PRODUCT BRIEF OpenAM. Delivering secure access for customers, applications, devices and things



Similar documents
OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

WHITEPAPER Improving the Quality of Government Services with Citizen-Focused Identity Management

WHITEPAPER OpenIDM. Identity lifecycle management for users, devices, & things

WHITEPAPER ForgeRock Identity Management. Identity lifecycle management for users, devices, and things

G Cloud 6 CDG Service Definition for Forgerock Software Services

Helping Healthcare Organizations to Build Digital Businesses

Tech Brief: Upgrading from Sun IAM to ForgeRock Open Identity Stack

managing SSO with shared credentials

Open Identity Stack. Forging a New Future with Identity Relationship Management

The Top 5 Federated Single Sign-On Scenarios

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Secure the Web: OpenSSO

Identity as a Revenue Generator:

IBM Tivoli Federated Identity Manager

nexus Hybrid Access Gateway

Flexible Identity Federation

OPENIAM ACCESS MANAGER. Web Access Management made Easy

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

The Circle of Life: Protecting Your Sun IAM Investment with ForgeRock s Open Identity Stack (formerly Sun Open Source IAM)

Avoid the Hidden Costs of AD FS with Okta

APIs The Next Hacker Target Or a Business and Security Opportunity?

Google Identity Services for work

Single Sign On. SSO & ID Management for Web and Mobile Applications

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

White paper December Addressing single sign-on inside, outside, and between organizations

HOL9449 Access Management: Secure web, mobile and cloud access

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Introduction to SAML

IDDY. Case Study: Rearden Commerce Delivers SaaS Via Federation WINNER

SECUREAUTH IDP AND OFFICE 365

The Primer: Nuts and Bolts of Federated Identity Management

PortWise Access Management Suite

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

The Who, What, When, Where and Why of IAM Bob Bentley

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

BOF4803 Open source identity and access management. 1 October :30p San Francisco CA

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

An Oracle White Paper Feb Buyer s Guide for Access Management

NetworkingPS Federated Identity Solution Solutions Overview

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

The Primer: Nuts and Bolts of Federated Identity Management

owncloud Architecture Overview

Glinda Cummings World Wide Tivoli Security Product Manager

SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity

An Overview of Samsung KNOX Active Directory and Group Policy Features

Enterprise Open Source Identity Middleware. Anders Askåsen, Product Manager

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Cisco Enterprise Mobility Services Platform

Build Your Mobile Strategy Not Just Your Mobile Apps

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Federated Identity and Single Sign-On using CA API Gateway

Identity. Provide. ...to Office 365 & Beyond

Ping Identity, Euro Cloud award entry

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Access Management Analysis of some available solutions

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

PortWise Access Management Suite

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

White paper Contents

Statement of Direction

CA Federation Manager

CA Single Sign-On Migration Guide

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

White Paper The Identity & Access Management (R)evolution

A Standards-based Mobile Application IdM Architecture

C21 Introduction to User Access

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

User-Centric Client Management with System Center 2012 Configuration Manager in Microsoft IT

Collaborating with External Users

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

How Oracle MAF & Oracle Mobile Cloud can Accelerate Mobile App Development

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

SAML-Based SSO Solution

Helping organizations secure and govern application services for SOA, Web and the Cloud

Provide access control with innovative solutions from IBM.

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

SOA REFERENCE ARCHITECTURE: WEB TIER

Frans Bolk CEO UniQ-ID

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

Web Applications Access Control Single Sign On

API Management: Powered by SOA Software Dedicated Cloud

OpenID Connect 1.0 for Enterprise

Identity and Access Management

IQS Identity and Access Management

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

SAP HANA Cloud Portal Overview and Scenarios

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Grid and Multi-Grid Management

Strengthen security with intelligent identity and access management

Select the right solution for identity and access governance

Simplify and Secure Cloud Access to Critical Business Data

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

CA Technologies Empowers Employees with Better Access to Applications via OneAccess Mobile App

Transcription:

PRODUCT BRIEF OpenAM Delivering secure access for customers, applications, devices and things

