WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION
|
|
- Chester Brooks
- 8 years ago
- Views:
Transcription
1 WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION
2 Executive Overview The explosion of devices laptops, desktops and now the plethora of mobile devices has left enterprises scrambling to conduct access control to their resources. The current tools are not sufficient for BYOD environments because they do not address the new devices or the new resources for mobile or desktop users. Technology has advanced too far to rely on simple username and password combinations for individual access. They are too easily compromised or forgotten, and create frequent points of vulnerability. Though users may be comfortable with shielding their Facebook profiles behind single factor authentication, enterprise information must be more strongly secured with additional factors, despite the inconvenience that it may introduce. Resolving the conundrum of adding layers of authentication without compromising ease-of-use has proven to be an elusive task for enterprises, until now. SecureAuth s Device Fingerprinting features the flexibility, the security, and the convenience required to increase layers of authentication without creating high friction for users. In many instances, SecureAuth s Device Fingerprinting actually improves user experience. This paper will examine SecureAuth s Device Fingerprinting. It will explain what it is, how it works, and the numerous benefits that it spawns. In conclusion, SecureAuth IdP will be elucidated, acknowledging its complete security package designed specifically for mobile and BYOD work environments. Table of Contents Introduction: What is Device Fingerprinting?.3 How Does it Work?.3 Features of Device Fingerprinting 6 Weighing the Fingerprinting Metrics (Device Heuristics)..8 Device Acceptance Range 9 Management of Range..10 Secure Mobile App for Android and ios...12 Integrated into SecureAuth IdP for All Resources.12 Conclusion.13 WHITEPAPER 2
3 Introduction: What is Device Fingerprinting? Device Fingerprinting is a revolutionary system developed by SecureAuth that enables secure and convenient access to all resources, from any device mobile or desktop. It was created to address continuous security concerns from enterprises whose mobile business bourgeons. With the release of SecureAuth IdP version 7.0 in April, 2013, SecureAuth enabled this new, heuristics approach to identify, authenticate, and assert access. By supporting variations of HTTP headers, IP addresses, browser fonts, browser plugins, user data storage, and the device s time zone, users unique identities can be determined from the distinct desktop and mobile devices used. Each mobile device smartphone, laptop, tablet on various platforms has unique characteristics from which an intelligent system (like the webserver embedded in SecureAuth) can extract information. SecureAuth has exploited that feature and manipulated it to be used for device registration and subsequent device validation. How Does It Work? An Identity Provider (IdP) by design extricates information from data stores to be used for authentication and assertion. SecureAuth is an IdP that also features a built-in, enhanced webserver capable of extracting and validating mobile and desktop device information. Device Fingerprinting enables SecureAuth IdP to pull specific characteristics from a device, store the unique characteristics in the enterprise s directory, and then use those characteristics for validation of the users and devices for subsequent access requests. WHITEPAPER 3
4 Image #1: SecureAuth IdP has integrated 2-Factor user-to-device registration workflow built into the product. The first-time process (Registration): User attempts to access an application from a desktop or mobile device and is redirected to SecureAuth IdP for authentication (1) SecureAuth conducts a configurable (2) SecureAuth authentication (1- factor, 2-Factor, 3-Factor, etc.) Upon successful authentication, SecureAuth sends server-based commands to the client to (3) PULL the unique characteristics from the (4) device (header, fonts, plug-ins, screen size, HTML5 storage facilities, IP address, cookie storage, etc.) SecureAuth creates a numeric representation (5) of the values and then stores it to a local enterprise directory (6) that can be accessed by admins and referenced by the authenticated user ID User is redirected with appropriate SSO from SecureAuth IdP to the original target resource WHITEPAPER 4
5 Image #2: Once the device is registered to the device, subsequent authentications are lowfriction for the user. For subsequent authentications (Validation): User attempts to access an application from a desktop or mobile device and is redirected to SecureAuth IdP for authentication (1) User supplies enterprise credentials, and SecureAuth IdP conducts a device fingerprint of the user s device and checks it with the user ID against the enterprise data store (2) If a match is found, SecureAuth IdP counts it as a successful second factor (no SMS, Telephony, OOB authentication is required) and returns an SSO token to the user for access to the network, cloud, web, or mobile resource (3) Device Fingerprinting enables companies to keep a record of the devices employed by each user, which eliminates the need to impose a HIGH- FRICTION authentication on subsequent authentications. WHITEPAPER 5
6 Features of Device Fingerprinting Though some of the values of Device Fingerprinting have already been indicated, there are several benefits that come with it. Low-friction authentication is one of the most significant features of SecureAuth s Device Fingerprinting. As illustrated in the processes above, users whose devices have already been registered with the Server are not burdened with multiple authentications for each subsequent session. This dramatically simplifies the login and access process for users who employ the same resources, especially portals, with frequency. SecureAuth IdP already specializes in providing a flexible and convenient workflow for users; this addition only strengthens it. By allowing the directory to store the collection of devices, users can be allowed subsequent authentication without further friction. If a user attempts access from a different device, SecureAuth can be configured to either deny access or to usher the user through another