MY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps



Similar documents
How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

The Top 3 Identity Management Considerations When Implementing Google Apps for the Enterprise

Integrating Single Sign-on Across the Cloud By David Strom

Active Directory Integration WHITEPAPER

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Interoperate in Cloud with Federation

SAML-Based SSO Solution

Active Directory Integration twitter.com/onelogin ONELOGIN WHITEPAPER

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

Extend and Enhance AD FS

White Pages Managed Service Solution Rapid Global Directory Implementation. White Paper

Connecting Users with Identity as a Service

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

managing SSO with shared credentials

SAML-Based SSO Solution

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

An Introduction to SCIM: System for Cross-Domain Identity Management

USING FEDERATED AUTHENTICATION WITH M-FILES

Flexible Identity Federation

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Identity. Provide. ...to Office 365 & Beyond

HOL9449 Access Management: Secure web, mobile and cloud access

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

SAML SSO Configuration

A Standards-based Mobile Application IdM Architecture

Increase the Security of Your Box Account With Single Sign-On

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Flexible Identity Federation

Ping Identity, Euro Cloud award entry

Google Identity Services for work

Guideline on Implementing Cloud Identity and Access Management

SAML Security Option White Paper

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

The increasing popularity of mobile devices is rapidly changing how and where we

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Identity and Access Management for the Hybrid Enterprise

The Primer: Nuts and Bolts of Federated Identity Management

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

IBM Tivoli Federated Identity Manager

How To Use Salesforce Identity Features

Tech Brief: Upgrading from Sun IAM to ForgeRock Open Identity Stack

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Protect Everything: Networks, Applications and Cloud Services

SAML 101. Executive Overview WHITE PAPER

Directory-as-a-Service Primer (DaaS)

Swivel Secure and the Cloud

Integrating Remedyforce

Insight Zone. Data Security Executive Interview

TrustedX - PKI Authentication. Whitepaper

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

The Top 5 Federated Single Sign-On Scenarios

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Integrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Single Sign On. SSO & ID Management for Web and Mobile Applications

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

HP Software as a Service. Federated SSO Guide

Google Apps. Google Apps. On Steroids. Extend Google Apps to your directory services. Extend Google Apps to your directory services

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Securing your business

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

Mobile Security. Policies, Standards, Frameworks, Guidelines

Federated Identity and Single Sign-On using CA API Gateway

Google Apps Deployment Guide

NCSU SSO. Case Study

Cloudwork Dashboard User Manual

Novell Cloud Security Service Reducing Risk by Securing the Cloud. Stefan Stiehl Senior Sales Technology Specialist

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Directory service for centralised access to distributed contact data

Using SAML for Single Sign-On in the SOA Software Platform

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Addressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA

SAML 101 WHITE PAPER

Speeding Office 365 Implementation Using Identity-as-a-Service

Okta Mobility Management

McAfee Cloud Single Sign On

An Overview of Samsung KNOX Active Directory and Group Policy Features

Enabling SAML for Dynamic Identity Federation Management

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

tibbr Now, the Information Finds You.

Oracle Identity Manager, Oracle Internet Directory

Single Sign-On Implementation Guide

OIX IDAP Alpha Project - Technical Findings

Service Updates and Enhancements

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Pick Your Identity Bridge

WHITEPAPER. Identity Access Management: Beyond Convenience

Single Sign-On Implementation Guide

PingFederate. SSO Integration Overview

Cyber Essentials Questionnaire

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Transcription:

MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps

MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps The ability to centrally provision and de-provision users for application access has both security and productivity benefits for your organisation. My1Login enables your organisation to: Employ a unified approach to identity governance and administration Centralise control over provisioning and de-provisioning of user access Rapidly onboard new employees Instantly cease ex-employee access to all applications Integrate with existing directory services, e.g. MS Active Directory, Oracle Directory Service Integrate with identity standards, e.g. SAML, SCIM Provision using the My1Login API when Identity Standards are not supported by Service Providers. My1Login s Provisioning Engine ensures the right people have access to the right applications at the right time. my1login.com 1

IDENTITY STANDARDS Provisioning (and de-provisioning) utilises a number of protocols and identity standards. A few of the most-relevant standards, protocols and terms you ll come across are below - an explanation of what they do can be found in the Provisioning Glossary. Standards, Protocols & Terms SAML SCIM CRUD IdP SP API LDAP DSML Security Assertion Markup Language System for Cross-domain Identity Management Create, Read, Update, Delete Identity Provider Service Provider Application Program Interface Lightweight Directory Access Protocol Directory Services Markup Language DIRECTORY SERVICES My1Login integrates with all popular directory services, including Microsoft Active Directory, IBM Directory Server, Oracle s Directory Service, CA Directory, Apple Open Directory and a multitude of generic user directory services. Additionally, My1Login can also integrate with bespoke user directories. No matter what directory service you currently use, My1Login can work with it to provision your users for applications across cloud, mobile and legacy platforms. The My1Login Provisioning Engine ensures user access to all applications can be ceased centrally when required. my1login.com 2

