OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.



Similar documents
PRODUCT BRIEF OpenAM. Delivering secure access for customers, applications, devices and things

G Cloud 6 CDG Service Definition for Forgerock Software Services

WHITEPAPER OpenIDM. Identity lifecycle management for users, devices, & things

Flexible Identity Federation

WHITEPAPER ForgeRock Identity Management. Identity lifecycle management for users, devices, and things

OPENIAM ACCESS MANAGER. Web Access Management made Easy

The Top 5 Federated Single Sign-On Scenarios

Tech Brief: Upgrading from Sun IAM to ForgeRock Open Identity Stack

Access Management Analysis of some available solutions

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

IBM Tivoli Federated Identity Manager

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

SECUREAUTH IDP AND OFFICE 365

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

HOL9449 Access Management: Secure web, mobile and cloud access

managing SSO with shared credentials

Federated Identity and Single Sign-On using CA API Gateway

Single Sign On. SSO & ID Management for Web and Mobile Applications

Identity. Provide. ...to Office 365 & Beyond

Extend and Enhance AD FS

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Federated Identity for Cloud Computing and Cross-organization Collaboration

Secure the Web: OpenSSO

Adding Stronger Authentication to your Portal and Cloud Apps

SAML SSO Configuration

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

nexus Hybrid Access Gateway

Simplify and Secure Cloud Access to Critical Business Data

The increasing popularity of mobile devices is rapidly changing how and where we

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Copyright Pivotal Software Inc, of 10

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Administering Jive for Outlook

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

PingFederate. SSO Integration Overview

The Primer: Nuts and Bolts of Federated Identity Management

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

A Standards-based Mobile Application IdM Architecture

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

STRONGER AUTHENTICATION for CA SiteMinder

Interoperate in Cloud with Federation

Authentication: Password Madness

CA Federation Manager

Security Services. Benefits. The CA Advantage. Overview

Enterprise Open Source Identity Middleware. Anders Askåsen, Product Manager

USING FEDERATED AUTHENTICATION WITH M-FILES

The Circle of Life: Protecting Your Sun IAM Investment with ForgeRock s Open Identity Stack (formerly Sun Open Source IAM)

Software Requirement Specification Web Services Security

AVG Business Secure Sign On Active Directory Quick Start Guide

Learning GlassFish for Tomcat Users

Glinda Cummings World Wide Tivoli Security Product Manager

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Securing your business

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

Web Applications Access Control Single Sign On

Leveraging SAML for Federated Single Sign-on:

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

How To Manage A Plethora Of Identities In A Cloud System (Saas)

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

HP Software as a Service

AVG Business SSO Partner Getting Started Guide

Using SAML for Single Sign-On in the SOA Software Platform

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

OpenID Connect 1.0 for Enterprise

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Oracle White Paper Dec Oracle Access Management Federation Service

Introduction to SAML

OIX IDAP Alpha Project - Technical Findings

SAML Authentication Quick Start Guide

CLAIMS-BASED IDENTITY FOR WINDOWS

Avoid the Hidden Costs of AD FS with Okta

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

AVG Business SSO Connecting to Active Directory

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

HP Software as a Service. Federated SSO Guide

RSA Identity and Access Management 2014

Transcription:

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the most innovative and comprehensive set of services required for consumer facing identity relationship management as well as traditional access management capabilities. Designed from inception to provide services for the web, cloud, mobile devices and things, OpenAM has a highly scalable, modular, easy to deploy architecture that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security - in a single, unified product. Modern customer facing identity solutions need to employ a light touch when dealing with users, all while providing the highest possible security. They need to deliver a great, easy to use service, empowering the user wherever possible, such as through easy self-registration or password reset. Otherwise they are very quick to go somewhere else. Administrators need to be able to provide the delivery of a rich and personalized experience, and need to provide modern contextual authentication as well as fine grained authorization. Developers expect to be able to produce services based on latest open standards, and need to be able to build and provide those from any device. The latest OpenAM release delivers on all of these requirements making it great for users, administrators and developers alike. Unique Only all-in-one access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security, in a single, unified product. New and improved user self-service capabilities cater to potentially very large user communities, assuring ease of use for demanding users all while maintaining highest security levels. Easy configuration of contextual and adaptive authentication through extensible scripts, and fine grained authorization with a new policy editor and policy REST APIs. Improved session handling through streamlined management of session tokens and session failover across sites. Many more REST APIs are exposed (e.g. user self-service, policy, security token service), open standards such as OAuth 2.0 and OpenID Connect are enforced more strictly, token transformations are possible (e.g. OpenID Connect to SAML 2.0), and versioning of REST APIs are possible. OpenAM is based on the Sun OpenSSO codebase offering a simple upgrade for former Sun customers to continue with their current access management investment.

