WHITE PAPER. Active Directory and the Cloud

Similar documents
managing SSO with shared credentials

The Top 5 Federated Single Sign-On Scenarios

Centrify Cloud Connector Deployment Guide

Getting Started with Clearlogin A Guide for Administrators V1.01

Integrating Active Directory Federation Services (ADFS) with Office 365 through IaaS

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Introduction to SAML

Getting Started with AD/LDAP SSO

CLAIMS-BASED IDENTITY FOR WINDOWS

CA SiteMinder SSO Agents for ERP Systems

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Building Secure Multi-Factor Authentication

OneLogin Integration User Guide

NCSU SSO. Case Study

USING FEDERATED AUTHENTICATION WITH M-FILES

HOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Single Sign On. SSO & ID Management for Web and Mobile Applications

SAML-Based SSO Solution

Moving Beyond User Names & Passwords

Single Sign-on (SSO) technologies for the Domino Web Server

SAML SSO Configuration

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Vidder PrecisionAccess

Preparing for GO!Enterprise MDM On-Demand Service

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Copyright: WhosOnLocation Limited

Leveraging SAML for Federated Single Sign-on:

How To Manage A Plethora Of Identities In A Cloud System (Saas)

TIBCO Spotfire Platform IT Brief

STRONGER AUTHENTICATION for CA SiteMinder

Active Directory Integration WHITEPAPER

Active Directory Integration twitter.com/onelogin ONELOGIN WHITEPAPER

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

HP Software as a Service. Federated SSO Guide

c360 SharePoint Integration User Guide Microsoft Dynamics CRM 4.0 compatible c360 Solutions, Inc.

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Mod 2: User Management

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

Jive Connects for Microsoft SharePoint: Authentication Scenarios

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Introduction. Connection security

Enterprise Knowledge Platform

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Web Applications Access Control Single Sign On

Using Internet or Windows Explorer to Upload Your Site

CA Single Sign-On Migration Guide

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Configure Single Sign on Between Domino and WPS

SchoolBooking SSO Integration Guide

IIS, FTP Server and Windows

API-Security Gateway Dirk Krafzig

Understanding Enterprise Cloud Governance

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

Leverage Active Directory with Kerberos to Eliminate HTTP Password

The Top 3 Identity Management Considerations When Implementing Google Apps for the Enterprise

Increase the Security of Your Box Account With Single Sign-On

Business-Driven, Compliant Identity Management

Identity. Provide. ...to Office 365 & Beyond

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

Cybersecurity and Secure Authentication with SAP Single Sign-On

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Copyright

Perceptive Experience Single Sign-On Solutions

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Active Directory Integration. Documentation. v1.02. making your facilities work for you!

User Management Tool 1.5

IMS Health Secure Outlook Web Access Portal. Quick Setup

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

HP Device Manager 4.6

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

How To Use Saml 2.0 Single Sign On With Qualysguard

User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources)

Welcome (slide 1) Welcome to the Florida Department of Education Single Sign-On tutorial for federated user login and navigation.

Building Secure Applications. James Tedrick

ADFS for. LogMeIn and join.me authentication

McAfee Cloud Single Sign On

USER GUIDE PowerAttachment CRM

Authentication Methods

Office 365 deployment checklists

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Client Security Guide

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

HP Device Manager 4.7

FileCloud Security FAQ

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Office 365 deploym. ployment checklists. Chapter 27

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

Transcription:

WHITE PAPER Active Directory and the Cloud HyperOffice, 2011

What is Active Directory? What are its benefits? Active Directory (AD) is a directory service created by Microsoft. Active Directory is popularly used in organizations with Windows based networks to manage users and establish policy controls. Its popularity is explained by the compelling benefits it brings: - It helps administrators centralize creation of usernames and passwords, and specify roles and access levels for IT resources (computers, software, information etc.) across the company network. This greatly simplifies the task of What is it? A directory service is the software system that stores, organizes and provides access to information in a directory. administrators, as they save the effort of managing administration for multiple systems separately for each user. - This central view also helps administrators keep company systems secure, as policies set through Active Directory are instantly applied across the network. - It assists with regulatory compliance, where companies want to keep track and establish responsibility for access to systems and information. - It also simplifies things for end users, who can use Active Directory to access computers, software and information with the same login credentials, and who can access these resources with a single sign on. What is the relevance of Active Directory to the cloud? Things are different today. Business critical systems which were formerly part of the tightly controlled company network, now reside outside the network in the cloud.

