager: It is not possible to redirect to an Evidian Web Access Manager authentication server or an external authentication server. Primary authentication must therefore be carried by the Web Access Manager gateway. Authentication to an external RADIUS or Kerberos server is not possible. The gateway must run on port 80 (HTTP) or 443 (HTTPS). URL translation is not possible. The Web Access Manager gateway must be a remote web agent. ActiveSync clients provide only one login and password field to manage authentication. The login and password values are sent for each HTTP Basic Authentication connection. There can be no further dialog between the gateway and the client to manage a one-time authentication. For ease-of-use reasons, it is not likely to frequently change the ActiveSync password saved in the smartphone. ActiveSync protocol constraints therefore prevent the use of an OTP server. But it is not possible to use the Windows password either if the user does not know it. In the architecture described here, the primary passwords are stored in a different LDAP directory than the Active Directory. The latter contains the real users/passwords

10 The user will enter a password that is not his actual Windows password, but that will be checked by Evidian Web Access Manager. Evidian Web Access Manager then injects the actual Windows password into the flow of data exchanged with the ActiveSync server. The false Windows password can then be modified independently from the change frequency of the Windows password. The figure below presents an Evidian Web Access Manager architecture that enables access to ActiveSync mailboxes via a mobile phone. Figure 2: Web Access Manager Architecture for ActiveSync This is what happens for an ActiveSync connection from a mobile phone: The user has a user1 login and a password The account is configured on the mobile phone. The ing server is set as wam.domain.com, either encrypted (HTTPS) or not (HTTP) An ActiveSync connection towards the Evidian Web Access Manager server is activated and the ActiveSync client will automatically issue the user1 login and its password for each request

11 Evidian Web Access Manager intercepts the user login to perform the following: 1. User identification - i.e. determining the user s original directory. 2. Authenticating the user in his identification directory. 3. Identification in the directory containing the real reference to the user. 4. Recovery of primary and secondary passwords associated with the user identified in step (3). Evidian Web Access Manager then connects to the ActiveSync server and injects the user name and password expected by the OWA ing server. The user is then authenticated by the OWA server (5) in the Active Directory of the Windows domain. Authorization Management for ActiveSync Authorizations to access applications can be calculated dynamically using simple and, or, not rules applied to the user s attributes in the LDAP directory. These rules apply to the ActiveSync connections as well as to all other connections transiting via Evidian Web Access Manager. Static or dynamic groups can thus be created to authorize access to mailboxes on a mobile phone according to the users duties. Changing Passwords for ActiveSync The passwords used on mobile phones are separate from the Windows passwords. They can therefore be changed independently: Using a provisioning tool (such as Evidian Identity & Access Manager or Evidian ID Synchronization) which modifies the passwords in the LDAP directory. The new passwords must

12 then be sent to users so that they can configure their mobile phones. By the users themselves, using Web Access Manager to modify their own passwords. Filtering based on the Phone Identifier for ActiveSync For each ActiveSync request, the mobile phone issues an identifier which syntax is specific to each manufacturer. The OWA server makes it possible to declare, register and filter ActiveSync connections according to these unique identifiers. Filtering enables a user account to be strongly associated with one or more mobile devices. This prevents fraudulent access based on the duplication of device content. Tracing all User Activity All access management policies require control. Evidian Web Access Manager logs all user access attempts. Administrators therefore know who accessed which application and when. Evidian Web Access Manager is compatible with web traffic analysis tools, such as Webtrends. This simplifies the analysis of security audit reports. Audit events are transmitted to Evidian Identity & Access Manager centralized audit database for each authentication and password transmission

13 Encryption of Confidential Data With Evidian Web Access Manager, all OWA and ActiveSync communications can be encrypted. The Evidian Web Access Manager gateway encrypts data itself using SSL. Users can therefore be sure of security when they consult their s, since they are protected by Evidian Web Access Manager. Protecting Web Resources against Attacks Evidian Web Access Manager helps you prevent attacks on web resources exposed on the Internet. The Evidian Web Access Manager gateway can mask the actual address of web resources. It modifies the URL of the web applications ( URL translation ), thus preventing hackers from finding out the network topology. Evidian Web Access Manager controls inputs for all web accesses. This facilitates the protection of web applications against attacks via the Internet. High Availability and Load Sharing The Evidian Web Access Manager gateway can be installed on two or more servers. In this case, the servers share the web traffic load and ensure disaster recovery if either server fails. This high availability solution is purely software-based. It therefore requires neither appliances nor shared disks; it works with standard servers. Similarly, load increases are managed by simply adding extra Evidian Web Access Manager gateways

