a best practices guide Six Best Practices for Cloud-Based Identity Management Services Making Identities Work Securely in the Cloud
|
|
- Edwina Sharp
- 8 years ago
- Views:
Transcription
1 a best practices guide Six Best Practices for Cloud-Based Identity Management Services Making Identities Work Securely in the Cloud
2 Figure 1 Cloud-based applications you might be using Identity and access management (IAM) is the great IT challenge of the SaaS era. Providing authentication and authorization in a way that is convenient for users while delivering security and compliance for IT is key. Done well, you can make IT a valuable asset in the deployment of cloud applications by offering a simple-to-use, yet highly sophisticated IAM solution. By offering a single sign-on solution, IT departments can provide an incentive for the lines of business that are adopting SaaS applications to start involving IT from the beginning thus enabling you to regain visibility and control over application usage and data security. Using the six best practices outlined in this paper, along with a comprehensive identity management platform like Symplified, any IT department can successfully strike a balance between enabling productivity and managing risk. Figure 1 : Cloud-based applications you might be using Background Wide adoption of cloud-based applications and access to them via mobile devices has made doing business much easier and more cost-effective. However, when people use their own mobile devices to access ap- plications and business units deploy SaaS applications directly, IT is often left in the dark about where their company s data and processes are moving. This leads to several challenges that can also be security risks depending on: 1 The Extended Enterprise: A Security Journey, Forrester Research, November 2011 The type of information you are working with in the cloud The amount and level of sensitive information (customer data in addition to personal identity information) that is residing in the cloud How that information is protected in the cloud How quickly you can restrict access to sensitive information in the case of user termination How many passwords accessing what types of information you are comfortable not having control over in the cloud Forrester Research describes an extended enterprise as, One for which a business function is rarely, if ever, a self-contained workflow within the infrastructure confines of the company. 1 Forrester goes on to state that most organizations now meet that definition, thanks to the use of SaaS applications and other cloud-based computing resources. These include Gmail and Google Drive; ADP Payroll and Jobvite for your HR department; marketing s Eloqua, Marketo, and almost every marketing tool; Salesforce; most of your social media tools; as well as Evernote, Dropbox, Hubspot, WorkDay, Force.com, Xactly, and scores of others. 2» Six Best Practices for Cloud-Based Identity Management Services»
3 In short, you have a lot of sensitive data residing outside of your organization. Add in to this the complex- ity of allowing contractors, partners and customers access to parts of your cloud-based solutions in order to serve themselves or smooth ERP and manufacturing processes. Also keep in mind the identity silos are created when multiple third party service providers individually manage who has access to what. One additional challenge is that everybody who has chosen to work in the cloud was sold on the idea that they would save on IT budgets. Realistically, it does dramatically reduce the effect on capital budgets, but it can actually increase the workload on IT in terms of provisioning, de-provisioning, and supporting employees working in the cloud. Figure 2 The complexity of the cloud grows with the popularity of the applications PARTNER CUSTOMER EMPLOYEE INTERNET USER CRM SFA HR PAYROLL ENTERPRISE PORTAL For example, when Bob Jones joins your organization, he needs to access both the on-site applications and the cloud-based applications his department has deemed necessary for his position. Unfortunately, most new employees are trying to remember a dozen new things at once, so they tend to scrimp on creativity when it comes to passwords. Bob may log into the travel expense management app with the username bobj and the password pwd123; the sales quote app with bob2 and pwd123; and the engineering require- ments management app with bjones and pwd123. Now he has to remember three different name and pass- word combinations, so he takes a shortcut and uses the same password for all three applications, never a good practice. The bigger problem is that Bob has done this pretty much all by himself, and the enterprise has no centralized control. This leads to weaker security because one password opens many doors, and redundant administration since Bob s user account in every one of those applications has to be administered and audited from within each application separately. In the case of a terminated employee, somebody in IT would need to de-provision the terminated employee s accounts at all of the applications the employee used on behalf of the enterprise. This means that the admin must first remove the terminated employee from Active Directory which will effectively block access to all of the on-site applications. However, the other immediate concern is the terminated employee s access to the wide variety of cloud-based applications must be eliminated. 3» Six Best Practices for Cloud-Based Identity Management Services»