Introduction Identity and access management is going through a new golden age. CEOs are pushing growth as their top priority and digital innovation is the primary path to achieving growth. Identity is central to everything digital and, as a result, a foundational element to the digital transformation. Today s identity use cases, however, are quite different from classic, employee-centric identity and access management use cases, demanding a different type of identity platform focused on very different problems. Legacy identity management solutions are based on monolithic platforms that use static rules to make decisions. Most of these offerings are platforms in name only, combining lots of standalone component products together under a single sales SKU. These solutions were not designed to easily integrate with any application (on premises or off), to provide device-agnostic access, to handle large-scale populations, or to make decisions based on consumer context. In short, traditional IM cannot meet today s business demands. To connect customers and citizens to relevant goods and services in the digital age, businesses and governments instead require customer-focused identity management. They require a platform that can identity-enable new services in months not years, manage the identities of users devices and things, support massive scale, and maintain a persistent identity across the end-to-end omni-channel. The latest OpenAM release delivers on all of these requirements making it great for users, administrators and developers alike. OpenAM Overview OpenAM is the only all-in-one open source access management solution, and provides the most innovative and comprehensive set of services for customer-facing identity relationship management, as well as traditional access management capabilities. What legacy identity vendors have traditionally delivered as several different products SSO, social sign-on, adaptive authentication, strong authentication, federation, web services security, and fine-grained authorization is delivered as a single, unified offering. Organizations can use the access control services they need and simply turn on additional services when ready. The solution has an inherently unique architecture to support use cases from complex enterprise access control, to multiprotocol federation, to enabling SSO for cloud systems. At the highest level OpenAM consists of a single, self-contained Java application; service components such as session management; client-side APIs in C, Java, and REST; service provider interfaces to enable custom plugins; and policy agents for web and app server containers to enforce access policies to protected web sites and web applications. Organizations with existing internal access management solutions can easily integrate OpenAM into their environment through API services or through the token translation service. Maintaining all installation and configuration capabilities within one application vastly simplifies deployment. In addition, agent configuration, server configuration, and other tasks are simplified so they re repeatable and scalable, making it easy to deploy multiple instances of the solution without additional effort. The embedded OpenDJ directory server eliminates the need to configure a separate directory to support the configuration and user stores; if desired, users can utilize other directories such as Active Directory or databases.

Key OpenAM Features Authentication: Supporting over 25 out-of-the-box authentication methods, OpenAM has the flexibility to chain methods together along with Adaptive Risk scoring, or to create custom authentication modules based on the JAAS (Java Authentication and Authorization Service) open standard. Windows IWA is supported to enable a completely seamless, heterogeneous OS and web application SSO environment. OpenAM is designed to be flexible and modular, making for a seamless user experience. Adaptive Risk Authentication: The adaptive risk authentication module is used to assess risks during the authentication process, to determine whether to require the user to complete further authentication steps. Adaptive risk authentication determines, based on risk scoring, whether more information from a user is required when they log in. For example, a risk score can be calculated based on an IP address range, access from a new device, account idle time, etc., and applied to the authentication chain. By using context to evaluate the legitimacy of the user s login attempt, OpenAM can bar invalid entrants in real-time. Authorization: OpenAM provides authorization policy, from basic, simple, coarse-grained rules to rich and powerful finegrained entitlements with contextual understanding. By taking authorization policy away from the individual applications and centralizing it on OpenAM, developers can quickly add or change policy as needed, without modification to the underlying applications. Using the modern GUI-based policy editor with its point-and-click, drag-and-drop operations, sophisticated policies can be built to deliver controlled access to resources. Developers can easily deal with fine-grained policies through REST APIs. OpenAM s centralized, simplified authorization capabilities make it easy for developers to add or change policy at will. Federation: Federation services securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols (SAML, OAuth2, OpenID Connect). This allows users to access services that span the cloud and mobile devices, on premises and off, eliminating the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows adoption. Single Sign-On (SSO): OpenAM provides multiple mechanisms for SSO, whether the requirement is to enable cross-domain SSO for a single organization, or SSO across multiple organizations through the Federation Service. OpenAM supports multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers. OpenAM can also act as a multi-protocol hub, translating for providers who rely on other, older standards. OpenAM provides a variety of flexible options for single sign-on. User Self-Service and Social Sign-On: OpenAM is a perfect solution for customer-facing identity where it s essential to employ a light touch when dealing with millions of users, all while providing the highest possible security. Businesses need to deliver a great, easy-to-use self-service login, empowering the user wherever possible, such as through easy self-registration or password reset. Otherwise customers are very quick to go somewhere else. OpenAM also supports integration with social sign-on, via services such as Facebook, LinkedIn, or Google, eliminating the need for user registration and thus paving the way for rapid customer adoption by drawing them in. Developer Friendliness and Open Standards: Simple download and availability of nightly builds makes OpenAM very easy to install and evaluate. It provides client application programming interfaces with Java and C APIs and a RESTful API that can return JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using REST clients in their language of choice. OAuth2.0 also provides a REST interface for the modern, lightweight federation and authorization protocol. Features such as user self-service, policy, and security token service are also exposed through REST APIs, making it simple for developers to adopt powerful functionality.

