Extending APS Packages with Single Sign On. Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox

Similar documents
White Paper: Multi-Factor Authentication Platform

Introduction to SAML

Flexible Identity Federation

Single Sign On. SSO & ID Management for Web and Mobile Applications

managing SSO with shared credentials

API-Security Gateway Dirk Krafzig

STRONGER AUTHENTICATION for CA SiteMinder

Secure Your Enterprise with Usher Mobile Identity

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Adding Stronger Authentication to your Portal and Cloud Apps

The Top 5 Federated Single Sign-On Scenarios

A brief on Two-Factor Authentication

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Applying Cryptography as a Service to Mobile Applications

WHITE PAPER Usher Mobile Identity Platform

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Agenda. How to configure

AVG Business SSO Partner Getting Started Guide

SAP Single Sign-On 2.0 Overview Presentation

HP Software as a Service. Federated SSO Guide

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

Interoperate in Cloud with Federation

Getting Started with AD/LDAP SSO

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Single Sign-on (SSO) technologies for the Domino Web Server

Google Identity Services for work

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Web Applications Access Control Single Sign On

The Password Problem Will Only Get Worse

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

Enhancing Web Application Security

Building Secure Applications. James Tedrick

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

Vidder PrecisionAccess

Frans Bolk CEO UniQ-ID

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

USING FEDERATED AUTHENTICATION WITH M-FILES

Parallels Automation. Overview of New Features and Enhancements in Version 6.0. White Paper.

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

Safewhere*Identify 3.4. Release Notes

ADDING STRONGER AUTHENTICATION for VPN Access Control

SAML-Based SSO Solution

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Parallels Automation. Parallels Automation Trusted by Top Service Providers Worldwide. White Paper.

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5.

Leveraging SAML for Federated Single Sign-on:

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

CA Nimsoft Service Desk

Configuring Salesforce

McAfee Cloud Single Sign On

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

nexus Hybrid Access Gateway

SECUREAUTH IDP AND OFFICE 365

How to Implement Enterprise SAML SSO

How To Use Salesforce Identity Features

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

The increasing popularity of mobile devices is rapidly changing how and where we

SAML Security Option White Paper

Cybersecurity and Secure Authentication with SAP Single Sign-On

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

CA Performance Center

ecommerce Stages of Authentication Dynamic Factor Authentication

White Pages Managed Service Solution Rapid Global Directory Implementation. White Paper

Okta/Dropbox Active Directory Integration Guide

AVG Business Secure Sign On Active Directory Quick Start Guide

White paper Contents

Differentiate and Grow Your Hosting Business with Parallels Business Automation Standard. Alex Goncharov, Sr. Director, PBAS Product Marketing

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

The Who, What, When, Where and Why of IAM Bob Bentley

The Primer: Nuts and Bolts of Federated Identity Management

Copyright Giritech A/S. Secure Mobile Access

Copyright: WhosOnLocation Limited

The Challenges of Web single sign-on

Mobile Security. Policies, Standards, Frameworks, Guidelines

Intunex Oy Skillhive Service Description 1 / 6

Workday Mobile Security FAQ

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Parallels Automation Cloud Enablement. Oleg Melnikov. Senior VP, Automation. Profit from the Cloud TM

Integrating Single Sign-on Across the Cloud By David Strom

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

SHARPCLOUD SECURITY STATEMENT

LBSEC.

NetworkingPS Federated Identity Solution Solutions Overview

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Time to Value: Successful Cloud Software Implementation

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

FileCloud Security FAQ

Identity. Provide. ...to Office 365 & Beyond

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

White Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Transcription:

Extending APS Packages with Single Sign On Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox

Introducing APS 2.0 A Platform for Integration APS Dynamic UI HTML5 Extensibility Certified Services APS Service Bus User/account context Secure cross-resource integration APS Authentication Protocol Multi-factor, multiprovider SSO (OpenID Connect, SAML, AD ) Profit from the cloud 2

Today s APS/Developer SSO Session will cover: Who is CertiVox? What is Parallels Identity Manager? What problem does it solve? What is new in SSO in APS 2.0 and POA 5.5? APS Authentication Security What is the APS Authentication Protocol (APS AP)? Why APS AP is an SSO internet security game changer How to enable your APS 2.0 syndicated service for the APS Authentication Protocol Nuts and Bolts Q&A Profit from the cloud 3

About CertiVox Security Leader Provider of certificateless cryptography software and services to Global 2000 Founded in 2008, with technology in development since 2006 SaaS cryptographic key management and open-source crypto SDKs Experienced leadership team 100 s of blue chip companies Our clients & references Profit from the cloud 4

