Safewhere*Identify 3.4. Release Notes

Similar documents
Single Sign On. SSO & ID Management for Web and Mobile Applications

SECUREAUTH IDP AND OFFICE 365

Identity. Provide. ...to Office 365 & Beyond

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

SAML Security Option White Paper

Safewhere*Identify. Introduction. You just need one system for all your user on-boarding, admin and authentication

Contextual Authentication: A Multi-factor Approach

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1

SAML-Based SSO Solution

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Portal Instructions for Mac

nexus Hybrid Access Gateway

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Flexible Identity Federation

OpenLogin: PTA, SAML, and OAuth/OpenID

QUANTIFY INSTALLATION GUIDE

The Top 5 Federated Single Sign-On Scenarios

Using SAML for Single Sign-On in the SOA Software Platform

Manual. Netumo NETUMO HELP MANUAL Copyright Netumo 2014 All Rights Reserved

Using Foundstone CookieDigger to Analyze Web Session Management

ManageEngine ADSelfService Plus. Evaluator s Guide

Dell One Identity Cloud Access Manager 8.1

OpenSSO: Cross Domain Single Sign On

Logout Support on SP and Application

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Deploying RSA ClearTrust with the FirePass controller

PHP Integration Kit. Version User Guide

i-mobile Multi-Factor Authentication

Egnyte Single Sign-On (SSO) Installation for OneLogin

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

McAfee Cloud Identity Manager

Authentication Methods

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

McAfee Cloud Identity Manager

CA CloudMinder. Getting Started with SSO 1.5

From centralized to single sign on

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Development Specifications. January 14th, 2012

Single Sign-on Frequently Asked Questions

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper

Evaluation of different Open Source Identity management Systems

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Identity Server Guide Access Manager 4.0

ADMINISTRATOR GUIDE VERSION

OPENIAM ACCESS MANAGER. Web Access Management made Easy

MYOB EXO BUSINESS WHITE PAPER

Service Updates and Enhancements

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

SAML Authentication Quick Start Guide

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

Copyright Pivotal Software Inc, of 10

Single sign-on for ASP.Net and SharePoint

GpsGate Server. Installation and Administration Guide. Version: 2.2 Rev: 2

In this topic we will cover the security functionality provided with SAP Business One.

CA Performance Center

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

IT Exam Training online / Bootcamp

Configuring Integration Between Multichannel and Salesforce.com

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

CLAIMS-BASED IDENTITY FOR WINDOWS

Business Banking Customer Login Experience for Enhanced Login Security

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Dynamic DNS How-To Guide

A Guide to New Features in Propalms OneGate 4.0

Enhancing Web Application Security

Security Upgrade FAQs

Administering Jive for Outlook

WordCom, Inc. Secure File Transfer Web Application

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

managing SSO with shared credentials

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Pierce County IT Department GIS Division Xuejin Ruan Dan King

Table of Contents. Welcome Login Password Assistance Self Registration Secure Mail Compose Drafts...

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

SAS Agent for Outlook Web App

Google Apps Deployment Guide

Cloudfinder for Office 365 User Guide. November 2013

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Swivel Multi-factor Authentication

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

McAfee Cloud Identity Manager

Portal Recipient Guide

Version 3.2 Release Note. V3.2 Release Note

Leveraging SAML for Federated Single Sign-on:

Logout in Single Sign-on Systems

VERALAB LDAP Configuration Guide

Virtual Code Authentication User s Guide. June 25, 2015

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

USING FEDERATED AUTHENTICATION WITH M-FILES

Note: Password must be 7-16 characters and contain at least one uppercase letter and at least one number.

Configuring SuccessFactors

Configuration Guide - OneDesk to SalesForce Connector

AccountView. Single Sign-On Guide

EPB Managed Wi-Fi Creating Social Media Apps with AirTight Guest Manager

Transcription:

Safewhere*Identify 3.4 Release Notes

Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations. Safewhere*identify allows an organization to handle user identification and administration centrally and external to all web applications and web services. Safewhere*identify allows the support of basically any kind of authentication. Apart from built-in mechanism of authenticating like username and password, it also supports popular social authentication methods like Facebook, Google, Twitter, or LinkedIn, as well as all modern federation solutions via the SAML 2.0, and WS-Federation protocols. This new version enhances the system s ability in supporting complex user scenarios, guarantees full flexibility in regards to localization and message customization, ads additional authentication options, and ensures support for different browsers and browser versions. This release note gives an introduction to all the new features of version 3.4. Localization Identify*runtime has been rewritten to provide full control over look and feel of all pages as well as provide a robust framework for localization to any language and support of different browsers and browser versions. This includes default support for Danish and English, option to introduce new languages, override existing text resources, and even add new text resources. This feature allows users to localize pages, since we know from experience that such customized pages can help provide an even better user experience. Important features of the new localization system are: Fallback support; if a text is not found in a specific language, it will instead use the text resource of a configurable default language. Administrators can override existing default text resources with their own custom texts. Text resources can be edited by administrators during runtime. Adding support for a new language is as simple as copying a file. The system supports standard.net resource files, making it possible to reuse existing tooling support. Supports localized custom text resources, i.e. an administrator can add new pages not included in the standard product, as well as customize existing pages and have all text be localized in the user s chosen language.

