EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
|
|
- Shanon Brooks
- 8 years ago
- Views:
Transcription
1 pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS
2 Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon Web Services 4 More Cloud Deployments Means More Access 5 Identity Federation in AWS: Four Scenarios 6 What Is a Cloud-based Federation Identity Provider 7 How We Got Here: The Good Ol Days 8 Use Case One: Federate to AWS for Security and Productivity 9 Identity Federation: Fulfilling the Contract 10 Use Case Two: Leverage OpenID Connect for AWS APIs 11 Use Case Three: EC2 As a Federated IDP 12 Use Case Four: EC2 As a Federated SP 12 Superhero Status: AWS for Enterprise Identity 13 Conclusion 14
3 EXECUTIVE OVERVIEW Security in the public cloud presents a unique set of challenges for enterprises today. It s imperative that users have the correct access to do what they need to do without compromising security. This ebook outlines how your organization can leverage security assertion markup language (SAML) and OpenID Connect federation capabilities to streamline user access to Amazon Web Services (AWS) resources while providing the same level of security that your on-premises environments have. We ll also share examples of incorporating the Ping Identity solution using PingFederate to provide single sign-on (SSO) into AWS from directory servers such as Microsoft Active Directory. This approach gives you the ability to re-use existing internal identity management processes, such as onboarding and offboarding, as well as policies like password length, age and complexity. With this approach, you ll also be able to provide a seamless, federated SSO experience that will get your admins, developers and users authenticated, signed on and doing what they do best, quickly. This is sure to bump you up to superhero status within your organization! BE A SUPERHERO 3
4 INTRODUCTION: IDENTITY AND ACCESS MANAGEMENT IN AMAZON WEB SERVICES Amazon Web Services provides a rich set of identity and access management (IAM) capabilities, including the ability to create and manage users and groups and apply specific access controls based on the user s role or group membership. Individual security credentials can be set per user, and the architecture provides security by default rather than as an afterthought. Additionally, IAM in AWS provides centralized user access control through fine-grained permissions for both APIs and the AWS console. Controlling users access to APIs and the AWS console is an ongoing consideration for today s enterprise organizations and not just from the administrator s perspective. The developers that are writing applications within AWS also need seamless access to APIs, and they don t have the time or patience to remember multiple, always-rotating AWS passwords. Identity and access management within AWS provides the answer to two critical questions: 1. Who can sign on? Authentication is used to confirm the identity of a given user. AWS users can be authenticated internally or they can be federated from an external identity provider which handles authentication. The existence of a user account defines who can authenticate into the system. 2. What can they do? Authorization and access control policies provide the answer to what users can do after they are authenticated. 4
5 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS AWS provides not only classic SaaS functionality, but also Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). The explosion of public cloud usage, and AWS in particular, is being driven by two primary realities: First, SaaS application usage is increasing because employers have more confidence that they can securely deploy scalable apps in the cloud. Second, more services are being offered via IaaS and PaaS that organizations want to adopt. More cloud deployments equals more admins and more users! With increased deployments in the cloud comes the need for administrators and users with varying access rights. Managing these users and groups in multiple places quickly becomes tedious for administrators, leading to a loss of productivity as well as risky security practices. Enter Federation Technology Identity federation: Uses interoperable technology. Provides SSO across security domains. Uses SAML or OpenID Connect. With a federated architecture, you can: Eliminate managing duplicate user identities. Avoid multiple passwords and insecure password practices. Leverage existing investment in identity management solutions and policies. 5
6 INDENTITY FEDERATION IN AWS: FOUR SCENARIOS There are four primary use cases for single sign-on and identity federation in AWS: 1. AWS as a SAML service provider (SP): Organizations can leverage a third-party IAM system for a turnkey solution that manages identities and delivers SSO for AWS. The IAM system authenticates users and they are federated into the AWS console with the correct permissions and entitlements. 2. AWS as an OpenID Connect relying party (RP): Organizations can also use a third-party OpenID Connect authorization server (AS) to access AWS APIs. The AS authenticates users and they are given an ID token that can be traded for AWS credentials that are used to call AWS APIs. 3. Federated identity provider inside EC2: Identity provider (IdP) and authentication functionality can be provided through a federation server or identity bridge running in EC2. Users are authenticated and given a SAML assertion or token for transparent, standards-based SSO. 4. Federated service provider inside EC2: Service provider functionality can be enabled through a federation server deployed in EC2 that can consume SAML or other SSO tokens and provide a local token or session that is used to access applications. 6
