Safewhere*Identify. Introduction. You just need one system for all your user on-boarding, admin and authentication



Similar documents
Safewhere*Identify 3.4. Release Notes

Identity. Provide. ...to Office 365 & Beyond

SECUREAUTH IDP AND OFFICE 365

Single Sign On. SSO & ID Management for Web and Mobile Applications

CLAIMS-BASED IDENTITY FOR WINDOWS

The Top 5 Federated Single Sign-On Scenarios

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION

BUILDING SAAS APPLICATIONS ON WINDOWS AZURE

SmartCenter for Pointsec - MI Overview

Network device management solution

YubiKey Authentication Module Design Guideline

7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia

TeamViewer 9 Manual Management Console

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Microsoft Windows Intune: Cloud-based solution

From centralized to single sign on

Flexible Identity Federation

1. Management Application (or Console), including Deferred Processor & Encryption Key 2. Database 3. Website

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Blackbird Management Suite Blackbird Group, Inc.

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

Talk Internet User Guides Controlgate Administrative User Guide

GP REPORTS VIEWER USER GUIDE

Integrating Single Sign-on Across the Cloud By David Strom

Data Sheet: Work Examiner Professional and Standard

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Cloud Computing - Architecture, Applications and Advantages

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

CDUfiles User Guide. Chapter 1: Accessing your data with CDUfiles. Sign In. CDUfiles User Guide Page 1. Here are the first steps to using CDUfiles.

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

Collaborating with External Users

PRODUCT BRIEF OpenAM. Delivering secure access for customers, applications, devices and things

Introduction. Editions

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Cloud Desktop. What is a Cloud Desktop? continued on next page

Understanding Enterprise Cloud Governance

PortWise Access Management Suite

WatchGuard SSL 2.0 New Features

Authentication as a Service (AaaS): Creating A New Revenue Stream with AuthAnvil

Vodafone Hosted Services. Getting started. User guide

Page 1. Overview of System Architecture

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Administrators Help Manual

USING FEDERATED AUTHENTICATION WITH M-FILES

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Overview. Edvantage Security

Security Overview Enterprise-Class Secure Mobile File Sharing

Secure any data, anywhere. The Vera security architecture

Hosting topology SMS PASSCODE 2015

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Swivel Multi-factor Authentication

Google Identity Services for work

PortWise Access Management Suite

FileCloud Security FAQ

Copyright

Overview. Timeline Cloud Features and Technology

The Social Accelerator Setup Guide

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

Deployment Guide: Unidesk and Hyper- V

etoken TMS (Token Management System) Frequently Asked Questions

CloudPassage Halo Technical Overview

TeamViewer 9 Manual ITbrain

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Forefront Spam Filtering

Identity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds

How to Use Windows Firewall With User Account Control (UAC)

Dell World Software User Forum 2013

Mobile Online Banking

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

PORTAL ADMINISTRATION

White paper December Addressing single sign-on inside, outside, and between organizations

IIS SECURE ACCESS FILTER 1.3

Office 365 deployment checklists

ManageEngine ADSelfService Plus. Evaluator s Guide

Using SAML for Single Sign-On in the SOA Software Platform

Complete Patch Management

Okta/Dropbox Active Directory Integration Guide

Single Sign On: Volunteer Connection Support Tree for Administrators Release 2.0

Backup Exec 2010: Archiving Options

OneDrive for Business FAQ s Updated 6/19/14

Managing User Accounts and User Groups

Quick Start Guide Getting started with your Hetzner package

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

HOSTED DESKTOP MANUAL

The Essentials of Enterprise Password Management. FastPass Password Manager V 3.4 Enterprise & Service Provider Editions

HP-UX 11i software deployment and configuration tools

BusinessObjects Enterprise XI Release 2

Made for MSPs by an MSP

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Set internet safety parental controls with Windows

Contents. Overview 1 SENTINET

Office 365 deploym. ployment checklists. Chapter 27

Transcription:

Safewhere*Identify Introduction You just need one system for all your user on-boarding, admin and authentication

Contents Introducing Safewhere Identify... 3 Facebook, Google, Active Directory, one-time password, mobile devices etc.... 3 Matching logins to applications and vice versa... 3 Allowing the same user to log in more than once... 4... and allowing the application to vary its login demands based on the user s needs... 4 Mixing any two logins into a single login... 4 Fully customizable login pages for mobile devices, PCs, ipads etc.... 4 Catering to your unique end-user needs... 4 Usability... 5 You re free to add your very own logins and claims transformations... 5 Directory services with a twist... 5 Multitenant architecture... 6 All the usual stuff... 6 with a couple of important twists... 7