High Availability and Scalability: To enable high availability for large-scale and mission-critical deployments, OpenAM provides both system failover and session failover. These two key features help to ensure that no single point of failure exists in the deployment, and that the OpenAM service is always available to end-users. Redundant OpenAM servers, policy agents, and load balancers prevent a single point of failure. Session failover ensures the user s session continues uninterrupted, and no user data is lost. OpenAM Functional Architecture UI Layer Management End User Protected Resources Layer Web Agents JavaEE Agents WS Agents Access Layer Common REST OpenID Connect OAuth2 SAML WS Services Layer AuthN Federation Adaptive Risk AuthZ Social Sign-On Single Sign-On Registration Session Management Password Management Entitlements Audit Logging Data Persistence Layer External Layer Authentication Systems User Directory Stores Reporting Tools SIEM, Analytics Tools ESG Lab validated that ForgeRock OpenAM 12 enabled fast and straightforward implementation of complex customer-facing registration, authentication, and authorization scenarios. Using built-in tools, ESG Lab was able to configure self-registration in seconds, and third-party social authentication in minutes. In all, it took less than ten minutes of console time to configure user selfservice, password recovery, and third-party authentication. The scripted authentication and policy engines enabled strong authentication and authorization of users, without the need to spend development cycles on complex custom modules. ESG Lab validation report: ForgeRock Identity Platform.

Customer Use Case CUSTOMER: Government of Norway Providing 4M citizens access to 300+ government services online THE CHALLENGE: Deliver secure government services to Norwegian citizens and businesses so they can do things like obtain birth and death certificates, apply for schools and student loans, manage welfare services and health information, and pay parking tickets, automobile registration fees, utility bills, and taxes online. THE SOLUTION: Implement a flexible, secure, single-access architecture built with ForgeRock OpenAM to enable nearly 100% of citizens to access over 300 government services. HOW: The hub, ID-Porten, is at the center of the architecture. Government agencies such as the tax office, labor and welfare agency, health economics administration agency, and water and energy directorate are the spokes that use the authentication and single sign-on services of ID-Porten. The ID-Porten implements several levels of authentication: MyID, which uses PIN code authentication; BankID, a bank-issued electronic ID; Buypass, a private electronic ID that can also be used to bet online in Norway; and Certificates which are stored in USB pens and issued by a private company. Each of the authentication eids can be associated with different authentication contexts and different authentication strengths. BENEFITS: Nearly 100% of adult citizens and over 500,000 businesses now access municipal, regional, and national government services from a single portal online, resulting in better security, faster processing times, and measurable savings. OpenAM s simple, secure access to government services played a large part in the success of the egovernment initiative. Scalability and performance. ID-Porten and the authentication environment can handle more than one million users signing in on a single day without outages or degradation in performance, such as on the day taxes are due. TOR ALVIK, COO, Agency for Public, Management & egovernment Why ForgeRock OpenAM? OpenAM is designed to give customers not only low friction, context-aware access, but also a personalized experience on any digital channel, whether a mobile device, connected car, home appliance, or whatever the next connected innovation might be. This can be achieved by putting identity at the center of all digital transformation projects and enabled by OpenAM and ForgeRock s overall Identity Platform. OpenAM provides the following key benefits to your organization: Enables Solutions for Additional Revenue Streams. OpenAM provides the tools and components to quickly deploy services to meet customer demand. For example, OpenAM s Federation services supports quick and easy deployment with existing SAMLv2, OAuth2, and OpenID Connect systems. For systems that do not support a full SAMLv2 deployment, OpenAM provides a Fedlet, a small SAML 2.0 application, enabling Service Providers to quickly add SAML 2.0 support to their Java or.net applications. These solutions open up new possibilities for additional revenue streams.