APPLICATION PROVISIONING Service Providers (SPs) host target applications. My1Login can provision users on SPs using identity standards, such as SAML. Additionally, even where SPs do not offer common identity standard compatibility, My1Login can use SCIM-to-API or a customised API to enable provisioning for these applications. My1Login can be used to provision users in 3 ways: Standard Provisioning With Standard provisioning an administrator creates the user identity within the Identity Provider (My1Login). Each Service Provider (SP) has specific provisioning requirements that My1Login is pre-configured to provide. The admin carries out the provisioning via the My1Login application by adding the details for the new user that is to be provisioned My1Login ensures this information is in line with the requirements of the SP, and then transmits it to the SP using SCIM. Once successfully created, the user provisioning is complete. Just-in-Time Provisioning With JiT provisioning, the user identity is created (provisioned) with the Service Provider (SP) at the moment the user first tries to access the target application. To enable JiT, an admin simply authorises a user for a particular target application within My1Login. No identity provisioning activity between the identity provider and the SP takes place at this stage. When a user attempts to access an SP application, it is first checked whether the user s unique identifier is already provisioned. If no matches are found, the user has an account created for them on the SP. This happens seamlessly for the user. JiT provisioning reduces admin effort as there s no need to provision the user manually, the user simply has to be authorised to access a particular SP s target application. Organisational Provisioning With Organisational Provisioning, the user identity is created automatically using the Active Directory details. My1Login utilises Active Directory Groups to automate the provisioning process, providing permission-based access to the Service Provider (SP) for users. Whenever a user s Active Directory (AD) details are changed the user s corresponding SP application access is updated as well. The benefit of organisational provisioning is that it s synchronised with the directory service (e.g. Active Directory) vastly reducing administration effort. An example would be where an employee moves departments within the business - simply by changing the user s group in the directory service, My1Login will automatically de-provision and provision their access rights to applications relevant to their role. my1login.com 3

MIGRATING IdPs Migrating from an existing Identity Provider (IdP) to My1Login is straightforward and seamless. Within the target application settings on the Service Provider (SP), an admin simply changes the relationship from the incumbent IdP to My1Login by updating the configuration information. This creates a new relationship between the SP and My1Login - all existing user provisioning remains in place without the need to re-provision existing users for applications. WHY MY1LOGIN PROVISIONING The My1Login Provisioning Engine provides security and productivity benefits for your organisation. Proactive and Just-In-Time user provisioning, updating and de-provisioning Integration with the directory service of your choice SCIM support for full SCRUD user directory operations Organisation Directory group provisioning for rapid onboarding Custom APIs and SCIM-to-API bridging enabling provisioning on any target application. my1login.com 4

PROVISIONING GLOSSARY SAML: Security Assertion Markup Language SAML is an XML-based, open standard, data format for exchanging authentication and authorisation between parties, in particular, between an Identity Provider (e.g. My1Login) and a Service Provider (e.g. Salesforce). SCIM: System for Cross-domain Identity Management SCIM is an open standard for automating the exchange of user identity information between identity domains or IT systems. CRUD / SCRUD: Create, Read, Update, Delete In computer programming, Create, Read, Update and Delete (Sometimes called SCRUD with an S for Search) are the four basic functions of persistent storage. IdP: Identity Provider An Identity Provider (e.g. My1Login) creates, maintains, and manages identity information for users, services, or systems and provides authentication to other service providers (applications) within a federation or distributed network. SP: Service Provider A Service Provider (e.g. SalesForce) is an entity that hosts target applications and provides services to users. API: Application Program Interface A set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service. LDAP: Lightweight Directory Access Protocol LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP. DSML: Directory Services Markup Language DSML (Directory Services Markup Language) is a representation of directory service information in an XML syntax. my1login.com 5

ABOUT MY1LOGIN Founded in 2007, My1Login is a European leader in protecting against enterprise cyber security threats through its Identity and Access Management solutions. The trend towards SAAS has moved Enterprise identities outside the traditional corporate infrastructure, exacerbating the challenges of identity sprawl, password fatigue, resets and compliance adherence. My1Login s next generation Identity and Access Management solution enables organisations to overcome these challenges by providing a single user identity for employees, improving productivity and eliminating security threats. My1Login s IAM solution supports identity standards such as SAML, SCIM, OAuth 2.0 and OpenID Connect, but crucially can also integrate with target applications that don t have connectors, ensuring there are no gaps. My1Login works across cloud, mobile and legacy desktop applications enabling control of user identity and access while delivering a return on investment. The service can be deployed rapidly, even in the most complex enterprise environments. PARTNERS My1Login protects over 1,000+ organisations worldwide. 10,000+ APPS My1Login works with all common directory structures, legacy desktop apps and today s Enterprise applications including Microsoft Office 365, BMC Remedyforce, Zendesk, DocuSign, LinkedIn, LivePerson, Netsuite, GotoMeeting, Dropbox, Yammer, Atlassian, Hootsuite, GotoMeeting, Workday, Box, Google Apps, Prezi, Salesforce, Pardot, Stripe, AWS, Zendesk and Cisco. HAVE A QUESTION? SPEAK TO OUR IDENITY EXPERTS Call Email Visit 0800 044 3091 contact@my1login.com www.my1login.com My1Login Limited, Office 404, 324 Regent Street, London, W1B 3HH My1Login. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information