14 39 A2 22LY 00 Evidian IAM Suite Our IAM solution is recognized by customers and analysts for its completeness. The Evidian IAM Suite offers the following components to make a fully integrated solution: Evidian Identity & Access Manager allows authorization governance and a full lifecycle management of identities and access to services, driven by a security policy combined with approval workflows. Evidian Web Access Manager is designed to manage access federation to Web applications, secure remote access for mobile users and replace all user passwords with a single and strong authentication method. Evidian Enterprise SSO facilitates access to enterprise and personal applications from workstations, mobile devices and smartphone and frees users from the password constraints. Evidian Authentication Manager provides strong authentication on workstations and mobile devices: smartcard or token, X509 certificate, contactless RFID cards, biometrics, one time password. Evidian SafeKit brings high availability, failover, file replication and load balancing to applications. For more information, please consult our website: Evidian The information contained in this document represents the view of Evidian on the issues discussed at the date of publication. Because Evidian must respond to changing market conditions, it should not be interpreted as a commitment on the part of Evidian, and Evidian cannot guarantee the accuracy of any information presented after the date of publication. This is for informational purposes only. EVIDIAN MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. We acknowledge the rights of the proprietors of trademarks mentioned in this book. This white paper is printed on paper combining 40% eco-certified fibers from sustainable forests management and 60% recycled fibers in line with current environment standards (ISO 14001). (ISO 14001).

Extranet Access Management Web Access Control for New Business Services

Extranet Access Management Web Access Control for New Business Services Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control

More information

OVERVIEW. DIGIPASS Authentication for Office 365

OVERVIEW. DIGIPASS Authentication for Office 365 OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility

More information

SAS Agent for Outlook Web App

SAS Agent for Outlook Web App SAS Agent for Outlook Web App CUSTOMER RELEASE NOTES Version: 1.08 Build: 1.08.579 Issue Date: 17 November 2015 Document Part Number: 007-012888-001, Rev. F Contents Product Description... 2 Release Description...

More information

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06 SafeNet Authentication Service Configuration Guide 1.06 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Technical Brief ActiveSync Configuration for WatchGuard SSL 100 Introduction Technical Brief ActiveSync Configuration for WatchGuard SSL 100 October 2009 With ActiveSync, users get push functionality to keep email, calendar, tasks, and contacts up to date on a mobile

More information

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Business mail 1 MS OUTLOOK CONFIGURATION... 2 Business mail Instructions for configuration of Outlook, 2007, 2010, 2013 and mobile devices CONTENT 1 MS OUTLOOK CONFIGURATION... 2 1.1 Outlook 2007, 2010 and 2013 adding new exchange account, automatic

More information

Workday Mobile Security FAQ

Workday Mobile Security FAQ Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy

More information

Single Sign-on Frequently Asked Questions

Single Sign-on Frequently Asked Questions Single Sign-on Frequently Asked Questions Q1. What is Single Sign-on? Q2. How does SSO work? Q3. How do I access the SSO portal? Q4. Where can I find help on how to use the SSO portal? Q5. How do I reset

More information

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010 Foundation IT Written approximately Dec 2010 1 Outlook Web Access With the new version of Exchange 2010 Outlook Anywhere has been enabled and configured with a secure socket layer (SSL) certificate from

More information

Building an identity repository is at the heart of identity and access management.

