Increase the Security of Your Box Account With Single Sign-On



Similar documents
NCSU SSO. Case Study

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

How To Use Salesforce Identity Features

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

User Management Tool 1.5

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Integrating Single Sign-on Across the Cloud By David Strom

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Getting Started with AD/LDAP SSO

Flexible Identity Federation

Copyright: WhosOnLocation Limited

Configuring Salesforce

Okta/Dropbox Active Directory Integration Guide

Adding Single Sign-On to CloudPassage Halo

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Identity. Provide. ...to Office 365 & Beyond

Saba Cloud. Overview of SSO for mobile applications

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Agenda. How to configure

SAML Authentication Quick Start Guide

Improving Security and Productivity through Federation and Single Sign-on

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Leveraging SAML for Federated Single Sign-on:

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Speeding Office 365 Implementation Using Identity-as-a-Service

The increasing popularity of mobile devices is rapidly changing how and where we

Connected Data. Connected Data requirements for SSO

The Top 5 Federated Single Sign-On Scenarios

OpenLogin: PTA, SAML, and OAuth/OpenID

Aurora Hosted Services Hosted AD, Identity Management & ADFS

Google Apps Deployment Guide

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

T his feature is add-on service available to Enterprise accounts.

Egnyte Single Sign-On (SSO) Installation for OneLogin

managing SSO with shared credentials

This paper introduces the security policies, practices, and procedures at Smartsheet.

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

SAML SSO Configuration

nexus Hybrid Access Gateway

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

SAML-Based SSO Solution

SAML single sign-on configuration overview

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

Building Secure Applications. James Tedrick

How to Implement Enterprise SAML SSO

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

VMware Identity Manager Administration

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Configuring. SugarCRM. Chapter 121

Identity Implementation Guide

Configuring Parature Self-Service Portal

Active Directory Integration twitter.com/onelogin ONELOGIN WHITEPAPER

HP Software as a Service. Federated SSO Guide

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Setting Up Resources in VMware Identity Manager

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

SAML single sign-on configuration overview

Getting Started with Single Sign-On

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Authentication Integration

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

API-Security Gateway Dirk Krafzig

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Security Overview Enterprise-Class Secure Mobile File Sharing

Introduction to Directory Services

Flexible Identity Federation

SAML 2.0 SSO Deployment with Okta

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Architecture Guidelines Application Security

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Single Sign On for ShareFile with NetScaler. Deployment Guide

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

SAML-Based SSO Solution

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Egnyte Cloud File Server. White Paper

Perceptive Experience Single Sign-On Solutions

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Six Best Practices for Cloud-Based IAM

Transcription:

A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability of Box and the flexibility of granting access to users. To us, that flexibility is priceless. Cindy McCann Director, Custom Performance Solutions Many organisations are concerned about the security of password policies and access controls to cloud-based applications. Single sign-on (SSO) technologies can address these concerns and make your IT environment more secure. With single sign-on, users authenticate once with a trusted SSO provider and are granted access to all of their ITapproved applications. In other words, they don t need to log into each account separately. That s a great benefit for employees and businesses alike. Many of Box s enterprise customers have already implemented single sign-on (SSO) within the corporate network and now want to expand it to include web-based and mobile applications like Box. Box supports a number of approaches to single sign-on. This paper describes the different methods by which you can implement SSO for your Box account. We start with a quick discussion of why you might want to use SSO, and the security reasons for using federated single sign-on. If you re already convinced, skip to the next section. Why Use SSO With Box? There are many compelling reasons to use single sign-on (SSO) with Box and the other cloud applications your business uses. Reduce employee frustration with passwords: Can you remember all of your passwords without writing them down? Do complex passwords policies frustrate you? Do you share the same passwords across multiple applications? For most people, these are real irritants and actually end up making your IT security weaker. Enhance password security: When people have to remember many passwords, they tend to either write them down (a bad security practice) or repeat the same passwords for all of their applications. When the same password is used to access many different sites, the password is only secure as the least secure site in the group. Centralise access controls: Using SSO solutions, corporations can keep control of their paid cloud subscription applications such as Box, Salesforce, and others. By provisioning and removing access through the SSO solution, IT can easily give users access to the applications they need, and quickly remove access when employees leave the company. Extend your enterprise applications to the cloud: If you have already invested in enterprise SSO inside the firewall, you may want to extend those capabilities to important applications outside the enterprise like Box.

Strengthen Corporate Security The most important reason to adopt SSO is to strengthen corporate security. SSO can deliver significant security benefits over the traditional account/password logins that are the default for most cloud-based applications: Authentication passwords are transmitted using 256-bit SSL encryption. All communication between the user and web application is encrypted with SAML federation, regardless whether the network being used is secure or insecure. Box provides valuable administrative features, which let us easily set granular permission controls across all our content and all our users. Christopher High Sales & Marketing, Alere Passwords are not stored in the web account and the account doesn t handle authentication tasks, like password resets, that can open the door to password theft. This removes a potential security risk if you use a wide range of web applications with varying levels of security practices. Phishing or password theft is increasingly difficult with SSO-enabled accounts. Users access the account through the SSO service and do not authenticate directly with the account. Businesses can add strong authentication to the SSO login, essentially protecting all of the federated logins behind the SSO solution as well. Many SSO providers offer strong, multifactor authentication options. Box and Federated SSO All SSO implementation requires the following: An Identity Provider (IDP) some entity that authenticates users online (verifies their identity) A way for the IDP to communicate with service providers (like Box) to confirm the user s authentication While there are several ways to implement single sign-on, the most secure involves using industry-recognised federation standards to communicate between identity providers and service providers. In corporate web environments, the most commonly implemented federation standard is the Security Assertion Markup Language (SAML). Box supports federated single sign-on using the SAML 2.0 federation standard. To SSOenable your Box account, you will need an identity provider that supports SAML 2.0 or above.