7 Authentication WHAT IS A CLOUD-BASED FEDERATION IDENTITY PROVIDER? Console LDAP EC2 instance The Rules of the Game Have Changed In November 2013, Amazon announced support for a standard federation protocol that enables SSO to the AWS management console and application interfaces. AWS built-in federation capabilities give enterprises the ability to use their own directories as the control point for user SSO. The graphic above shows a federated service provider environment that can accept user credentials and sign users transparently into the application. What is a Cloud-based Federation IdP? An IdP is used to authenticate the user (or validate their existing session) and provide a trusted assertion to the SP describing who the user is along with personal attributes and the method of authentication. The most common format for assertions to the service provider is SAML, which is a proven, secure standard based on XML. OpenID Connect aims to provide similar functionality using more modern protocols like REST and JSON. The SP simply accepts the assertion or token in lieu of a username and password, validates that it was provided by a trusted issuer and creates a local session for the user. 57
8 HOW WE GOT HERE: THE GOOD OL DAYS (Mostly) non-web interaction Hosted On-premises Authentication Identity Bridge Custom code Storage of IAM user keys Storage of federated user keys Proprietary connection Active Directory LDAP Prior to native federation support in AWS, organizations typically had to write custom code to authenticate users and obtain keys. These proprietary, one-off solutions required storing multiple user keys, often insecurely, and provided limited functionality through the AWS APIs and command line interfaces. 8
9 USE CASE ONE: FEDERATE TO AWS FOR SECURITY AND PRODUCTIVITY Security token service resides in AWS SSO (SAML) (Mostly) web interaction Hosted On-premises Authentication (Kerberos) Identity Bridge Commercial federation IDP No storage of IAM user keys No storage of federated user keys Active Directory LDAP SAML federation in AWS allows organizations to leverage a commercial federation server as an identity bridge, providing secure single sign-on into the AWS console without storing user keys and without additional passwords or sign-ons. The IdP will typically support multiple methods of authentication, allowing users to leverage Kerberos if they are on the corporate domain, and providing other types of strong authentication to users off of the network, such as X.509 certificates or one-time passwords. Top Three Recommendations for Incorporating Federation with AWS: 1. Understand your AWS access requirements. Non-web access requires a slightly different approach. 2. Don t use the AWS superuser account for the IdP user privilege catastrophe awaits. 3. Carefully scope the access rights for your user roles. 9
10 IDENTITY FEDERATION: FULFILLING THE CONTRACT The IdP fulfills the contract by either dynamically retrieving the appropriate attributes from a data source or by using hard-coded values during SSO. The IdP inserts these attributes into the contract, which is then delivered to AWS. AWS wants to know two things, the role entitlement and session name attributes. The role entitlement attribute describes who is authorized to issue SAML assertions to a user and what AWS role they should be given (concatenated into a single attribute). The role session name tells AWS which user has assumed the described role (typically the username). In the AWS console, the IdP must be defined to establish trust with AWS. The SAML assertion then references the IdP s Amazon resource name (ARN). Additionally, the role that the user should assume is also defined along with specific permissions for the role. The role is then included in the assertion so that the IdP can dynamically define which privileges the user should have for a given session. These privileges, for example, may be different depending on how the user was authenticated or from where the user signed on. 10
11 USE CASE TWO: LEVERAGE OPENID CONNECT FOR AWS APIS Start using the app User Exchange Cognito token for tempoary AWS credentials AWS Redirect for authentication and receive an ID token Mobile or Web App Uses the temporary credentials to access AWS services Security Token Service OpenID Connect-compliant Identity Provider Exchange ID token for Cognito token Cognito DynamoDB Developer s AWS Account Amazon recently announced support for identity federation using OpenID Connect. This functionality can be used to easily access AWS resources from non-web clients, although the mechanism can be used for web applications as well. This new feature allows developers to leverage an OpenID Connect authorization server like PingFederate to provide SSO capabilities similar to those available from cloud identity providers such as Google and Facebook. For service providers who publish apps that rely on AWS APIs, this enables simple, secure access using a standards-based framework that supports both web and mobile clients. 11