Building an identity repository is at the heart of identity and access management. State of the art ID Synchronization for a multi-directory identity repository Building an identity repository is at the heart of identity and access management. In fact, no matter the quality of an access

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

Accessing Derbyshire County Council s Outlook Web Access (OWA) Service. Smart Phone App version

Accessing Derbyshire County Council s Outlook Web Access (OWA) Service. Smart Phone App version Accessing Derbyshire County Council s Outlook Web Access (OWA) Service Smart Phone App version Contents About this guide... 2 Before accessing Outlook Web Access... 3 Accessing Outlook Web Access (OWA)

More information

Enterprise Self-Service Portal FAQ

Enterprise Self-Service Portal FAQ Enterprise Self-Service Portal FAQ General Information: info@cionsystems.com Online Support: support@cionsystems.com CionSystems Inc. Mailing Address: 16625 Redmond Way, Ste M106 Redmond, WA. 98052 http://www.cionsystems.com

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Entrust IdentityGuard Comprehensive

Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust

More information

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet Technical Data Sheet DirX Identity V8.5 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service

More information

MelbourneOnline Hosted Exchange Setup

MelbourneOnline Hosted Exchange Setup MelbourneOnline Hosted Exchange Setup Your email on our Hosted Exchange servers can be accessed by multiple devices including PC, Mac, iphone, IPad, Android, Windows Phone and of course webmail. It s all

More information

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template SafeNet Authentication Service Configuration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Q. I use a MAC How do I change my password so I can send and receive my email?

Q. I use a MAC How do I change my password so I can send and receive my email? Password Change FAQ Q. I use a MAC How do I change my password so I can send and receive my email? A. First point a browser to http://www.redlands.edu/passwordmanager and change your password. Afterward,

More information

Agent Configuration Guide

Agent Configuration Guide SafeNet Authentication Service Agent Configuration Guide SAS Agent for Microsoft Internet Information Services (IIS) Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter INTEGRATION GUIDE DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained

More information

Single Sign-On Portal User Reference (Okta Cloud SSO)

Single Sign-On Portal User Reference (Okta Cloud SSO) Single Sign-On Portal User Reference (Okta Cloud SSO) Contents Okta Single Sign-on Portal... 3 Initial account creation and configuration... 3 First time manual login to the Okta Single Sign-on Portal...

More information

Business mail 1 MS OUTLOOK RECONFIGURATION DUE TO SYSTEM MIGRATION... 2

Business mail 1 MS OUTLOOK RECONFIGURATION DUE TO SYSTEM MIGRATION... 2 Business mail Instructions for configuration of Outlook, 2007, 2010, 2013 and mobile devices CONTENT 1 MS OUTLOOK RECONFIGURATION DUE TO SYSTEM MIGRATION... 2 1.1 Deleting existing Exchange e-mail accounts...

More information

Secure Web Access Solution

Secure Web Access Solution Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Configuration Guide BES12. Version 12.2

Configuration Guide BES12. Version 12.2 Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining

More information

Integrating Hitachi ID Suite with WebSSO Systems

Integrating Hitachi ID Suite with WebSSO Systems Integrating Hitachi ID Suite with WebSSO Systems 2015 Hitachi ID Systems, Inc. All rights reserved. Web single sign-on (WebSSO) systems are a widely deployed technology for managing user authentication

More information

UNIFIED COMMUNICATIONS POST-MIGRATION INSTRUCTIONS

UNIFIED COMMUNICATIONS POST-MIGRATION INSTRUCTIONS UNIFIED COMMUNICATIONS POST-MIGRATION INSTRUCTIONS (PURPOSE): The purpose of this document is to prepare the email user for post email migration activities to ensure a successful email migration with no

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

BlackShield ID Agent for Remote Web Workplace

BlackShield ID Agent for Remote Web Workplace Agent for Remote Web Workplace 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced,

More information

User Guide. Time Warner Cable Business Class Cloud Solutions Control Panel. Hosted Microsoft Exchange 2007 Hosted Microsoft SharePoint 2007

User Guide. Time Warner Cable Business Class Cloud Solutions Control Panel. Hosted Microsoft Exchange 2007 Hosted Microsoft SharePoint 2007 Chapter Title Time Warner Cable Business Class Cloud Solutions Control Panel User Guide Hosted Microsoft Exchange 2007 Hosted Microsoft SharePoint 2007 Version 1.1 Table of Contents Table of Contents...