Examples of this are email, file sharing, project management, CRM, ERP and literally hundreds of others. It is obvious that the principles of Active Directory remain as relevant as ever in the following ways: - Managing administration and applying policies for each of these systems separately would be tantamount to regress. - Single sign on remains as important, if not more, in simplifying and unifying end user experience in an era of diverse browser based applications. - Regulatory compliance is as big, or an even bigger issue with information scattered across multiple cloud systems. And the larger the size of a company s user base, the more complex the picture becomes. This underlines the importance of extending the power of Active Directory beyond the company network to the cloud. However, things are not as simple as they were in the days of closed networks. At that time, applications within the network were tightly controlled by the company, and many of them ran exclusively on Microsoft software. These systems came pre-integrated with active Directory, or could easily be integrated with minimal effort. Today, the application portfolio of companies is much more complex, including a mish mash of on premise and cloud software, and diverse technologies. Cloud technologies have finally become mainstream, and have only recently begun considering advanced technical requirements such as Active Directory integration. What is needed is for both sides to reach out for cloud vendors to acknowledge the importance of Active Directory and offer integration options, and for Active Directory to extend its capabilities to accommodate diverse cloud systems. HyperOffice: A case study of Active Directory and Cloud Integration HyperOffice is a cloud-based communication and collaboration software, a business critical software system which is universally applicable across industries. The requirement for HyperOffice to integrate with Active Directory has repeatedly come up as larger organizations begin to grasp the challenges of managing their cloud applications. This is especially relevant to HyperOffice since it often replaces Microsoft Exchange and SharePoint, two of the main pieces of closed-network software that

Active Directory integrates with. We have implemented numerous Active Directory integrations with varied levels of sophistication. (Contact us if you are interested.) There are three main ways in which HyperOffice handles Active Directory integration, in order of complexity of the requirement. LDAP Authentication: This is the simplest form of integration between the HyperOffice cloud and Active Directory. For this, we have special connectors for Active Directory, or any other LDAP based directory system. Under this approach, whenever a user submits a login request to HyperOffice, their request is forwarded to Active Directory for authentication. Based on the response from the Active Directory, the user is either allowed access to the application or denied access as applicable. During the authentication process the users HyperOffice data is also updated to use the most current data from the Active Directory server. The end result is that every login request to HyperOffice is authenticated against Active Directory, and all changes in Active Directory are mirrored in HyperOffice. Administrators need not worry about managing administration in two places. Advanced LDAP Authentication: This option allows administrators to perform further administration related functions within HyperOffice right from Active Directory. To further simplify user management, HyperOffice allows administrators to define custom attributes in Active Directory which enables them to add users to Groups within HyperOffice. For example if a login request from HyperOffice encounters the custom attribute hyperofficegroups_marketing in Active Directory the user is automatically added to the Marketing group. This way, administrators can easily add users to Groups right

from Active Directory. Additional pattern mappings can be defined to work with existing groups on any Active Directory implementation by working with the HyperOffice team. Single Sign On: Some companies want to implement a single sign on system, where users can launch and access HyperOffice without having to go through the extra steps of opening a web browser and filling out their login information every time they want to log in. Single sign-on brings the following benefits: - An enhanced user experience that saves time: Users are able to access HyperOffice with minimal clicks without having to open a browser or entering their login credentials separately - Protection from phishing attacks - Helping to overcome adoption barriers by simplifying the experience and encouraging users to leverage communication and collaboration tools HyperOffice implements single sign on with the help of the HyperOffice Open Authentication System (HOAS). The HyperOffice Open Authentication System is a local application that is installed on the customer s domain. HOAS acts as a bridge between HyperOffice and Active Directory. One component of HOAS is the single sign-on (SSO) ASP page and a set of local libraries that detect the user that is currently logged in on the local Domain and verify their credentials prior to passing the user to HyperOffice. The page is then able to request a pre-authentication token from the HyperOffice system and then automatically log the user in without prompting them for any additional data entry.

Security: Some companies want to leverage Active Directory for administration of cloud systems, but have enhanced security requirements, and do not want to allow access to Active Directory outside the company firewall. The HyperOffice Open Authentication System accommodates these scenarios by providing a highly secure gateway to bridge the gap. In this scenario only the gateway is exposed to the public Internet with a highly limited number of available commands ensuring the safety of the network and allowing for any number of custom authentication sequences through customization of the gateway. Conclusion This article, however, barely touches upon the power of HOAS. It is an incredibly powerful and extendible tool and may be used to implement almost any imaginable custom scenario. In conjunction with HOAS, a custom module may be implemented within HyperOffice, which can receive requests from HOAS or communicate with the HOAS gateway to trigger almost any action within the HyperOffice system. This could be in response to a specific user, or any other defined attribute of a user within AD. In summation, as more and more critical applications make their way into the cloud, organizations need to consider the impact on their Active Directory strategy. Ensuring that a cloud vendor adequately addresses this concern is a critical step in the evaluation process. Further defining the impact on the performance and security of the network is also an important factor. HyperOffice has reset the bar for cloud-based Active Directory integration and has extended it beyond simple authentication to include critical elements like Single Sign-On, advanced security, and custom role-based actions. We sincerely hope that this sparks a trend among cloud vendors.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information