4 This means that IT must also remove the employee from each SaaS application. When there is no centralized control of the services an enterprise uses, it is often difficult to determine which SaaS applications a user had access to in the first place. This leads to orphaned accounts those accounts at third party sites (like Salesforce or Google) that are not de-provisioned, and ultimately represent a security threat and licensed seat financial drain. While it can be relatively easy to control access to on-site applications through an enterprise Active Directory (LDAP), in this scenario managing access to cloud-based applications requires a very hands-on approach. Figure 3 The nightmare of de-provisioning employees who work in the cloud YOUR COMPANY ADMIN Manual deprovisioning EXTERNAL ACCOUNTS TERMINATED EMPLOYEE Immediately ends access to multiple external accounts. The Second Generation: Federated Single Sign-On In order to solve this challenge for applications owned by an organization, many organizations moved to a Web Access Management (WAM) solution. With a WAM approach, IT leveraged a centralized directory (often Active Directory) as a central identity repository. Products like TIM/TAM, RSA Access Manager, and CA Siteminder gave a single point of control for administration and audits, required fewer credentials, and allowed IT to de-provision terminated employees quickly. This worked until companies needed to collaborate with partners and customers more efficiently, as well as the desire to leverage applications provided by third parties. This is when a new player arose the Application Service Provider, now known as Software-as-a-Service (SaaS) providers. The rise of the SaaS provider highlighted some shortcomings in WAM solutions, namely that you couldn t deploy the agents those solutions required on partner web servers, and the identity management cookies were bound to the domains. Organizations adopted federation access management tools as an added component to complement their WAM products. Products emerged to provide the identity management link to the same directory used by WAM, and then extend authentication and authorization beyond the enterprise using the industry-standard SAML (Security Assertion Markup Language). Today, however, there is now a gap between the authentication and single sign-on capabilities of federation solutions and the additional authorization and access control, auditing, and provisioning capabilities of WAM. The other challenge is that the federation and WAM setup treats local and remote applications differently, with federation products only offering SSO and very little integration. In this model, somebody needs to configure each SaaS provider separately and gives users no consistency between applications. This approach ignores the organization s need to secure, audit and control both types of applications in the same way. Federation products also only work with SAML-based SaaS solutions, a system that is very expensive and time-consuming for smaller SaaS providers to deliver. However, the greatest challenge for federation products is the one-to-one nature of their relationships. 4» Six Best Practices for Cloud-Based Identity Management Services»
5 Figure 4 : The SAML federation on Trust Relationship Figure 4 The SAML federation trust relationship SAML federations are based on a pair-wise model, where the Service Provider trusts the Identity Provider to authenticate the user so the Service Provider can grant the user access. Each relationship between an Identity Provider and a Service Provider must be established for each user via technical integration. This means that if Bob Jones needs access to five SaaS applications, somebody will need to establish each of those relationships for Bob, making SAML federations difficult to scale. AUTHENTICATE Ten new users like Bob will require somebody in IT to establish and manage 50 relationships. With 500 users accessing an average of five SaaS solutions, your organization needs to establish and manage 2,500 relationships. The geometric growth of this situation is pretty easy to calculate: the Number of Employees (e) multiplied by the Number of Applications (a) equals the Number of Relationships (r), or e x a = r. It simply doesn t scale. IDENTITY PROVIDER TRUST RELATIONSHIP APPLICATION USER SERVICE PROVIDER As access to SaaS applications grows, the SAML federation model won t scale with your organization regardless of whether you grow linearly or exponentially. This could result in a deterioration of security, compliance, agility, flexibility, or any combination of the four. The only feasible means of handling this growth is to rethink how federation is done. You need to move from a one-to-one mindset to creating a one-to-many relationship that allows the number of connections to grow in a linear fashion. Your IT team establishes relationships between each user and a central integration platform (preferably one that leverages identity stores like LDAP which you already have in place), which in turn connects to your SaaS portfolio. This single point of control gives IT the ability to audit, enforce policies, provision and de-provision across all of the organization s applications. ACCESS You need to move from a one-to-one mindset to creating a one-to-many relationship. A New Way Symplified s service gives you a single point of access to both your on-premises and cloud-based applications. A single point of entry that IT controls, making it easy to provision and deprovision users as needed. It acts as an identity bridge for employees as well as external users contractors, customers and partners to access the applications, or even parts of the applications, that you want them to access, and nothing more. Symplified has a flexible deployment model, delivering services via a virtual server in your infrastructure or as a hosted cloud service. It sits beside your existing products to enable a clean migration path. Symplified s approach to identity and access managemetn gives you the ability to scale in the way that you need to in order to keep pace with the growth of both external applications and access needs. Symplified provides SSO, authorization, authentication and auditing capabilities, so it can work for both on-premises and cloud-based applications accessed across any device or location. 5» Six Best Practices for Cloud-Based Identity Management Services»