Delivering on Identity Relationship Management Kabel Deutschland, a Vodafone Company, achieved stable and high-performance access with ForgeRock OpenAM, providing this both externally to its end customers as well as internally to sales support portals. ForgeRock OpenAM provides secure, personal access to the Toyota Touch 2 with Go device. Built into the vehicle s dashboard, the device provides information, entertainment, enhanced navigation, and connected services. We needed to go beyond an employee-centric solution and grant our customers secure access to the relevant parts of our internal systems. We had to find a flexible platform that could handle identities for our internal and external users, ensure that each person only gained access to the relevant parts of the systems, and scale to support millions of users. We chose ForgeRock to provide a state of the art, customer IAM solution with a highly reliable support structure. ForgeRock OpenAM enables us to deliver a real-world Internet of Things experience allowing us to use the car itself as an identity to provide authentication to the services platform. KOSTAS GKIRKiZAS, Senior Project Manager, Car IT Information Systems, Toyota Motor Europe MATTHIAS RÜBEL-OTTERBACH, Head of Web Application Development, Kabel Deutschland, A Vodafone Company

Modular Architecture 100% Java-based architecture allows deployment across many platforms. Developer and admin friendly, with task based GUI, REST, C and Java developer tools, and comprehensive documentation. Service provider interfaces (SPI s) provide a framework to extend all service modules such as adding custom authentication modules, federation plug-ins, policy conditions. Performance, Scalability, High Availability Supports large-scale implementations with millions of users and thousands of authentications per second. Requires less hardware at scale, decreasing datacenter cost and complexity. High availability with out-of-the-box persistent session failover enables support of complex, multi- site environments. OpenDJ comes embedded as a configuration store and a highly scalable and high-performance sessionpersistent store. User Self-Service Zero administration cycles needed to onboard and maintain user accounts. Users are empowered to work to their own schedule. Service is automatic and immediate. Service is exposed over REST enabling custom or mobile front-ends to utilize it. Social Authentication Makes it as easy as possible for new users to be able to access protected resources. Draws new customers in by removing the need to complete lengthy registration forms. Administrators can integrate with Social IDPs in less than 1 minute. Contextual Authentication (using new Scripting Engine) Easy to write scripts, which can call external identity proofing services, ensure a greater knowledge about who the user is and what their context is. Scripts can be used to assess risk, calling up stronger authentication mechanisms only when necessary, which makes life easier for users whilst maintaining the security of the system. These custom scripts increase the level of assurance and intelligence that the service provider has, enabling a more informed interaction with the user. Scripted Device Identification Modules A device identification script can be used to make a risk-based assessment of authenticity. Users logging in from unknown devices are more risky than those from previously identified ones. Additional factors can be employed to mitigate risk in these cases, whilst a streamlined process can be used to make life easier for transactions from trusted devices. Fine-grained policy APIs The APIs exposed in OpenAM 12 enable sophisticated policies to be authored. These policies can ensure the right information goes to the right people under the right conditions. Externalizing policies with OpenAM simplifies applications, and provides post-application deployment flexibility. Extended Authorization Subjects OpenAM can control who can do what, to which resources, under certain specific conditions. OpenAM 12 extends how we specify the who to allow the use of an OpenID Connect token. This can be used for authorization in scenarios where there is no current user session, for example, when an offline batch processing routine acts on behalf of a user.