Authentication and Protocol Connections Version 3.4 greatly improves the existing support for social network authentication connections. With version 3.3 we already added support for Facebook, Google, Twitter, LinkedIn, and OpenId. We now add login via LiveId to this list. On top of this we have ensured that 2-factor authentication and Single Logout (SLO) are fully supported with all of these connection methods. During this version we have also tested and ensured that Identify works with SharePoint 2013. In this way companies and organizations can now support Single Sign-On to SharePoint 2013 via Identify. Another type of second factor, similar to the existing SMS and email One Time Password (OTP) support, was also added in the latest version. This new type is called a Mobile Login connection, since it utilizes a mobile device for delivering the second factor without the user needing to take any additional action, which is a very attractive solution both in regards to usability as well as financially. The idea behind this authentication method is that the user initially logs in to a personal profile page via regular 2-factor authentication, where a code for use on the mobile device is created. The first time the user initiates authentication via the mobile device, he will be asked to supply this code, which will then be used to create a unique cookie on the device. The next time the user then authenticates via this mobile device, he will just be exposed to the primary authentication requirements (typically username and password ), since the secondary authentication factor is handled by Identify simply checking that the code in the cookie is valid. Another feature that has been added to manage the increasing number of mobile users is one that controls the types of authentication methods that are offered on mobile devices. For each authentication connection type it has been made possible to specify if it should be offered for mobile use making it possible to e.g. exclude logins requiring Java. It can also be used to ensure that users are forced to use certain authentication methods from mobile devices. The One-Time Password authentication page has also been improved so that it provides users information on whether his OTP was sent via email or SMS, as well as additional information on what he is supposed to do next. Another minor improvement concerns the page that users end up on after Single Logout. Where users were earlier redirected to the Identity Provider login page after logging out, we have now changed it so that the user is sent to a customizable information page.

Claim Transformation The claims transformation pipeline has seen a significant upgrade, with the addition of two new and very flexible claim transformation rules. The first one is the SQL Transformation rule, which supports the execution of queries on an SQL database when selected conditions in a user s token have been met. Values from the token can be used as parameters in the SQL query, making it possible to e.g. transfer values from the token into external user storages. With this new rule an additional option was also added to the condition regex syntax called ExistOrg(claim type). It makes it possible to check if the value for a claim type in a user s token, exists as an organization name in Identify. This can be e.g. be used to check whether a new organization needs to be created on the fly using the SQL Transformation rule. The other new rule is for External Claim Transformation, which among other things, allows data from external systems to be included in the users token, complex business processes to be included in the claim transformation pipeline, or simply just do advanced transformations of existing data in the pipeline. Even though the existing transformation rules in Identify covers a wide range of needs, there will still be scenarios where regular rules will not suffice. Using the External Claim Transformation rule a customer can code their own steps and plug them into Safewhere*identify s pipeline. A minor extension in regards to the pipeline, was the addition of an exclude from pipeline setting on all claim types. If there is a claim type that we never want issued to a token, excluding it using this setting is a lot easier than having to add an exclusion transformation step for all pipelines. Logging Logging has been further improved to include more information in the audit log reports, including more detailed user information and information on executed mass user updates and objects that were deleted. But the most important improvement has been in the way that errors are shown and logged. The error handling architecture has been completely rewritten so that all error messages from runtime now include a traceable event ID. This event ID is also attached to the errors when they are logged which makes it possible to extract reports from the system that quantifies the types of errors that have occurred. Administration

The following capabilities have been introduced, that will make the system more user friendly for administrators: It is possible to specify per user whether he or she should be forced to change password during the next login. The default state for whether new users should change password on the first login has been supplied as a setting on organization. The configurator has been improved to better handle unique situations as well as show clearly if the installation is still ongoing. An administrative page has been added in which it is possible to edit the regex expressions and error messages used for validation rules on fields like passwords, usernames and emails. The pages for Audit Log and Email Server Settings have been moved to the System Settings tab, so access to these pages now requires the SystemSetupAdmin role. Usability improvements The user interface in version 3.4 has added full support for Internet Explorer 10, support for NemId applet on Windows 8 browsers, and improved rendering of Safari. Other improvements include: Default for Restrict elevation setting on claims has been changed to false, since this has turned out to be the most used setup. An error message is now shown if mass update of users was done without having highlighting any records. It was earlier necessary to write /admin/ in the URL to connect to the Identify*admin site. Now it is also possible to only write /admin.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information