Provides Flexibility Through Open Source Access. As access to the source code is provided, quality of the code and security of the final product are increased. Flexibility is provided by the fact that the code can easily be extended for individual needs. Investment in OpenAM is protected as the product will always live on as open source. Improves User Experience. OpenAM enables users to experience more services using single sign-on (SSO) without the need of multiple passwords, social sign-on (e.g. with Google or Facebook accounts), and general user self-services such as registration or easy password resets. Reduces Operational Cost and Complexity. OpenAM can function as a hub, leveraging existing identity infrastructures and provide multiple integration paths using its authentication, single sign-on (SSO), and policies to your applications without the complexity of sharing web access tools and passwords for data exchange. OpenAM decreases the total cost of ownership (TCO) through its operational efficiencies, modularity, rapid time-to-market, and high scalability to meet the demands of the customer-centric identity market. It s one solution that offers SSO, social sign-on, adaptive authentication, strong authentication, federation, web services security, and fine-grained authorization. Easier Configuration and Management. OpenAM centralizes the configuration and management of your access management system, allowing easier administration through its console and command-line tools. OpenAM also features a flexible deployment architecture that unifies services through its modular and embeddable components. OpenAM provides a common REST framework and common user interface (UI) model, providing scalable solutions as your customer base increases to the hundreds of millions. OpenAM also allows enterprises to outsource IAM services to system integrators and partners. Increased Contextual Security. OpenAM provides an extensive entitlements service, featuring attribute-based access control (ABAC) policies as its main policy framework with features like import/export support to XACML, a policy editor, REST endpoints for policy management. OpenAM also comes with an extensive auditing service to monitor access according to regulatory compliance standards. ForgeRock helped us integrate the OpenAM solution into our highly complex, heterogeneous IT environment quickly and easily. In fact, the launch was so smooth that some users did not even realize it had taken place. The ForgeRock University team also provided training sessions to help our staff learn to use the solution quickly. MARTIN SCHIKOWSKI, Project Manager for Web Applications at Kabel Deutschland Conclusion Built for today s and tomorrow s digital challenges, ForgeRock OpenAM provides access management in a single unified solution that is designed to give customers not only context-aware single sign-on access but also a personalized experience on any digital channel, whether a mobile device, connected car, home appliance, or whatever the next connected innovation might be. For more information on OpenAM, visit https://www.forgerock.com/en-us/products/access-management/ and http://openam. forgerock.org/. SAN FRANCISCO VANCOUVER OSLO BRISTOL GRENOBLE LONDON +1-415-599-1100 +1-360-229-7105 +47-2108-1746 +44-117-223-2167 +33-625-14-96-92 +44-20-3598-4786 SINGAPORE +65-6709-5705 About ForgeRock The ForgeRock Identity Platform transforms the way millions of customers and citizens interact with businesses and governments online, providing better security, building relationships, and enabling new cloud, mobile, and IoT offerings from any device or connected thing. ForgeRock serves hundreds of brands like Morningstar, Vodafone, GEICO, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, among many others. Headquartered in San Francisco, California, ForgeRock has offices in London, Bristol, Grenoble, Oslo, Singapore, and Vancouver, Washington. ForgeRock is privately held, backed by leading global venture capital firms Accel Partners, Foundation Capital, and Meritech Capital. For more information and free downloads, visit http://www.forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock. ForgeRock is the trademark of ForgeRock Inc. or its subsidiaries in the U.S. and in other countries. FORGEROCK.COM

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information