6 Figure 5 The Symplified solution EMPLOYEE and/or CUSTOMER ON-PREMISES CLOUD PARTNER EXISTING IDENTITY INFRASTRUCTURE LDAP OTHER DBS & REST/SOAP Best Practices for Identity Management in the Era of SaaS Keeping in mind the growing number of applications your organization is using to run its operations, BYOD, and the expanding population of external users who need to access your applications, Symplified outlines six best practices to help you deliver access management while achieving your goals for security, compliance, IT simplicity and end user convenience. 1. LEVERAGE EXISTING INFRASTRUCTURE WHENEVER YOU CAN If you re implementing IAM in order to provide SaaS applications for employees, you ve likely already made a significant investment in processes and technology for managing usernames, passwords and other profile information. Most organizations leverage Active Directory, for example, as their primary system of record for user information. Some organizations have also deployed one-time password solutions, and others may have first-generation WAM systems in place which are difficult to extend to SaaS applications. The solution you choose to secure your employees usage of SaaS applications needs to leverage these existing investments rather than recreate them in a parallel system and maintain them independently. Redundant systems are inefficient, more difficult to secure, and fall out of sync, which in this case leads to orphaned accounts and access policy violations. One such example of where this fails is when an inside sales representative leaves a company and still has access to a corporate application. He can be removed from Active Directory immediately and lose access to on-premises applications. But if his Salesforce account remains in place he can log back in, download a customer lead list and deliver it into the hands of his new employer. If Salesforce had been relying on his former employer s Active Directory to authenticate the user, he would not have been able to get back into the service and access that list. If you re an organization implementing IAM to extend applications to customers or partners, you may not have an existing user store to manage identities. In these cases, the identity directories managed by a third party such as Facebook or Google can be used to authenticate users as they access applications. The ancil- lary benefits are cost savings and gathering more user information than you would if you try to manage external users like these directly. Whether you re implementing IAM to extend SaaS application access to employees or consumers, there s likely already a system and process in place for managing their user profile information. Be sure to leverage it. 6» Six Best Practices for Cloud-Based Identity Management Services»
7 2. LEVERAGE OPEN STANDARDS WHEREVER POSSIBLE Identity is fundmentally an integration challenge. It s about enabling providers of SaaS applications to leverage your existing identity stores. If you integrate with each one differently it s much more expensive to implement and maintain access. Rather than having to create a unique integration with each partner, open standards enable you to leverage a common integration approach across all of your partners that implement those standards. Additionally, standards enable more functionality than proprietary integrations, such as global logout. Rather than having to create a unique integration with each partner, open standards enable you to leverage a common integration approach across all of your partners Keep in mind that implementing a standard doesn t require you to implement all of it. For example, the SAML technical committee defined several different conformance profiles for the SAML specification where each implements a different subsection of the SAML specification. SAML was created before the emergence of SaaS and the cloud to enable SSO between business partners. SAML defines a one-to-one relationship between two organizations. The emergence of the SaaS application delivery model has created huge demand for federated SSO as businesses use more and more SaaS applications to run their operations. The cloud has become the primary driver for the adoption of SAML resulting in a many-to-one usage model that gives cloud IAM providers the opportunity to make it easier for organizations to implement SAML for their use of cloud applications. 2 Supporting Mobile Device Authentication and Single Sign-On to the Enterprise and Cloud, Gartner Research, August LEVERAGE A CLOUD IDENTITY BROKER The advantage of a service that acts as a bridge to the cloud is that they will already have SSO integrations with many (if not most) of the SaaS providers you want to work with. The reality today is, despite their benefits, the standards described above aren t implemented by most SaaS applications. Gartner estimates that less than 25% of SaaS application vendors support federated authentication today. 