NCSU SSO Case Study 2 2
NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must remember 15 different credentials of different types; e.g., user name and password multi-factor authentication PIN numbers Number of apps in use is increasing at the rate of about 100 year 3
NCSU Project Requirements and Goals NCSU Goals for SSO Requires only one login per user to access all programs and applications Is easy enough for children as young as 6 years old to use Integrates with on-premisis active directory and supports parents or other outside users independent of Active Directory simultaneously Allows users to change passwords Can interface, at a minimum, with the following programs Can possibly interface with these other programs and applications OPALS, Destiny and Others Easy to implement user friendly interface for admin support 4
NCSU Project Requirements and Goals System will use minimal amount of Personal Identifiable Information (PII) Mandatory - End user first name and last name and email address Discretionary - alternate email address, phone number at user Ultimate control of user identity remains with our organization Work within budget constraints Identity Management Integrated into SSO backend Local control over information provided No unrestricted access to Student Data Avoid solutions that were too restrictive; e.g., locked into a corporate Silos Authentication strategies Goal of no additional username or password required SAML OAuth Domain Federation Account auto provisioning Leverage corporate SSO strategies 5
Key Challenges 1 2 3 SHIFT FROM ON-PREMISE TO CLOUD EXPLOSIVE GROWTH IN APPLICATIONS NEW DEVICES: ANYTIME, ANYWHERE ACCESS 4 5 6 DECENTRALIZE ADMINISTRATION DELIVER SECURE & CONVENIENT ACCESS SUPPORT NATIVE, BROWSER AND MOBILE 6 6
Pain for IT Time consuming user Provisioning 7 7
Pain for End Users Pain for End Users 8 8
Identacor @ NCSU 25 application integrations 3025 users across 8 districts and 14 schools 9 9
Mobile Workers Parents and Outsisde Users Firewall + 10 Active Directory Students and Faculty
Identacor - Connecting NCSUVT to Apps SSO Any Device, Any App Provisioning and Deprovisioning Workflow, Audit, Self Service Robust On Prem Integration Directories, Identity Management, Apps Centralized Admin & Reporting Policy, Compliance, Analytics 11
Identacor Connecting NCSUVT to Apps Firewall Internet NCSU Network Identacor Windows Authentication Agent 3 4 Port 443 SSL Encrypted 2 Identacor Active Directory Agent Active Directory 1 Local Users Remote Users 1 12
Identacor Advantage features Providing management with the tools to track company and employee access to and usage of its cloud-based resources. Audit Reporting Single Sign On One password access to all applications, eliminating the need for multiple usernames and passwords Application Access for Users including 3025 users, 25 groups, and 41 applications Centralized Management Simple Access No Software Install Active Directory Integration NCSU importing users and groups from main AD domain. Support one password for all apps. integrated with many custom apps including AppA, App B, App C leveraging Identacor Secure Auto-Login Custom Integrations Rapid Deployment Up and running within minutes Anytime, anywhere application access from any browser 13 integrated with out of the box apps like Google Apps (Provisioning & SSO) using standards based SAML protocol. App Integrations Mobile Devices Application access from desktops, laptops and all types of mobile devices and Chromebooks. 13
Identacor Cloud SSO Single Sign-on Unified Cloud Directory Multi-factor Authentication User Provisioning Anywhere, Any Device 14
Identacor Cloud SSO Unified Cloud Directory Multi-factor Authentication Single Sign-On User Provisioning Anywhere, Any Device 15
Identacor Cloud SSO Unified Cloud DIrectory Single Sign-on Multi-factor Authentication User Provisioning Anywhere, Any Device 16
Identacor Cloud SSO Unified Cloud Directory Single Sign-on User Provisioning Unified Cloud DIrectory Anywhere, Any Device 17
Identacor Cloud SSO Unified Cloud Directory Single Sign-on Anywhere, Any Device Unified Cloud DIrectory User Provisioning 18
Active Directory Integration - Benefits Firewall Employees Group Sales Remote/Mobile Employees 1 Remote users authenticate with AD username and password Agent(s) 2 Local users transparently authenticate using Integrated Windows Authentication Active Directory 3 Access policies driven by AD security groups Benefits: Simple agent install, no network configuration required Automatic De-Activation of Identacor Deleted / Disabled Users Delegate Authentication for Identacor to NCSU AD domain Integration into Windows Desktop Login 19
20 1000 s of Apps All pre-integrated
NCSUVT Key Benefits Realized Application Portal Page Security Ability to monitor application adoption User IT Department One Password through AD integration User de provisioning AD integration integrate easily with any web app 21
NCSUVT Key Benefits Realized Securely add apps at the speed of business Enforce security for apps and devices Minimize Identity Management spend Increase IT team productivity and enterprise security Engage employees to enforce policy and work more productively 22
Thank You 23 23