There are two ways to implement SSO into your organisation: Do it in-house. You can implement an identity provider within the enterprise, using an internal LDAP directory (which could be Active Directory) and SAML federation software. Completing the integration using native Windows, Unix or Linux tools requires in-house integration work, expertise and support. The biggest benefit is that the application has the flexibility to change with the uses we need it for. Jennifer Downey BIM Engineer, Turner Construction Use a third-party SSO provider as an IDP. The benefits of this approach include rapid deployment and more robust SSO and provisioning capabilities with web applications, including Box. Most third-party SSO solutions integrate with enterprise directories such as Active Directory (AD). Box works with several third-party SSO solutions, including: Intel Expressway Cloud Access 360 Okta Ping Identity VMware Horizon App Manager Citrix OneLogin Symantec 03 Cloud Identity and Access Control Gateway Symplified SAML federation providers For the most up-to-date information about specific SSO providers, contact your Box sales team. How SAML-Based SSO Works with Box Box communicates with your company s identity provider to get the information it needs to authenticate users and allow them access into Box whether they re connecting from a web browser, using mobile apps or synchronising a desktop folder with Box Sync. There are two ways that employees might connect with Box when using SSO: initiating the session from the identity provider (IDP-initiated), or from a Box login screen (Box-initiated).

Connecting to Box from the Identity Provider One example of an IDP-initiated SSO is using a portal customised for your business. The portal provides employees access to all authorised applications. The employee authenticates with the portal, then simply clicks a link or icon to access an application without needing to authenticate again. Here s what happens behind the scenes: Box is playing a pivotal role in our legal department in terms of collaborating on acquisitions. When we look at purchasing a company, our legal team will set up a shared folder where participating parties can upload necessary documents. Scott Zane Senior Director of Support Services/IMS, Celebrity Resorts The IDP exchanges SAML assertions with Box, using 256-bit SSL, to authenticate the user in the Box application. Box authenticates the user and gives them access to their own account. All of this happens transparently, without the user authenticating through the Box account. Initiating SSO from the Box Login Screen In this model, the user goes to the Box login page, but instead of entering a password, they select an option to connect using their IPD credentials (which may be their enterprise credentials). If the user hasn t yet authenticated with the IDP, they will be redirected to the IDP login page to enter a password. Once they are authenticated, they are then redirected to their Box application. If the user has already authenticated with the IDP, then Box and the IDP will exchange SAML assertions in the background over SSL, and Box will authenticate the user and open their account. SSO to Box from Partner Applications Box has also built SSO integrations with several partner cloud applications using their APIs or federation protocols. For example, you can access your Box account from your Salesforce or Google Apps account, without needing to login a second time in a new browser.

Box Mobile Apps and Box Sync The Box mobile and Desktop Sync apps each have an embedded browser. For an SSOenabled Box account, these apps will use SAML federation to connect to Box. Box works with a number of mobile security and device management providers including Good Technology, MobileIron, Airwatch and Enterproid. For more information visit box.com or contact your sales rep. With its large technical and engineering teams, Box was a significant upgrade in terms of the security of information compared to the systems we had been using internally. Isaac Leonard GrowthPoint Technology Partners Provisioning and Directory Integration with Box Federation capabilities deliver more than just the benefits of single sign-on. Box can work with your Identity Provider to simplify account provisioning by leveraging action APIs. Admins can automatically provision and de-provision users, keeping your Box account in sync with your internal directories, and making life a lot easier for your administrators. On-the-fly Provisioning When a new user comes to box from a third-party IDP (such as a portal), Box can provision the user with the Box account on the fly, using the user information provided through SAML assertions with the IDP. Group Synchronisation For accounts linked to enterprise directories such as Active Directory, you can choose to have directory groups populated automatically within the Box application. When users connect to Box, they are added or removed from Box groups that mirror their directory groups. Box administrators can add or remove users from Box groups. Automated De-Provisioning Box also supports tightly integrated provisioning with certain IDP partners. With this integration, businesses gain the ability to automatically de-provision (deactivate) users when they are removed from the corporate directories. Changes in the directory are automatically reflected in the Box accounts. Automated de-provisioning adds an important security layer for businesses when employees or contractors leave or change jobs. When the account is automatically inactive, the user cannot access any content stored in Box. The Box administrator will be able to reassign the former employee s files to another user. For information on this level of provisioning information, please contact us.

How to Get Started To SSO-enable your Box account, you will need to provide Box with some basic information about your IDP. Box needs either a SAML metadata file from the IDP, or the following: We actually had people in Afghanistan, in the middle of a battle zone, accessing critical information on Box, then using that information to help the Army achieve its mission. That just couldn t happen without Box. Bob Armstrong Programme Analyst, General Services Administration Entity ID Certificate Redirect URL The Box team enters this information into your account and enables SSO for your managed users (the users in your organisation). One you ve set up single sign-on, all of the users within your organisation (with Box seats) will connect to Box using single sign-on. If they have previously been using Box with a Box account and password, that access method will no longer work, so give people advanced warning. External users (vendors, clients and others sharing your Box account) will still authenticate as usual. Need More Information? Comtact is one of a select few Premier Box Partners in Europe. By bringing together our combined expertise in collaboration, cloud and mobility technologies, along with our long standing security and networking acumen, Comtact ensures Box integrates seamlessly into our customer s environments with maximum productivity gains, the highest performance and the minimum of risk. Comtact Limited Tel: +44(0)8452 75 75 75 www.comtact.co.uk Find out more about Box at: www.comtact.co.uk/solutions/technology-integration-solutions/box/ 2013 Comtact Limited

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information