The CertiVox World Open Source Library for Elliptic Curve Cryptography IaaS Offering APS Authentication Frictionless 2-factor Browsers and smartphones IaaS Offering Based upon MIRACL Frictionless Key Management and Certificateless Crypto Full SaaS Solution Offering Frictionless Easy to Use Secure Messaging and Secure Managed File Transfer Capture regulated SMB market segment with highest growth potential Sales model: Provisioned entirely through APS High value free version upgrade to Professional differentiated value / reduce churn Profit from the cloud 5

Parallels Identity Manager Single-Sign-On (SSO) multi-factor authentication services for Parallels Automation, Parallels Plesk Panel products, and APS

Parallels Identity Manager Universal, federated SSO multi-factor authentication services for Plesk, PPA, PBA / POA and APS Reduces username / password database smash and grab attacks and client vulnerabilities Provides for rich upsell / cross sell opportunities for mobile multi-factor authentication as a service to your customers Profit from the cloud 7

Revolutionary Multi-factor Authentication Easily integrates with existing websites / web apps via API Frictionless on-boarding through APS 2.0 for existing users Profit from the cloud 8

Revolutionary Multi-factor Authentication Infinitely stronger and easier than username / password HTML5 or Seamless Mobile 3-Factor O.O.B. Authentication 1 Integrated SkyPin 2 Login with mobile 3 providing secure login Scan and authenticate with SkyPin App Profit from the cloud 9

Before SkyPin User Authentication for SSO After SkyPin Multi-Factor Authentication for SSO Difficult to remember Insecure easy to phish, scam, key log, etc. Bad user experience leads to insecurity 4 digit PIN - infinitely easier than username / password Elliptic curve cryptography based infinitely more secure than username / password Profit from the cloud 10

Before SkyPin Service Provider Authentication for SSO After SkyPin Service Provider Authentication for SSO Username Bob28 v.noir Alice_467 Sarah.h! Password sarah password123 linkedin facebook1 Email Bob28@ho Vince.noir Alice.h@g S.hard@g Username Bob28 v.noir Alice_467 Sarah.h! Samsam10 sunnykid1 Password sarah password123 linkedin facebook1 hello Pass1! Email Bob28@ho Vince.noir Alice.h@g S.hard@g Sam@yah sunny@ma SkyPin Authentication Server Samsam10 hello Sam@yah sunnykid1 Pass1! sunny@ma Databases are inherently not secured and difficult to protect Smash and Grab attacks are the new normal Liable for legal action if hacked With SkyPin there is no username /password database, just one server cryptographic key If the key is compromised, it reveals nothing about the users on the system Profit from the cloud 11

SkyPin vs. Hardware 2-Factor SkyPin Hardware 2-Factor Cost Free* Avg $100 per user per year SkyPin has these additional advantages: Easy to use and easy to implement Profit from the cloud 12

SkyPin vs. Hardware 2-Factor SkyPin Hardware 2-Factor Cost Free* Avg $100 per user per year Implementation 2 Hours Weeks to Months SkyPin has these additional advantages: Easy to use and easy to implement Dramatic cost reductions no complex hardware or software provisioning Profit from the cloud 13

SkyPin vs. Hardware 2-Factor SkyPin Hardware 2-Factor Cost Free* Avg $100 per user per year Implementation 2 Hours Weeks to Months User Training Minimal Extensive SkyPin has these additional advantages: Easy to use and easy to implement Dramatic cost reductions no complex hardware or software provisioning Single sign on across multiple services and cross-domain Profit from the cloud 14

SkyPin vs. Hardware 2-Factor SkyPin SkyPin has these additional advantages: Easy to use and easy to implement Hardware 2-Factor Cost Free* Avg $100 per user per year Implementation 2 Hours Weeks to Months User Training Minimal Extensive Open Standards APS Authentication Typically Proprietary Dramatic cost reductions no complex hardware or software provisioning Single sign on across multiple services and cross-domain Up-sell / cross-sell SkyPin mobile for out-of-channel multifactor authentication Profit from the cloud 15

Parallels Automation 5.5: SkyPin Secured multi-factor authentication Increase top-line with strong authentication CertiVox Data Center Parallels Identity Manager Service SkyPin Managed Server Service Provider Data Center Alice APS 2.0 Controller Parallels Identity Manager Server SkyPin for HTML5 (Firefox, Chrome, etc.) Parallels Automation 5.5 Free for Parallels Customers Frictionless On-boarding Works out-of-the box with PA 5.5 Upgrade to Mobile 3-Factor Profit from the cloud 16

What is new in APS 2.0 Single-Sign-On?