2 Where they are being used, they re often implemented in different ways. As a result, an organization ends up managing unique integrations for each of its partners an expensive proposition that requires identity expertise that most organizations don t have. There s a spectrum of solutions available today ranging from ones focused solely on user convenience to others focused more on enabling enterprise control and visibility. On one end, you have providers such as Okta, OneLogin, and others which are built around the convenience aspect of SSO. On the other end, enterprise solutions like TIM/TAM, RSA Access Manager, and CA Siteminder were built from the perspective of security, and focus on authorization rules, authentication, and auditing. In between these offerings lies identity and management providers like Symplified, which provides the simplicity, ease of use and lower total cost of ownership a cloud-delivered service is capable of offering while still providing the security benefits of an on-premises enterprise security solution. It s important you choose one with the right set of capabilities from the start (see Best Practice #6 for more on this point). 4. DON T REPLICATE SENSITIVE USER DATA IN THE CLOUD WHEN YOU CAN AVOID IT The problem federation sets out to solve is redundant data the fact that a given user s data is maintained uniquely within each service he uses. As mentioned earlier, it s inevitable these identities will fall out of sync. Choosing a federation solution that requires you to replicate data to yet another silo simply doesn t make sense. In many cases, it violates end user agreements to do so, and it increases the attack surface on one of your most critical systems. Fortunately, solutions like Symplified exist that work with your existing Active Directory (or other identity store) to provide secure access to cloud-based applications, without requiring you to replicate the information. 7» Six Best Practices for Cloud-Based Identity Management Services»
8 5. TO ENGAGe WITH BUSINESS UNITS ON SAAS DEPLOYMENTS, USE A CARROT, NOT A STICK Business unit leaders have been adopting SaaS applications without involving the corporate IT department. Where IT may take weeks to move on deployment, the SaaS provider may take hours, which makes IT appear as a speed bump they d prefer to avoid. This sidelines IT in important decisions about where critical applications and data are being stored. From a risk management perspective, it s critical for IT to be involved in that process. IT needs something they can offer to provide incentive to those departments to come back and involve them in those SaaS deployments. If a business unit uses a new app that s not a part of their SSO session, employees will be very vocal about having it included in their SSO session and force the business unit to have that conversation with IT. SSO is of one of the most powerful weapons at your disposal for restoring IT s role while also meeting your security and compliance needs. If you ve rolled out SSO, employees will expect each new application to be accessible via that SSO solution. If a business unit uses a new app that s not a part of their SSO session, employees will be very vocal about having it included in their SSO session and force the business unit to have that conversation with IT. One you ve implemented a comprehensive IAM solution, you will then get what are perhaps the more important benefits security, provisioning, authentication, compliance, and usage auditing. 6. IMpLEMENT AN IDENTITY MANAGEMENT CAPABILITY THAT WILL PROVIDE ALL OF THE SECURITY PROPERTIES YOU MIGHT ULTIMATELY NEED Not all IAM solutions are the same. Because they are designed with different architectures, they inherently deliver different security features. Some solutions are built with architectures that limit what security features they can provide; if you start with a very basic offering today, you may find yourself in a place where you can t get to the features you need tomorrow. Look at all of your security needs both for internal applications and public cloud-based applications to determine the full scope of what you ll ultimately need and select a product that s ultimately capable of getting you there. For example, if you need to segment authorization based on roles, make sure your IAM solution provides that capability. Another example is in more regulated industries where it s often required to have an audit trail of all end user activities in your SaaS applications beyond initial log in. 8» Six Best Practices for Cloud-Based Identity Management Services»