enrollment so that the user can register the new device. Should an enterprise choose the latter, a user would work through another enrollment and a fingerprint of the additional device will then be stored for subsequent access requests. The user s data store profile will house two (or more) fingerprints that can be used for future validation. Device Fingerprinting permits a simplified, one-time registration workflow from all devices, whether mobile or traditional computers. Shared Machines are no longer problematic with SecureAuth IdP. Device Fingerprinting enables multiple users to work on the same device while maintaining effective security. When the device authentication is registered with the enterprise, it is linked to one specific user s profile. That user is then able to work on the device without re-authenticating because the Server recognizes that that user has already validated it. When new users attempt to access enterprise resources from the same device, SecureAuth IdP, through its ability to pull user-based identifiers from the device and matching them against information housed in the user s back end data store, recognizes that the device has not been registered to this new user. WHITEPAPER 6
7 As a result, the new user will be redirected to the IdP for authentication before access is granted. From there, the Fingerprint Server will store this device under the new user s profile without eliminating or altering the previous user s registration. Users can work on multiple devices and multiple users can work on a single device all without high-impact authentication processes. Identity Access Management (IAM) with SecureAuth IdP is completely configurable and flexible because it is designed to utilize the enterprise native store and use existing username spaces. As detailed, SecureAuth registers the device to the user via a storable value. Multiple devices can be registered to a single user Each access from each device is logged per device Users can be issued a time for valid registration, which forces them to re-register after a realm-based duration period Devices can be uniquely identified/revoked per users All devices can be revoked per user, at one time The ability to revoke all devices per user at one time is especially relevant. Administrators can access all of the information that is collected and stored by the Fingerprint Server at anytime. In a very simple, admin-friendly tool, any modifications can be effortlessly made including 1-Touch Revocation, which maintains security even if the device is compromised or the user has left the company. Because each device is linked to the users that employ them, admins can quickly and easily search the directory to find the device that requires forced revocation. Once the user has been pinpointed, admins are able to revoke all or individual devices by simply unchecking them from the acceptable devices list. SecureAuth IdP also enables user self-management, including profile registration and modification, password reset, and self or device revocation. Users are able to revoke access on their own devices at any time, without requiring the admin s assistance. This is all accomplished without necessitating any thick clients on the device. WHITEPAPER 7
8 Weighing the Fingerprinting Metrics (Device Heuristics) To facilitate strong authentication without compromising ease-of-use, SecureAuth Device Fingerprinting offers a heuristic-based approach for identifying devices. As described above, the solution offers a built-in, 2-Factor workflow to enable the first time device registration. With SecureAuth s Device Fingerprinting deployed, enterprises can set scoring values to heuristic components that will weigh device characteristics in accordance to enterprise priorities. In this way, an enterprise can match their user base and how/which devices are used in accordance to the resources. With this heuristic component, an enterprise can customize the fingerprinting to their deployment environment. Image #3: SecureAuth allows the admin, per protected resource, to select which device identity characteristics the admin wishes to weigh. WHITEPAPER 8
9 SecureAuth scores specific mechanisms that are used to determine whether a user has surpassed the threshold set by the enterprise. These mechanisms include: HTTP header information: o User-Agent o Accept o Accept CharSet o Accept Encoding o Accept Language Browser Plug-in List Browser Flash Fonts Device Host Address/IP Screen Resolution HTML5 Local Storage HTML5 Session Storage IE User Data Support Browser Cookie Enable/Disable Setting Time Zone Each of these features come with a default setting and can be adjusted accordingly to meet unique conditions that the enterprise might have for a particular resource. It is important to note that SecureAuth IdP is a multitenanted solution, so admins can adjust these settings per each resource with distinct values. Device Acceptance Range SecureAuth enables a Device Acceptance Range to give enterprises full control of device validation. This Device Acceptance Range can be configured for different levels of acceptance. The admin console can control this range, which affects key concepts concerning the device: When the device fingerprint is accepted, as is o The device looks mostly similar to the stored fingerprint When the device fingerprint should be updated o The device has undergone some minor updates/upgrades and the device fingerprint should be updated When the device is new altogether o It is a new device, therefore a new registration is required WHITEPAPER 9
10 For the device registration, SecureAuth IdP generates a numeric fingerprint of the device. This numeric fingerprint is stored in the enterprise data container and is associated with a user. For subsequent authentications, SecureAuth IdP reexamines the device with the same algorithm and creates a new numeric fingerprint. The matching percentage of the subsequent authentication is a number between 0 and 100, and we call it the DCS, Device Certainty Score. Management of Range SecureAuth has given the admin two adjustable scores to modify the Device Validation Range. These scores are the match score and the update score. The match score is a configurable setting that communicates to the system the lowest level of the DCS that can be accepted before a new fingerprint is computed. The update score is the lowest level of the DCS that can be accepted before SecureAuth IdP triggers a user to re-register. This too is configurable. By having this adjustable range between a match score and an update score, devices can be updated and evolve without requiring the user to reauthenticate. WHITEPAPER 10