APS 2.0 Security Parallels Identity Manager Architecture APS SSO API New PA 5.5 Service New PIM SSO Server APS PIM Application AD / LDAP Open ID Connect What s new in 5.5 and APS 2.0? Scalable LDAP Directory SAML PIM APS Package POA 5.5 MN APS Controller 2.0 Open DJ Highly Scalable LDAP Directory Migration Script/ Upgrade Script Profit from the cloud 18

APS 2.0 Security Parallels Identity Manager Architecture APS SSO API PIM APS Package New PA 5.5 Service New PIM SSO Server APS PIM Application POA 5.5 MN APS Controller 2.0 AD / LDAP Open ID Connect SAML Open DJ Highly Scalable LDAP Directory What s new in 5.5 and APS 2.0? Scalable LDAP Directory APS 2.0 Identity Provider: Existing LDAP/AD OpenID Connect Legacy SAML Migration Script/ Upgrade Script Profit from the cloud 19

APS 2.0 Security Parallels Identity Manager Architecture APS SSO API PIM APS Package New PA 5.5 Service New PIM SSO Server APS PIM Application POA 5.5 MN APS Controller 2.0 AD / LDAP Open ID Connect SAML Open DJ Highly Scalable LDAP Directory Migration Script/ Upgrade Script What s new in 5.5 and APS 2.0? Scalable LDAP Directory APS 2.0 Identity Provider: Existing LDAP/AD OpenID Connect Legacy SAML LDAP synchronization Profit from the cloud 20

APS 2.0 Security Parallels Identity Manager UI Authentication User visits your website User securely signs in with any APS 2.0 Authentication Provider (like SkyPin) User only has to login once to go anywhere across all applications and service boundaries Adding Parallels SSO through APS 2.0 to your website or web app is as easy as adding an advert to your page! Pluggable iframe Profit from the cloud 21

What is the APS Authentication Protocol? 3 party authentication Strong end-to-end encryption of user identity without PKI No complicated server side code User Identity Cross Infrastructure Boundaries One-pass Protocol Maximum Security Standards Based Profit from the cloud 22

APS Authentication Protocol Token Structure User ID A unique ID of the user in the system Scope / App ID Some UUID of the application Expiry User Data (Scope Params) Provider Inner Token Signature Token expiry information This field is filled by the application for additional token scope The authentication provider ID that actually issued the token Some additional information provided by the authentication provider for later use Allows any application that speaks APS AP to validate the token instantly, without re-directs Profit from the cloud 23

APS Authentication Protocol Overview Internally Provisioned Applications http://my.wordpress.provider.com/ Welcome to The Blog! 01-01-12 This is first record in my Blog which I m going to. 02-01-12 This is my second record in my Blog, which I wrote on the second day Profit from the cloud 24

Cross Syndication / Domain Barriers with APS AP Parallels Automation User Parallels Identity Manager User Login Across Domains Encrypted Token User Browser Successful Authentication APS 2.0 Enabled Syndication Service User Logged in Parallels Enabled APS 2.0 Service Provider Customer Decrypted User Token Verify + = Signature ID Information Profit from the cloud 25

Summary: Make the move to APS 2.0/ Parallels Automation 5.5 SkyPin state-of-the-art multi-factor authentication works out of the box! Scalable SSO means authenticate users once for all services, including Parallels Automation Support integration of nearly all identity management standards APS Authentication Protocol enables SSO across service boundaries with strong encryption, no configuration, no excessive bandwidth re-directs Profit from the cloud 26

ISV/Developer Get started with the APS Authentication Protocol for your Cloud Service or APS package 1. Sign up for developer account on http://parallelsskypin.certivox.com Dev sign up 4. Call SkyPin PIN PAD from your test URL 2. Get your APS AP SkyKeys 5. Sign up and authenticate test users 3. Download the APS AP code from GitHub and integrate it into your application (easier than supporting Ouath/ OpenID Connect, etc)! Integrate APS AP APS 2.0 Leverage APS AP 6. Get APS 2.0 enabled by incorporating PIM SSO into your APS package Profit from the cloud 27

Next Steps Plan to Build APS 2.0 Packages Parallels PartnerNet Portal Cloud Services Developer Program - Sign up by March 13th (for APS-enabled ISV/SI partners) APS 2.0 Beta Program - Access to APS 2.0/PA 5.5 Hands-on-labs, Sandbox, and documentation - Additional online technical training & regular readiness check-in calls with APS engineers and architects - Program Requirements Include the scenario you want to solve with APS 2.0 to qualify to participate If qualified, you will be invited to the APS 2.0 Beta kickoff - Get your hands dirty with APS 2.0 Beta Be ready for launch your own packages! www.parallelsnetwork.com Profit from the cloud 28

For more information on CertiVox, contact: Questions? Brian Spector CEO / CertiVox brian@certivox.com Gene Myers VP of Engineering gene@certivox.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information