More information

INTEGRATION GUIDE. General Radius Config

INTEGRATION GUIDE. General Radius Config INTEGRATION GUIDE General Radius Config Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Microsoft Exchange ActiveSync 2007

INTEGRATION GUIDE. DIGIPASS Authentication for Microsoft Exchange ActiveSync 2007 INTEGRATION GUIDE DIGIPASS Authentication for Microsoft Exchange ActiveSync 2007 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.3 Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing

More information

Centrify Cloud Management Suite

Centrify Cloud Management Suite Centrify Cloud Management Suite Installation and Configuration Guide April 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents

More information

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS) SafeNet Authentication Service Configuration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

Cortado Corporate Server

Cortado Corporate Server Cortado Corporate Server 100 % On Premise Installed & Run Entirely On Your Corporate Network Feature Mobile Device Device Policy Application E-mail Push Wi-Fi Configuration Push Enable secure BYOD and

More information

SAS Agent for Outlook Web Access

SAS Agent for Outlook Web Access SAS Agent for Outlook Web Access CUSTOMER RELEASE NOTES Version: 1.06 Build: 1.06.27725 Issue Date: 4 February 2015 Document Part Number: 007-012888-001, Rev. D Contents Product Description... 2 Release

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Proof of Concept Guide

Proof of Concept Guide Proof of Concept Guide Version 4.0 Published: OCT-2013 Updated: 2005-2013 Propalms Ltd. All rights reserved. The information contained in this document represents the current view of Propalms Ltd. on the

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

FortiMail Server Mode SOLUCIÓN INTEGRAL DE CORREO SEGURO

FortiMail Server Mode SOLUCIÓN INTEGRAL DE CORREO SEGURO FortiMail Server Mode SOLUCIÓN INTEGRAL DE CORREO SEGURO FortiMail Server All-in-one Secured Email Platform SMTP, POP3, IMAP Secured Webmail access Security benefits from FortiMail advanced Antivirus and

More information

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper HotSpot Enterprise Mobile Printing Solution Security Whitepaper August, 2012 2012, Ricoh Americas Corporation. All rights reserved. Ricoh and the Ricoh logo are registered trademarks of Ricoh Company,

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

Information Technology Department. Exchange 2010 E-Mail Migration

Information Technology Department. Exchange 2010 E-Mail Migration Information Technology Department Exchange 2010 E-Mail Migration Please note: accessing your mailbox during its migration could result in irreparable damage to your email. Please read the instructions

More information

Hosted Microsoft Exchange Client Setup & Guide Book

Hosted Microsoft Exchange Client Setup & Guide Book Hosted Microsoft Exchange Client Setup & Guide Book Section 1 Microsoft Outlook Web Access (OWA) access directions Section 2 Windows 10 Mail App setup & configuration Section 3 Windows Mobile Phone ActiveSync

More information

owncloud Android App Manual

owncloud Android App Manual owncloud Android App Manual Release 2.0.0 The owncloud developers July 22, 2016 CONTENTS 1 Using the owncloud Android App 1 1.1 New In Version 2.0.0........................................... 1 1.2 Upgrading................................................

More information

Office 365 deployment checklists

Office 365 deployment checklists Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.

More information

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication

More information

Bell Mobile Device Management (MDM)

Bell Mobile Device Management (MDM) Bell MDM Technical FAQs 1 Bell Mobile Device Management (MDM) Frequently Asked Questions INTRODUCTION Bell Mobile Device Management provides business customers an all in one device administration tool

More information

Office 365 deploym. ployment checklists. Chapter 27

Office 365 deploym. ployment checklists. Chapter 27 Chapter 27 Office 365 deploym ployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of

More information

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates

More information

How to configure your mobile devices post migrating to Microsoft Office 365

How to configure your mobile devices post migrating to Microsoft Office 365 How to configure your mobile devices post migrating to Microsoft Office 365 1 Contents Purpose... 3 Document support boundaries... 3 Examples used in this document... 3 ipad and iphone (ios 4.x and 5.x)...

More information

ID Director for Windows

ID Director for Windows 2016 ID Director for Windows FINGERPRINT AUTHENTICATION FOR MICROSOFT NETWORKS BIO-key International www.bio-key.com Introduction Fingerprint biometrics are commonly deployed by organizations seeking to

More information

Configuration Guide BES12. Version 12.1

Configuration Guide BES12. Version 12.1 Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...

More information

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Remote Web Workplace

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Remote Web Workplace SafeNet Authentication Service Configuration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication

More information

PostFiles. The file sharing and synchronization solution dedicated to professionals. www.oodrive.com

PostFiles. The file sharing and synchronization solution dedicated to professionals. www.oodrive.com PostFiles The file sharing and synchronization solution dedicated to professionals www.oodrive.com Share all file types, regardless of size or format. Synchronize and read files across several devices.