9 Summary SaaS, BYOD, and an ever-growing user mix of employees, contractors, customers and partners have introduced new complexities to cloud identity and access management. Providing it in a way that is convenient and efficient for employees while providing IT with visibility and control into SaaS application usage is key. Open standards exist for facilitating this kind of federated access. Identity and access management vendors provide solutions that make it very easy to leverage those standards. Using the six best practices outlined above along with a comprehensive identity management services from Symplified will help you extend your existing identity infrastructure to SaaS applications. You will deliver the security your organization needs and the simplicity your users want. Proxying offers the benefit of knowing what a user did while logged into an application, not just when they logged in. Symplified features a hybrid architecture that enables you to deploy your SSO capability in a way that makes the most sense for your organization, whether that s on premises or in the cloud. In one deployment model, Symplified provides a multitenant cloud service while still enabling the control and security of a single-tenant on-site deployment via a virtual appliance. Symplified can also run entirely in the cloud for organizations that want to completely leverage the benefits of the cloud. As a proxy-based solution, Symplified also delivers flexibility in processing: The solution has the capability to stay in the flow of all web traffic and provide an audit log of all user activity. This visibility is increasingly important to organizations as they address BYOD and SaaS used together; people are using more of their own devices, and organizations have lost visibility into what their users are doing when logged into SaaS services. Proxying offers the benefit of knowing what a user did while logged into an application, not just when they logged in. Additionally, as organizations attempt to get a handle on the value they re getting out of the SaaS applications they ve licensed, this information is extremely beneficial. For more on the features and benefits of identity management services from Symplified, access additional resources online at www. symplified.com/resources. The Symplified Advantage Symplified enables IT to securely manage identities in a world where enterprises increasingly have fewer boundaries. Support a mobile workforce; engage customers and partners; and enable and control access to any application on premises, in the cloud, or mobile anywhere in the world. Symplified is headquartered in Boulder, Colorado. Visit us at 9» Six Best Practices for Cloud-Based Identity Management Services»
Six Best Practices for Cloud-Based IAM
a best practices guide Six Best Practices for Cloud-Based IAM Making Identities Work Securely in the Cloud Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Executive
More informationTop Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper
Top Eight Identity & Access Management Challenges with SaaS Applications Okta White Paper Table of Contents The Importance of Identity for SaaS Applications... 2 1. End User Password Fatigue... 2 2. Failure-Prone
More informationexpanding web single sign-on to cloud and mobile environments agility made possible
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
More informationIdentity & Access Management in the Cloud: Fewer passwords, more productivity
WHITE PAPER Strategic Marketing Services Identity & Access Management in the Cloud: Fewer passwords, more productivity Cloud services are a natural for small and midsize businesses, with their ability
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationTop 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper
Okta White paper Top 8 Identity and Access Management Challenges with Your SaaS Applications Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-top8-113012
More informationAvoid the Hidden Costs of AD FS with Okta
Okta White paper Avoid the Hidden Costs of AD FS with Okta Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-adfs-031413 Table of Contents 1 Challenges of
More informationidentity as the new perimeter: securely embracing cloud, mobile and social media agility made possible
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationEnsuring the Security of Your Company s Data & Identities. a best practices guide
a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management
More informationSpeeding Office 365 Implementation Using Identity-as-a-Service
August 2015 www.sarrelgroup.com info@sarrelgroup.com Speeding Office 365 Implementation Using Identity-as-a-Service White paper August 2015 This white paper is sponsored by Centrify. August 2015 www.sarrelgroup.com
More informationAutomating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc. 400 2nd Street Suite 350 San Francisco CA, 94107
OKTA WHITE PAPER Automating User Management and Single Sign-on for Salesforce.com Okta Inc. 400 2nd Street Suite 350 San Francisco CA, 94107 info@okta.com 1-888-722-7871 Table of Contents 1 The Growth
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationConnecting Users with Identity as a Service
Ping Identity has demonstrated support for multiple workforce and external identity use cases, as well as strong service provider support. Gregg Kreizman Gartner 1 Connecting Users with Identity as a Service
More informationWhite paper Contents
Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Management Challenges of Software
More informationThree Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
OKTA WHITE PAPER Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-3waysad-113012 Table
More informationTop 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107
Top 8 Identity and Access Management Challenges with Your SaaS Applications Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 The Importance of Identity for SaaS
More informationWhite. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013
White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed
More informationHow To Manage A Plethora Of Identities In A Cloud System (Saas)
TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities
More informationIncrease the Security of Your Box Account With Single Sign-On
A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability
More informationsolution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationIntegrating Single Sign-on Across the Cloud By David Strom
Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio
More informationE l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s
I D C T E C H N O L O G Y S P O T L I G H T E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s M a nagement November 2013 Adapted from
More informationHow To Use Salesforce Identity Features
Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationInteroperate in Cloud with Federation
Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra
More informationAn Overview of Samsung KNOX Active Directory-based Single Sign-On
C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationWhite Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services
World Leading Directory Technology White Paper: Cloud Identity is Different Three approaches to identity management for cloud services Published: March 2015 ViewDS Identity Solutions A Changing Landscape
More informationPrompta volumus denique eam ei, mel autem
The Utroque F5 Cloud Democritum Federation Aeterno Nostro Reference Aperiam Architecture Usu Prompta volumus denique eam ei, mel autem Safely adopt an SaaS model by eliminating the drawbacks of distributed
More informationThe Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry
MANAGING CLOUD APPS IN THE ENTERPRISE How to Overcome the Complexity Whitepaper 2 The Trouble with Managing Multiple Cloud Identities Over the last decade, cloud-based apps have become fundamental to how
More informationGoogle Apps Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate
More informationCisco Software-as-a-Service (SaaS) Access Control
Cisco Software-as-a-Service (SaaS) Access Control Overview The benefits of using Software-as-a-Service (SaaS) solutions - software solutions delivered via the cloud-computing model - are clear for many
More informationF5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France
F5 Identity and Access Management (IAM) Overview Laurent PETROQUE Manager Field Systems Engineering, France F5 s Security Strategy Protect Apps/Data Wherever They Reside Control Access to Apps/Data from
More informationCloud, On-premises, and More: The Business Value of Software Deployment Choice
Cloud, On-premises, and More: A research report prepared by: Publication sponsored by: TABLE OF CONTENTS Introduction: Choices, Limits, and Adaptability Isn t Everything Cloud? The Importance of Architecture
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationThe Who, What, When, Where and Why of IAM Bob Bentley
The Who, What, When, Where and Why of IAM Bob Bentley Product Management Director October 2014 It s a Jungle Out There IAM is more than just provisioning user accounts and managing access to web pages
More informationHow To Make A Cloud Service Federation A Successful Business Model
A Channel Company White Paper Identity as a Service (IDaaS) Promising New Opportunity for MSPs Brought to You By: Abstract Managed service providers are increasingly finding themselves in the role of service
More informationB2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value
B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value IDM, 12 th November 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All
More informationActive Directory Integration WHITEPAPER
Active Directory Integration WHITEPAPER Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationIdentity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control
Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible Enterprises Are Leveraging Both On-premise and Off-premise
More informationHow to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment
WHITEPAPER How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment www.onelogin.com 150 Spear Street, Suite 1400, San Francisco, CA 94105 855.426.7272 EXECUTIVE SUMMARY
More informationActive Directory Integration 855.426.7227. www.onelogin.com twitter.com/onelogin ONELOGIN WHITEPAPER
Active Directory Integration Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role in how information
More informationCA Federation Manager
PRODUCT BRIEF: CA FEDERATION MANAGER CA FEDERATION MANAGER PROVIDES STANDARDS-BASED IDENTITY FEDERATION CAPABILITIES THAT ENABLE THE USERS OF ONE ORGANIZATION TO EASILY AND SECURELY ACCESS THE DATA AND
More informationOffice365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Office365 Adoption eguide Identity and Mobility Challenges Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Executive Summary Office 365 Adoption Accelerating Through the
More informationWHITE PAPER. Understanding Transporter Concepts
WHITE PAPER Understanding Transporter Concepts Contents Introduction... 3 Definition of Terms... 4 Organization... 4 Administrator... 4 Organization User... 4 Guest User... 4 Folder Hierarchies... 5 Traditional
More informationSecurity Services. Benefits. The CA Advantage. Overview
PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES CA SiteMinder Federation Security Services CA SITEMINDER FEDERATION SECURITY SERVICES EXTENDS THE WEB SINGLE SIGN-ON EXPERIENCE PROVIDED BY CA
More informationHow To Integrate With Salesforce Crm
Introduction Turbo-Charge Salesforce CRM with Dell Integration Services By Chandar Pattabhiram January 2010 Fueled by today s fiercely competitive business environment, IT managers must deliver rapid,
More informationSolving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools
White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology
More informationDelivering value to the business with IAM
Delivering value to the business with IAM IDM, 18 th June 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All statements other than statements
More informationTIT E IS A. Social Media. Soziale Netze und IT Sicherheit. Herausforderung? Chance? Alfred Bach Solution Strategist ALPS WE CAN IN BO
TIT E Social Media IS A QUES Soziale Netze und IT Sicherheit Herausforderung? Chance? Alfred Bach Solution Strategist ALPS WE CAN ANSW IN BO 1.43B social network users by 2012¹ 305B mobile app downloads
More informationAn Overview of Samsung KNOX Active Directory and Group Policy Features
C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationCloud Computing. Chapter 5 Identity as a Service (IDaaS)
Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of
More informationWHITEPAPER. Identity Access Management: Beyond Convenience
WHITEPAPER Identity Access Management: Beyond Convenience INTRODUCTION Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are
More informationGuideline on Implementing Cloud Identity and Access Management
CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National
More informationI D C V E N D O R S P O T L I G H T
I D C V E N D O R S P O T L I G H T E n f o r c i n g I dentity a nd Access Management i n C l o u d a n d Mobile Envi r o n m e n t s November 2012 Adapted from Worldwide Identity and Access Management
More informationIdentity Access Management: Beyond Convenience
Identity Access Management: Beyond Convenience June 1st, 2014 Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are looking
More informationExecutive s Guide to Cloud Access Security Brokers
Executive s Guide to Cloud Access Security Brokers Contents Executive s Guide to Cloud Access Security Brokers Contributor: Amy Newman 2 2 Why You Need a Cloud Access Security Broker 5 You Can t Achieve
More informationMoving to the Cloud: What Every CIO Should Know
Moving to the Cloud: What Every CIO Should Know CONTACT SALES US: 1.877.734.6983 UK: +44 (0)845.528.0588 www.egnyte.com WHITEPAPER Overview Enterprise data storage needs are growing exponentially, doubling
More informationTHE QUEST FOR A CLOUD INTEGRATION STRATEGY
THE QUEST FOR A CLOUD INTEGRATION STRATEGY ENTERPRISE INTEGRATION Historically, enterprise-wide integration and its countless business benefits have only been available to large companies due to the high
More informationCLAIMS-BASED IDENTITY FOR WINDOWS
CLAIMS-BASED IDENTITY FOR WINDOWS TECHNOLOGIES AND SCENARIOS DAVID CHAPPELL FEBRUARY 2011 SPONSORED BY MICROSOFT CORPORATION CONTENTS Understanding Claims-Based Identity... 3 The Problem: Working with
More informationATS. The. The Staffing Agency s Guide to Buying an Applicant Tracking System
ATS The Advantage: The Staffing Agency s Guide to Buying an Applicant Tracking System 87 % of North American recruiting professionals agree that using ATS/CRM technology is important to the success of
More informationAdding Single Sign-On to CloudPassage Halo
Adding Single Sign-On to CloudPassage Halo For Halo Site Administrators Contents: About SAML-Based Single Sign-On Integrating Halo With a Single Sign-On Provider 1. Enable and Configure SSO 2. Configure
More informationIdentity and Access Management for the Cloud
Identity and Access Management for the Cloud What you need to know about managing access to your clouds Organizations need to control who has access to which systems and technology within the enterprise.
More informationExtending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper
with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,
More informationAuthentication as a Service (AaaS): Creating A New Revenue Stream with AuthAnvil
Authentication as a Service (AaaS): Creating A New Revenue Stream with AuthAnvil SaaS, PaaS, IaaS Powered by advancements in cloud technology, the X as a Service model has become exceptionally popular
More informationOverview of Microsoft Enterprise Mobility Suite (EMS) Cloud University
Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1
More informationAddressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Addressing the BYOD Challenge with Okta Mobility Management Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Executive Summary The Impact of BYOD BYOD can be a very polarizing
More informationDirectory-as-a-Service Primer (DaaS)
Directory-as-a-Service Primer (DaaS) Directory-as-a-Service or DaaS is the modern adaptation of traditional Microsoft Active Directory (AD) and Lightweight Directory Access Protocol (LDAP). It is a cloud-based
More informationStop Password Sprawl with SaaS Single Sign-On via Active Directory
CENTRIFY WHITE PAPER Stop Password Sprawl with SaaS Single Sign-On via Active Directory Abstract Organizations are rushing to SaaS in an effort to move business initiatives along faster than the traditional
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationSecure Enterprise Online File Sharing with Syncplicity Date: November 2014 Author: Tony Palmer, Senior Lab Analyst, Aviv Kaufmann, Lab Analyst
ESG Lab Review Secure Enterprise Online File Sharing with Syncplicity Date: November 2014 Author: Tony Palmer, Senior Lab Analyst, Aviv Kaufmann, Lab Analyst Abstract: Organizations are challenged in today
More informationIdentity Implementation Guide
Identity Implementation Guide Version 37.0, Summer 16 @salesforcedocs Last updated: May 26, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationJumpCloud is your Directory-as-a-Service. A fully managed directory to rule your infrastructure whether on-premise or in the cloud.