11 Image #4: SecureAuth allows the enterprise to set a Device Acceptance Range to adjust the rigidity of the fingerprinting and validation process, namely a (1) match score and an (2) update score. This enables devices to evolve without the user having to re-register. If the computed DCS is greater or equal to the match score, then the device is considered pre-registered and no second factor will be conducted by the SecureAuth authentication workflow. If the DCS is BELOW the match score but ABOVE the update score, then the device is considered to likely be pre-registered but might have a few characteristics changed. SecureAuth IdP will conduct a secure second factor and then UPDATE the fingerprint for the user in the enterprise directory. Lastly, if the DCS is BELOW the update score, SecureAuth conducts a secure second factor, and then creates a digital fingerprint for this new device and stores it in the enterprise namespace for this user. This device is considered new and is now ALSO registered to the user. For example, a user may elect to register his Windows 7 desktop the first time. Before he returns, the system goes through a major upgrade, including browser plug-ins and system modifications. For his next usage, SecureAuth would recognize that the device is the same, but the fingerprinting would WHITEPAPER 11
12 reflect the variation. To be secure, the user would re-authenticate, but the record would show only one device enrolled to the user. Just as administrators can set preferences for all individual users with SecureAuth IdP, adjustments can also be made per authentication realm that establishes the distinct heuristic requirements for individual applications. Secure Mobile App for Android and ios For enterprises that require higher than normal security for mobile device access, SecureAuth has created device-specific mobile applications for Android and ios devices, in addition to browser-based fingerprinting. These apps can be deployed by the enterprise to augment the process of device verification. The application is designed to execute native commands on ios and Android clients for the purpose of extracting device specific information. Both platforms query the device and extract the friendly name. Android s would be Android Nexus 7.4.2, for example. The mobile applications also work further and pull device-specific information. For Android, the app is able to extract the serial number from the mobile unit; and for ios, it pulls the UDID for versions 5.0 and earlier, and the Advertiser ID for later models. Integrated into SecureAuth IdP for All Resources Device Fingerprinting is one part of an entire solution that SecureAuth has been developed to specifically target the needs of an enterprise. The SecureAuth IdP fingerprinting solution can be used for ALL enterprise resources, including: Enterprise Web Applications (SharePoint,.NET, J2EE, WebLogic) Network Resources (Juniper, F5, Citrix) Cloud Resources (Google, Microsoft, Salesforce, Taleo) Mobile Applications (Android, ios, Windows) SecureAuth IdP offers 2-Factor Authentication (2FA) and Single Sign On (SSO) to all enterprise resources, including native mobile applications without any hardware, installation, or coding required. 2FA and SSO are transparent as well as user-friendly. Admins can configure the authentication settings to require 2FA every session, every week, every WHITEPAPER 12
13 month, or whatever time period they choose. Different 2FA workflows can be configured for specific sets of users, specific applications, and specific devices. SSO can also be extended to enterprise network, web, cloud, and mobile resources specifically for users, applications, and devices. SecureAuth s frictionless success is rooted in its ability to conduct authentication, device registration, and identity assertion in a transparent way, thereby allowing administrators to deploy a solution that requires marginal management and no user support. With SecureAuth IdP, users will not be calling the helpdesk due to confusing or complicated authentication. Conclusion SecureAuth is continually perfecting its solution to ensure security and to improve the end-user experience. With the innovative supplement of Device Fingerprinting to the already powerful access platform, SecureAuth IdP is steadily eliminating the need for any other products addressing enterprise application access. Enterprises can now embrace BYOD and mobile business because with SecureAuth, they have the necessary security to manage the devices and the access in the safe way that their policies dictate, all the while not complicating authentication for its user base. SecureAuth s ability to configure different workflows for different users and different applications ensures that the various use cases that surface in BYOD deployments and mobile application access will be met with sound security and ease-of-use. WHITEPAPER 13
14 InNet innetworktech.com
SECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationWHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES
WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES Executive Overview U.S. Federal mandates dictates that personal with defense related initiatives must prove access
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationSecure Access Control for Mobile, Cloud, and Web Apps
Secure Access Control for Mobile, Cloud, and Web Apps SecureAuth IdP is a revolutionary platform that provides flexible and secure access control through strong authentication, single sign-on, and user
More informationABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES
CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationI D C V E N D O R S P O T L I G H T
I D C V E N D O R S P O T L I G H T E n f o r c i n g I dentity a nd Access Management i n C l o u d a n d Mobile Envi r o n m e n t s November 2012 Adapted from Worldwide Identity and Access Management
More informationEXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing
More informationActive Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper
Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.
More informationWHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT
WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT Executive Overview SAML (Security Assertion Markup Language) is a standard that facilitates the exchange of security information. Developed by
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationWhite Paper. Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare
White Paper Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare June 2015 Introduction The primacy of healthcare cyber security is accompanied by challenges unique to the
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationAVG Business Secure Sign On Active Directory Quick Start Guide
AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and
More informationActive Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper
Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.
More informationKony Mobile Application Management (MAM)
Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview
More informationDefender 5.7 - Token Deployment System Quick Start Guide
Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register
More informationHow To Manage A Plethora Of Identities In A Cloud System (Saas)
TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationexpanding web single sign-on to cloud and mobile environments agility made possible
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationTrustedX - PKI Authentication. Whitepaper
TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...
More informationAn Overview of Samsung KNOX Active Directory and Group Policy Features
C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationTrustedX: eidas Platform
TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,
More informationCounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile
CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module Version 1.0.1 ForeScout Mobile Table of Contents About the Integration... 3 ForeScout MDM... 3 Additional Documentation...
More informationSymantec Managed PKI Service Deployment Options
WHITE PAPER: SYMANTEC MANAGED PKI SERVICE DEPLOYMENT............. OPTIONS........................... Symantec Managed PKI Service Deployment Options Who should read this paper This whitepaper explains
More informationAVG Business SSO Connecting to Active Directory
AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud
More informationEOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management
EOH Cloud EOH Cloud Services - EOH Cloud Page 1 EOH Mobile Device Management Manage a fleet of diverse mobile devices, support new secure mobile workflows and effectively distribute apps. The evolving
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More information(A) User Convenience. Password Express Benefits. Increase user convenience and productivity
Comparison Feature Sheet Feature Sheet is a next generation password management and password synchronization tool that provides users with reduced sign on experience across all applications and password
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationWhite Paper. The risks of authenticating with digital certificates exposed
White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric
More informationThe Cloud, Mobile and BYOD Security Opportunity with SurePassID
The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs January 2014 SurePassID At A Glance Founded 2009 Headquartered in Orlando, FL 6 sales offices in North America,
More informationTwo-Factor Authentication (2FA) Registration Instructions Symantec VIP Access
Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access To strengthen KBR information security and safeguard company data, Information Technology will implement two-factor authentication
More informationSecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates
SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates As enterprises move their applications to the Web and mobile platforms, providing strong security
More informationSecure, Centralized, Simple
Whitepaper Secure, Centralized, Simple Multi-platform Enterprise Mobility Management 2 Controlling it all from one place BlackBerry Enterprise Service 10 (BES10) is a unified, multi-platform, device, application,
More informationActive Directory Self-Service FAQ
Active Directory Self-Service FAQ General Information: info@cionsystems.com Online Support: support@cionsystems.com CionSystems Inc. Mailing Address: 16625 Redmond Way, Ste M106 Redmond, WA. 98052 http://www.cionsystems.com
More informationConfiguring and Monitoring Citrix Branch Repeater
Configuring and Monitoring Citrix Branch Repeater eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of
More informationPassword Reset PRO INSTALLATION GUIDE
Password Reset PRO INSTALLATION GUIDE This guide covers the new features and settings available in Password Reset PRO. Please read this guide completely to ensure a trouble-free installation. March 2009
More informationAdvanced Configuration Steps
Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings
More informationInterwise Connect. Working with Reverse Proxy Version 7.x
Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web
More informationIBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationADAPTIVE USER AUTHENTICATION
ADAPTIVE USER AUTHENTICATION SMS PASSCODE is the leading technology in adaptive multi-factor authentication, improving enterprise security and productivity through an easy to use and intelligent solution
More informationHow To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment
How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication with Active Directory Applicable
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationPrinterOn Print Management Overview
PrinterOn Print Management Overview Table of Contents 1. PrinterOn and Print Management Overview... 4 1.1. Combined PrinterOn and Print Management Capabilities... 5 1.1.1. Comprehensive Workflow Tracking
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationMobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing
Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173
More informationGateway Apps - Security Summary SECURITY SUMMARY
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
More informationHow To Use Salesforce Identity Features
Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationA guide to enterprise mobile device management.
WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an
More informationActive Directory Compatibility with ExtremeZ-IP
Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices White Paper Group Logic White Paper October 2010 About This Document The purpose of this technical paper is to discuss how ExtremeZ-IP
More informationManaging policies. Chapter 7
Chapter 7 Managing policies You use the Policies tab in Admin Portal to create policy sets for roles. A policy set lets you configure the following categories of policies: Mobile Device Policies Use to
More informationMobile Iron User Guide
2015 Mobile Iron User Guide Information technology Sparrow Health System 9/1/2015 Contents...0 Introduction...2 Changes to your Mobile Device...2 Self Service Portal...3 Registering your new device...4
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationFairsail REST API: Guide for Developers
Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,
More informationOffice 365 deployment checklists
Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationAn Overview of Samsung KNOX Active Directory-based Single Sign-On
C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationUP L18 Enhanced MDM and Updated Email Protection Hands-On Lab
UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab Description The Symantec App Center platform continues to expand it s offering with new enhanced support for native agent based device management
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationRisk Based Authentication and AM 8. What you need to know!
Risk Based Authentication and AM 8 What you need to know! Agenda Authentication Manager 8 Customer Use Cases Risk Based Authentication (RBA) RBA Integration and Deployment 2 SecurID / Authentication Manager
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationExecutive Summary P 1. ActivIdentity
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
More informationCritical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management
Security Comparison Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationEnabling Kerberos SSO in IBM Cognos Express on Windows Server 2008
Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials
More informationNew Features: What s new in Windows Intune?
New Features: What s new in Windows Intune? Contents Release Overview... 2 Unified Enterprise Management Solution... 2 User-based Licensing... 5 Extending Client Support... 5 Understanding Mobile Device
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationWHITE PAPER SECURE, DEPLOYABLE BILATERAL (CLIENT/SERVER) AUTHENTICATION
WHITE PAPER SECURE, DEPLOYABLE BILATERAL (CLIENT/SERVER) AUTHENTICATION SecureAuth Secure, Deployable Bilateral (Client/Server) Authentication As enterprises move their applications to the Web and mobile
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationWHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users
Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity
More informationAdministering Jive for Outlook
Administering Jive for Outlook TOC 2 Contents Administering Jive for Outlook...3 System Requirements...3 Installing the Plugin... 3 Installing the Plugin... 3 Client Installation... 4 Resetting the Binaries...4
More informationNetIQ Advanced Authentication Framework
NetIQ Advanced Authentication Framework Security Officer Guide Version 5.2.0 1 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Authenticators Management 4 Card 8 Email OTP
More informationBYOD & Virtualization: Managing Mobile
White Paper 01 Finches Only 02 ViewSonic Only BYOD & Virtualization: Managing Mobile Devices from the Desktop Erik Willey 04.15.2014 SUMMARY: Integrated with Citrix XenMobile, ViewSonic s SD-A245 smart
More informationGuide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation
Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication Mobile App Activation Before you can activate the mobile app you must download it. You can have up to
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Native Apps and Push Notifications...4 Custom App Wrapping for ios... 5 Native
More information