12 USE CASE THREE: EC2 AS A FEDERATED IDP EC2 provides a supported platform for federating your identities. Authentication Regardless of whether your users are employees, contractors, partners or affiliates, a federation server deployed in EC2 allows you to authenticate users and provide assertions or EC2 instance SSO (SAML) Partner tokens for AWS, your own applications or thirdparty SaaS providers. Application USE CASE FOUR: EC2 AS A FEDERATED SP EC2 can also host a federation server to SP (with app) accept inbound assertions and tokens. If your users are being authenticated by hosted on-premises SSO (SAML) Federation IDP EC2 instance their own IdP, EC2 also provides a supported platform for a federation server to consume identity assertions and tokens and then provide a local session or token that can be used by your applications. Deploying a federation server Authentication Identity Bridge in EC2 offers instant scalability and availability for your environment. 12
13 SUPERHERO STATUS: AWS FOR ENTERPRISE IDENTITY Logs and backups are pushed to secure Amazon S3 buckets Inbound traffic managed by Amazon Route 53 DNS and elastic load balancers (ELBs) PingFederate engine nodes scale horizontally within auto scaling groups CONSOLE Single console node for configuration Two or more AWS availability zones within a single virtual private cloud (VPC) AMAZON RDS AMAZON RDS Amazon Relational Database Service (RDS) for provisioner database Leveraging AWS for identity federation allows scalable, highly-available SSO and token services for the AWS console and APIs, as well as for your own applications. By leveraging other AWS components such as S3, RDS, Route 53 and ELBs, you can provide a scalable, highly-available IAM infrastructure that provides a true SSO solution while leveraging your current identities, directories and policies. 13
14 CONCLUSION Amazon Web Services is a platform that provides many different capabilities that are enabled by built-in identity and access management systems. Controlling user access to the AWS console and APIs is an ongoing consideration for today s enterprise organizations. SAML and OpenID Connect identity federation is extraordinary technology that integrates with third-party identity management solutions to give you the power to let users sign into the AWS console and APIs without requiring additional passwords or tokens. PingFederate integrates with AWS out-of-the-box so that your users can federate from your identity management systems into your AWS environments easily and quickly. This mechanism gives you a true single sign-on solution: authenticate once, access many things including AWS. By implementing this identity federation approach, you can manage users and maintain identities within your existing directory, re-use internal identity management processes and eliminate password fatigue giving your authorized users and developers seamless access to the resources they need to get work done. AWS also provides a perfect platform for enterprise identity federation and SSO regardless of where your users are, what applications they need to access or what devices they re using. Whether you are an identity provider requiring single sign-on for your users or a service provider with applications and APIs that your customers want to access, AWS provides a scalable, highly-available platform that delivers the security your organization requires and the ease-of-use that your users have come to expect. About Ping Identity The Identity Security Company Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Our identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Over 1,200 companies, including 45 of the Fortune 100, rely on our award-winning products to make the digital world a better experience for hundreds of millions of people. For more information, dial U.S. toll-free or , sales@pingidentity.com or visit pingidentity.com Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingAccess, PingID, the respective product marks, the Ping Identity trademark logo, and Cloud Identity Summit are trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies. 14
Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationConnecting Users with Identity as a Service
Ping Identity has demonstrated support for multiple workforce and external identity use cases, as well as strong service provider support. Gregg Kreizman Gartner 1 Connecting Users with Identity as a Service
More informationMOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com
MOBILITY Transforming the mobile device from a security liability into a business asset. pingidentity.com Table of Contents Introduction 3 Three Technologies That Securely Unleash Mobile and BYOD 4 Three
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationPick Your Identity Bridge
Pick Your Identity Bridge Options for connecting users and resources across the hybrid cloud Executive Overview Enterprises are increasing their use of software as a service (SaaS) for two principal reasons:
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationCA Single Sign-On Migration Guide
CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for
More informationManaging Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015
Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationExtend and Enhance AD FS
Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy
More informationFive Reasons It s Time For Secure Single Sign-On
Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide
More informationInteroperate in Cloud with Federation
Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra
More informationHow to Extend Identity Security to Your APIs
How to Extend Identity Security to Your APIs Executive Overview The number of users and devices requesting access to applications is growing exponentially and enterprises are scrambling to adapt their
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationPing Identity, Euro Cloud award entry
Ping Identity, Euro Cloud award entry Category: Best Cloud Offering Product: PingFederate 6.6 About Ping Identity Ping Identity is the cloud identity security leader, specialising in cloud identity, security,
More informationAWS Directory Service. Simple AD Administration Guide Version 1.0
AWS Directory Service Simple AD Administration Guide AWS Directory Service: Simple AD Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's
More informationOpenID Connect 1.0 for Enterprise
OpenID Connect 1.0 for Enterprise By Paul Madsen Executive Overview In order to meet the challenges presented by the use of mobile apps and cloud services in the enterprise, a new generation of identity
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationJumpCloud is your Directory-as-a-Service. A fully managed directory to rule your infrastructure whether on-premise or in the cloud.
JumpCloud is your Directory-as-a-Service A fully managed directory to rule your infrastructure whether on-premise or in the cloud. Authenticate Ensure your users are who they say they are. JumpCloud authenticates
More informationAn Overview of Samsung KNOX Active Directory-based Single Sign-On
C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationSAML 101. Executive Overview WHITE PAPER
SAML 101 Executive Overview Today s enterprise employees use an ever-increasing number of applications, both enterprise hosted and in the Cloud, to do their jobs. What s more, they are accessing those
More informationPROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationIdentity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control
Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible Enterprises Are Leveraging Both On-premise and Off-premise
More informationFlexible Identity Federation
Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationHow To Use Salesforce Identity Features
Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services
Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services VMware Identity Manager OCTOBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Amazon Web
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationAutomating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc. 400 2nd Street Suite 350 San Francisco CA, 94107
OKTA WHITE PAPER Automating User Management and Single Sign-on for Salesforce.com Okta Inc. 400 2nd Street Suite 350 San Francisco CA, 94107 info@okta.com 1-888-722-7871 Table of Contents 1 The Growth
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationEnable Your Applications for CAC and PIV Smart Cards
Enable Your Applications for CAC and PIV Smart Cards Executive Summary Since HSPD-2 was signed in 2004, government agencies have issued over 5 million identity badges. About 90% of government workers and
More informationidentity as the new perimeter: securely embracing cloud, mobile and social media agility made possible
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
More informationIdentity and Access Management for the Cloud
Identity and Access Management for the Cloud What you need to know about managing access to your clouds Organizations need to control who has access to which systems and technology within the enterprise.
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationGoogle Apps Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationThree Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
OKTA WHITE PAPER Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-3waysad-113012 Table
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so
More informationOpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.
OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationAn Overview of Samsung KNOX Active Directory and Group Policy Features
C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationHow To Manage A Plethora Of Identities In A Cloud System (Saas)
TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities
More informationConfiguring user provisioning for Amazon Web Services (Amazon Specific)
Chapter 2 Configuring user provisioning for Amazon Web Services (Amazon Specific) Note If you re trying to configure provisioning for the Amazon Web Services: Amazon Specific + Provisioning app, you re
More informationChapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok
CLOUD COMPUTING PRACTICE 82 Chapter 9 PUBLIC CLOUD LABORATORY Hand on laboratory based on AWS Sucha Smanchat, PhD Faculty of Information Technology King Mongkut s University of Technology North Bangkok
More informationEXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationOnly LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.