JumpCloud is your Directory-as-a-Service A fully managed directory to rule your infrastructure whether on-premise or in the cloud. Authenticate Ensure your users are who they say they are. JumpCloud authenticates
More informationPick Your Identity Bridge
Pick Your Identity Bridge Options for connecting users and resources across the hybrid cloud Executive Overview Enterprises are increasing their use of software as a service (SaaS) for two principal reasons:
More informationWHITE PAPER AUGUST 2014
THE DEFINITIVE GUIDE TO CLOUD ACCESS SECURITY BROKERS WHITE PAPER AUGUST 2014 For many enterprises, security and compliance concerns hamper adoption of cloud applications. Furthermore, cloud applications
More informationTotal Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER
Total Cost of Ownership Overview vs OneLogin WHITEPAPER Are you really going to double down on machines, software and professional services to extend Active Directory (AD)? Executive Summary Are you planning
More informationHow cloud computing can transform your business landscape.
How cloud computing can transform your business landscape. This whitepaper will help you understand the ways cloud computing can benefit your business. Introduction It seems like everyone is talking about
More informationWHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory
WHITEPAPER 13 Questions You Must Ask When Integrating Office 365 With Active Directory Many organizations have begun their push to the cloud with a handful of applications. Microsoft s Office 365 offering
More informationBusiness Transformation with Cloud ERP
Photo copyright 2012 Michael Krigsman. Business Transformation with Cloud ERP Prepared by Michael Krigsman February 2012 NetSuite sponsored this independent white paper; Asuret does not endorse any vendor
More informationEXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS
EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationTop. Reasons Federal Government Agencies Select kiteworks by Accellion
Top 10 Reasons Federal Government Agencies Select kiteworks by Accellion Accellion Government Customers Include: Top 10 Reasons Federal Government Agencies Select kiteworks Accellion provides government
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationEXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing
More informationTRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE
White Paper TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE Pulse Connect Secure Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and
More informationSECURITY IN THE CLOUDS: THE BUSINESS CHALLENGE
SECURITY IN THE CLOUDS: THE BUSINESS CHALLENGE originally printed in tom sitpro February 2012 PART 1: A FUNDAMENTAL SHIFT Cloud solutions fundamentally shift the way that computing services are delivered.
More informationA HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD
A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD By Gail Coury, Vice President, Risk Management, Oracle Managed Cloud Services 2014 W W W. OU T S O U R C IN G - CEN T E R. C O M Outsourcing
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationHow On-Premise ERP Deployment Compares to a Cloud (SaaS) Deployment of Microsoft Dynamics NAV
How On-Premise ERP Deployment Compares to a Cloud (SaaS) Deployment of Microsoft Dynamics NAV 13875 Cerritos Corporate Dr., #A Cerritos, CA 90703 Toll Free : (800) 969-APEX Tel : (562) 926-6820 E-mail
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationSaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology
SaaS at Pfizer Challenges, Solutions, Recommendations Agenda How are Cloud and SaaS different in practice? What does Pfizer s SaaS footprint look like? Identity is the Issue: Federation (SSO) and Provisioning/De-provisioning
More informationWhite Paper. Getting ahead in the cloud. the need for better identity and access controls
White Paper Getting ahead in the cloud A White Paper by Bloor Research Author : Fran Howarth Publish date : March 2013 Users are demanding access to applications and services from wherever they are, whenever
More informationSaaS. A Cost Reduction Strategy or a Source of Strategic Advantage? Paul Selway Solution Architect
SaaS A Cost Reduction Strategy or a Source of Strategic Advantage? Paul Selway Solution Architect The Architect The Architects Role I doubt we will ever all agree what an architect is! Sometimes we are
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationPeople-Focused Access Management. Software Consulting Support Services
People-Focused Access Management Software Consulting Support Services A beautiful experience. Anytime, anywhere. Access: One is an industry-leading Access Management platform that provides you with versatile
More information