New Policy Editor This delivers greater control over who can do what, when, and under which conditions. Using point and click, drag and drop operations, sophisticated policies can be built to deliver controlled access to resources. Policy Export and Import By allowing policies to be externalised to rich XACML-format files, policies can be held in version control repositories. Policies can then be restored or pushed into production by importing them back into OpenAM. It can also be used to track who has made changes to a given policy over time, and what those changes were. Mobile Support Widely used in mobile and web applications, OAuth 2.0 and OpenID Connect standards are rigorously enforced ensuring greater interoperability and consistent behaviour for developers. The Mobile Profile is an emerging standard which extends OpenID Connect to deliver attributes which are important in the mobile world. By including Level of Assurance and other information as part of the token, OpenID Connect can be used in deployments requiring high security, whilst delivering a convenient experience for the end user. Adaptive Authentication including device fingerprinting ensures mobile devices are trusted. REST APIs allow developers to create device agnostic applications. The same API can be used to access OpenAM from a Web or a native mobile application. OATH/Soft Token Generator, MSISDN and HOTP (One Time Password) capabilities enable multifactor and mobile authentication. Cloud Support Easily create federated SSO connections with SaaS apps via a GUI-based wizard or can use out-of- the-box Salesforce.com, Google Apps connectors among others. Easily setup social authentication with Google, Facebook, MSN, or any OAuth 2.0 provider. Simple click through setup of Federation IDP and SPs using SAML, OpenID Connect and OAuth 2.0. Developer Support Exposes functions as simple identity web services, so developers can easily invoke them during the app development process. Provides client application programming interfaces with REST, Java and C APIs. RESTful APIs enable JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using simple REST clients.

REST STS for Token Transformation A token transformation service which makes life easier for developers to convert between many identity token types, such as SAML assertions, OpenID Connect tokens, X.509 certificates and Single-Signon tokens. For example, a mobile app developer which has possession of an OpenID Connect Token can easily generate a SAML assertion to access resources held by a federated service provider. REST API Versioning Developers calling OpenAM REST APIs can be insulated from interface changes by using a specific version of an API. Server upgrades will not break existing clients. Extensive Standards Support All major federation protocols: SAML 1.x, SAML 2.0 (SP, IdP, ECP, and IdP Proxy), WS-Federation (asserting, relying party). Next gen-federation standards for cloud and mobile include full implementation of OpenID Connect and OAuth 2.0 (consumer, provider, authorization server). All Web Services security standards- Liberty ID-WSF, WS-I Basic Security Profile, WS-Trust (STS), and WS-Policy. FICAM (Federal Identity, Credential, and Access Management) compliant - initiative defined by the U.S. Federal Government to simplify identity and access management across government systems. OATH and HOTP standards that allow a mobile phone to be used as a second factor authentication. XACML for fine-grained authorization policy definition, import, export. Support included for IPv6, Java 6, 7, and 8. SAN FRANCISCO VANCOUVER OSLO BRISTOL GRENOBLE LONDON +1-415-599-1100 +1-360-229-7105 +47-2108-1746 +44-1935-804797 +33-625-14-96-92 +44-20-3598-4786 About ForgeRock ForgeRock, the fastest growing identity relationship management vendor in the world, is building secure customer relationships across the modern Web. Focused on using digital identities to grow revenue, extend reach, and launch new business models, ForgeRock s Open Identity Stack powers solutions for many of the world s largest companies and government organizations. Founded in 2010, ForgeRock s leadership team brings 80 combined years of experience in the software industry and includes open source icons and innovators, with investors from three of the leading global venture capital firms Accel Partners, Foundation Capital and Meritech Capital. For more information and free downloads, visit www.forgerock.com or follow ForgeRock on Twitter at www.twitter.com/forgerock. ForgeRock is the trademark of ForgeRock Inc. or its subsidiaries in the U.S. and in other countries. FORGEROCK.COM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information