Introducing Safewhere Identify Safewhere Identify was designed on the premise of creating the most modular and adaptable federation server on the market. Based on our seven years of consulting work inside the nascent field of identity federation, we know that Safewhere Identify is uniquely positioned for meeting the needs in advanced, large or heterogeneous infrastructures. We are continually putting a lot of time and effort into ensuring that no coding will be needed when catering to the ordinary use cases with Safewhere Identify, due to our belief that a federation service is first and foremost a vital infrastructure component that should be in the hands of the operations department. We do, on the other hand, fully recognize that special needs may call for uncommon solutions. And we do know from first-hand experience there is, indeed, a lot of customization going on, since the federation service has to cater to two very different needs: Being a crucial part of the end-user experience as well as delivering security. Based on these experiences, we re convinced that we ll be able to embrace your particular needs better than anyone else due to the uniquely modular and open architecture put forward with Safewhere Identify. In order to give you a feel for this, we have expounded on some of the many highlights of Safewhere Identify in this document. However, you should be aware that the devil is hidden in the details, when it comes to federation services. So we simply can t cover anywhere close to everything that is offered within Safewhere Identify in this note. For more in-depth information, we kindly ask you to refer to the user guideline and the release notes, which are found on our web site. And you will most probably need to get in touch with us, if you need to understand why Safewhere Identify will meet your specific needs better than anyone. Facebook, Google, Active Directory, one-time password, mobile devices etc. Logins are what makes the federation come to life in the eyes of the users. Safewhere Identify has already got a wide variety of login providers lurking inside the box: Facebook, Google, Twitter, LinkedIn, OpenID, Live ID, Active Directory, LDAP-based directories, a generic provider for external authentication, username/password for the built-in user directory as well as One Time Password, mobile device-based login, SAML 2.0 and WS-Federation. Also, we ve created a fair deal of custom-purpose login providers as well as login providers that only apply inside a certain country or regional area. Since Safewhere Identify is uniquely positioned for adding new login providers, we are constantly introducing new ones to increase Identify s reach and instant applicability, as well as to keep afoot with the developments in the security area. Matching logins to applications and vice versa More often than not, some applications are only suited for certain logins and vice versa. Safewhere Identify is able to cater to your needs in this area. You simply specify the available logins that are

suited for the applicable application and then you can rest assured that Safewhere Identify will handle everything before the user reaches the application in question. Allowing the same user to log in more than once One of the many things that one comes to realize once the federation starts to grow, is that it makes a lot of sense to be able to allow the user to log in in different ways depending on the application and the needed security levels. That is, one might need Facebook login for one application. Then, another application might call for Active Directory login, while a third application will need mobile device-based login. Safewhere Identify is able to handle all these needs in a controlled and structured way.... and allowing the application to vary its login demands based on the user s needs In many cases, the user should be able to access parts of the site with certain logins and when the user wishes for more control (or access to sensitive information), the application should up the ante in terms of the assurance level required. In the ideal world, it is only when the user is in fact trying to gain access to the inner chambers that we should trigger the need for additional authentication, thereby avoiding laborious authentication processes, when it is not necessary. This is why we ve combined our unique functionality for handling multiple logins from the same user with the popular WHR 1 parameter, which allows an application to ask for additional assurance in the shape of an additional login (for instance, a one-time password or even a different login), whenever the need arises. Mixing any two logins into a single login Safewhere Identify also allows you to create multifactor logins for increased assurance. That is, you can combine any two logins into a new login. And you can even decide how Safewhere Identify should process the claims when combining the two logins to create a very versatile and flexible solution that not only applies to one-time password logins, but virtually any two login types. Fully customizable login pages for mobile devices, PCs, ipads etc. You are given full control over the look and feel of the pages shown to the users. We ve even thrown in a mobile framework that allows you to effortlessly create separate web pages for all the devices that you wish to cater for. The same goes for web browsers. That is, you can even create views for each individual browser available for the device! Catering to your unique end-user needs Identify is built upon a robust framework that allows for fully-fledged localization and customization of error messages and other text resources, both in terms of updating the default languages that 1 Even though, WHR strictly speaking is only a part of the WS-Federation specification, Identify does in fact allow it to be used in SAML 2.0-based applications as well.