More information

Office of Information Technology Connecting to Microsoft Exchange User Guide

Office of Information Technology Connecting to Microsoft Exchange User Guide OVERVIEW The Office of Information Technology is migrating its messaging infrastructure from Microsoft Exchange 2003 to Microsoft Exchange 2010. Moving to the latest technology will provide many enhancements

More information

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist BlackBerry Enterprise Service version.2 preinstallation and preupgrade checklist Verify that the following requirements are met before you install or upgrade to BlackBerry Enterprise Service version.2.

More information

White paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

White paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4

More information

Administrator Guide. v 11

Administrator Guide. v 11 Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main

More information

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER OVERVIEW OF OPEN VIRTUAL DESKTOP Mathieu SCHIRES Version: 1.0.2 Published April 9, 2015 http://www.inuvika.com Contents 1 Introduction 2 2 Terminology and

More information

Guidelines to setup mobile devices to a UOITnet account Google Apps for Education. Information Technology Services

Guidelines to setup mobile devices to a UOITnet account Google Apps for Education. Information Technology Services Guidelines to setup mobile devices to a UOITnet account Google Apps for Education Information Technology Services Contents Support for UOITnet email set up on a Mobile Device... 2 Generate Google Token...

More information

Email: support@apps4rent.com Toll Free: 1-866-716-2040 International: 1-646-506-9354

Email: support@apps4rent.com Toll Free: 1-866-716-2040 International: 1-646-506-9354 1. Check your Welcome e-mail for login credentials for the control panel. 2. Using the login details in the welcome e-mail; login at https://cp.hostallapps.com Adding Domain: 1. On the Home Page of the

More information

Hosting topology SMS PASSCODE 2015

Hosting topology SMS PASSCODE 2015 Hosting topology SMS PASSCODE 2015 Hosting Topology In a hosting environment, you have a backend and a several front end (clients). In the example below, there is a backend at the right side. At the left

More information

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common

More information

How Intel Cloud SSO Works

How Intel Cloud SSO Works TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities

More information

MaaS360 Mobile Enterprise Gateway

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB Table of Contents Introduction 3 Overview of Microsoft Exchange 2013 3 Why NetScaler GSLB for Exchange 2013? 3 Topology 3 Single Namespace

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

Interact Intranet Version 7. Technical Requirements. August 2014. 2014 Interact

Interact Intranet Version 7. Technical Requirements. August 2014. 2014 Interact Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...

More information

MaaS360 Mobile Enterprise Gateway

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described

More information

Lync SHIELD Product Suite

Lync SHIELD Product Suite Lync SHIELD Product Suite The Natural Solution For Securing Lync Connectivity For today s mobile enterprise, the need to connect smartphones to the corporate network has become a vital business requirement.

More information

Sophos Mobile Control Technical guide

Sophos Mobile Control Technical guide Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory

More information

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions 1800 ULEARN (853 276) www.ddls.com.au CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Length 5 days Price $5500.00 (inc GST) Overview The objective of Implementing Citrix NetScaler

More information

Mobile Access Software Blade

Mobile Access Software Blade Mobile Access Software Blade Dimension Data BYOD event Jeroen De Corel SE BeLux 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd.

More information

Convenience and security

Convenience and security Convenience and security ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work and home environments.

More information

CoSign by ARX for PIV Cards

CoSign by ARX for PIV Cards The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

NeoMail Guide. Neotel (Pty) Ltd

NeoMail Guide. Neotel (Pty) Ltd NeoMail Guide Neotel (Pty) Ltd NeoMail Connect Guide... 1 1. POP and IMAP Client access... 3 2. Outlook Web Access... 4 3. Outlook (IMAP and POP)... 6 4. Outlook 2007... 16 5. Outlook Express... 24 1.

More information

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta. Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

SECUREAUTH IDP AND OFFICE 365

SECUREAUTH IDP AND OFFICE 365 WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

More information

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Copyright 2012 Trend Micro Incorporated. All rights reserved. Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work. OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Cybersecurity and Secure Authentication with SAP Single Sign-On

Cybersecurity and Secure Authentication with SAP Single Sign-On Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle

More information