This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and
More informationPingFederate. SSO Integration Overview
PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,
More informationWhite. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013
White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed
More informationTop 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper
Okta White paper Top 8 Identity and Access Management Challenges with Your SaaS Applications Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-top8-113012
More informationMY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps
MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps The ability to centrally provision
More informationIBM Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations
More informationsolution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationwww.boost ur skills.com
www.boost ur skills.com AWS CLOUD COMPUTING WORKSHOP Write us at training@boosturskills.com BOOSTURSKILLS No 1736 1st Amrutha College Road Kasavanhalli,Off Sarjapur Road,Bangalore-35 1) Introduction &
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationCopyright Pivotal Software Inc, 2013-2015 1 of 10
Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10
More informationThe Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs
The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs Executive Overview A key technical underpinning of the Cloud is the Application Programming Interface (API). APIs provide consistent
More informationThe Identity Defined Security Alliance
The Identity Defined Security Alliance A combined solution for achieving Identity Defined Security Whether it s creation of an authentication ceremony, definition and enforcement of policy, enforcement
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationAlfresco Enterprise on AWS: Reference Architecture
Alfresco Enterprise on AWS: Reference Architecture October 2013 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 13 Abstract Amazon Web Services (AWS)
More informationWhite paper Contents
Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Management Challenges of Software
More informationSimple Cloud Identity Management (SCIM)
Simple Cloud Identity Management (SCIM) Abstract The Simple Cloud Identity Management (SCIM) specification defines a simple, RESTful protocol for identity account management operations. SCIM s model is
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationSecuring WebFOCUS A Primer. Bob Hoffman Information Builders
Securing WebFOCUS A Primer Bob Hoffman Information Builders 1 Agenda Gain an understanding of the WebFOCUS Architecture Where can security be implemented? Review the internal WebFOCUS repository and resource
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationInternet-Scale Identity Systems: An Overview and Comparison
Internet-Scale Identity Systems: An Overview and Comparison February 2014 Update Since this paper was first written, the ecosystem of identity standards has changed significantly. Information Cards are
More informationHow to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment
WHITEPAPER How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment www.onelogin.com 150 Spear Street, Suite 1400, San Francisco, CA 94105 855.426.7272 EXECUTIVE SUMMARY
More informationQLIKVIEW AND THE CLOUD
QLIKVIEW AND THE CLOUD A QlikView Technology White Paper July 2012 qlikview.com Table of Contents Overview 4 Who Is This Paper For? 4 Cloud Terminology and QlikView 5 Software as a Service - SaaS 6 QlikView
More informationInternet-Scale Identity Systems: An Overview and Comparison
Internet-Scale Identity Systems: An Overview and Comparison Overview An Internet-scale identity system is an architecture that defines standardized mechanisms enabling the identity attributes of its users
More informationPrimex Wireless OneVue Architecture Statement
Primex Wireless OneVue Architecture Statement Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS) 2015 Primex Wireless, Inc. The Primex logo is a registered
More informationIdentity Implementation Guide
Identity Implementation Guide Version 37.0, Summer 16 @salesforcedocs Last updated: May 26, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationCustomer Identity and Access Management (CIAM) Buyer s Guide
Customer Identity and Access Management (CIAM) Buyer s Guide Shifting Marketplace Over the last five years, there has been a major shift in how enterprises need to look at and secure customer identities
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationSecure Identity in Cloud Computing
Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective
More informationHow to create a SP and a IDP which are visible across tenant space via Config files in IS
How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationWHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory
WHITEPAPER 13 Questions You Must Ask When Integrating Office 365 With Active Directory Many organizations have begun their push to the cloud with a handful of applications. Microsoft s Office 365 offering
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationThe Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry
MANAGING CLOUD APPS IN THE ENTERPRISE How to Overcome the Complexity Whitepaper 2 The Trouble with Managing Multiple Cloud Identities Over the last decade, cloud-based apps have become fundamental to how
More information