come with the system, as well as introducing new ones. This can be used to fully localize pages and thereby deliver an even better and more relevant user experience for the context in question. Usability Based on our experiences with users trying to bookmark the wrong web page and other things akin to this, Safewhere Identify also includes support for handling errors as graciously as possible through the ability to redirect malformed requests to a separate web page for each login or, when all else fails, a general catch all web page. You re free to add your very own logins and claims transformations As mentioned earlier, Safewhere Identify is built in a modular fashion. For instance, you re free to introduce your own login provider using the pluggable login provider framework. All you need is to implement the PlugIn interface and design the end points. Each login provider should, as a minimum, always have two endpoints: a SignOn.idp endpoint and a Consumer.idp endpoint. Also, you will likely want to implement a UI where the plugin can be administered. The same goes for claims transformations. That is, if Identify s built-in claims transformation solutions don t meet your needs, the external claims transformation module option allows you to roll your own customized claim transformations module (a DLL) and deploy it to Identify by a simple file copy. Directory services with a twist Safewhere Identify also includes a hierarchical user and role database that parallels the functionality found in a directory service. For instance, it s possible to use the hierarchy for creating separate entities that cover individual companies or other kinds of partitions that might make sense for your business needs. Also, just as in any other modern user database, you re allowed control over the password policies, such as password expiration, password complexity, and whether or not the user has to change the password after first login. However, Safewhere Identify adds a lot of additional value compared to a contemporary directory service. For instance, Identify does allow the users to self-manage some of their claims (most usually things like telephone number(s) and addresses) on their own using Safewhere Identify s web pages. Since we re working inside the federation realm, the users and roles in Identify are built from the claims that are available. And you, the administrator, is able to control how each of the claims are used and presented to the users and administrators as well. One of the best things is that you re also able to distribute the access to the other objects in Identify. That is, you can create and manage separate sets of claims, groups, login providers, applications and claims transformations and delegate the system administration of these as you see fit. This feature makes it much easier to implement Identify in larger organization where the system administration responsibility needs to be distributed to individual parts of the organization, since data can be managed as autonomous partitions.

Another of the many uses of this feature is to delegate control of a login provider or an application to the party that is in charge of the other end so that the partner is able to fine-tune the configuration as needed on-the-fly and thus avoiding the time-consuming and error-prone communication that is usually flowing back-and-forth when setting up or performing changes on a federation connection. It usually makes a lot of sense to take advantage of that feature in the development and test environments and sometimes also in production environments depending on the priority attached to uptime, security etc. Multitenant architecture In contrast to virtually all the other federation servers on the market, Safewhere Identify is built upon a multitenant architecture. A multitenant architecture means that you can have as many separate federation servers running on the same web server as you see fit, with each one running fully isolated and thus being a real federation server. Each tenant usually takes up approximately 500 MB RAM leaving room for a lot of tenants on a typical server installation. The multitenant architecture obviously is great insurance against being charged with adding a lot of additional servers along the way. But more importantly, it does also bring in a host of exciting new possibilities and opportunities in terms of designing and operating the company s federation solution. All the usual stuff Safewhere Identify was built from the ground-up on top of Microsoft s Windows Identify Foundation (WIF) architecture, which is part of the Microsoft.Net platform. However, Safewhere Identify extends well beyond the Microsoft architecture, due to our very active efforts in embracing all major platforms and the ever-growing variety of devices. Safewhere Identify includes all the functionality you should expect from a federation server including: Support for Identity Providers as well as Service Providers based on SAML 2.0 and WS- Federation Full control of the claims A multitude of claims transformation options including: transformations based on individual claim filters, interaction with an SQL database or an Active Directory, as well as the possibility of adding your own claim transformation rules. Rigorous logging of all logins and administrator actions, as well as a great set of built-in reports. And yes, Identify also include an option that can be set on each individual claim, which ensures claims that are deemed too sensitive for the log won t be added to it. Safewhere Identify can be customized for any task at hand be it a single server or many servers, including redundancy and scalability. It s available in many sizes and shapes, including options that are without per user licensing (aka CAL licenses) and per tenant licensing.

Also, we ve gone to great lengths to make everything as easy upon you as possible without making any compromises in terms of flexibility so that it can be uniquely fit for whatever the need might be at hand. with a couple of important twists We ve created supplemental modules for Safewhere Identify, which allows you to address a couple of important areas: User Provisioning Module(s) Provides you with the means to implement your very own customized web pages that allows you to deliver a whole new level of self-management to end-users. The self-management features supported include password reset functionality, the content of the user s claims and the user s profile in terms of what logins that are fixed to that particular account. Everything is fully customizable to your precise needs. Deactivation A console application that works as a service that can be scheduled to find all users that have been inactive for a certain period and deactivate them. A proactive and reactive SIEM solution The solution, which is running on top of Microsoft System Center Operations Manager, comprises of a proactive part (WMICollector), which is able to raise alerts within a few seconds after a certain pattern has emerged, as well as a reactive piece (ReportViewerWeb and a large number of web-based reports), which comprise of a web page that allow you to run reporting on virtually anything. On top of this, we carry an extensive portfolio of tools that will help you turn pre-existing applications into federation-aware applications. We ve created a host of companion products and services that allow you to integrate virtually any kind of platform, application, device and virtually anything else that might be needed for fully entering the brave new federation world and all the virtues that comes with it.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information