SAP Security in a Hybrid World. Kiran Kola
|
|
- Rodney Hardy
- 6 years ago
- Views:
Transcription
1 SAP Security in a Hybrid World Kiran Kola
2 Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal Propagation Demos 2
3 SAP helps protect your digital business Cybersecurity is a critical element in the Digital Transformation journey Transactions and data must be secured throughout the entire end-2-end business process 1. Customers and employees are hyper-connected, always on, with seamless access anywhere and anytime 2. Cloud and hybrid cloud environments have become the norm, challenging traditional Protect the 4 walls security approaches 3. Digitally connected supply chains are based on high trust and availability of all parties 4. The Internet of Things and Big Data bring unprecedented data streams and volumes 5. Confidentiality, integrity, and availability of data is the basis for secure operations and trusted relationships 3
4 Identity and Access Management as a Service from SAP Solution overview SAP Cloud Platform offers an end-to-end Identity and Access Management (IAM) solution as a service that helps companies improve the security of their cloud business processes SAP Cloud Platform Identity Provisioning Automatically sets up and manages user accounts and authorizations in an end-to-end identity lifecycle Re-uses existing on-premise and cloud user stores Integrates with SAP Identity Management SAP Cloud Platform Identity Authentication Simple and secure access to web-based applications Enterprise features such as password policies and multifactor and risk-based authentication On-premise user store integration Easy consumer and partner on-boarding via self-services 4
5 SAP Cloud Platform Identity Provisioning Service
6 SAP Cloud Platform Identity Provisioning Product description Identity Provisioning offers a comprehensive, low cost approach to identity lifecycle management in the cloud Solution overview Manage user accounts and authorizations in a cloud-based service Provision identities from user stores in the cloud and on-premise Enable business applications to quickly support single sign-on with Identity Authentication Key value proposition Fast and efficient administration of user onboarding Centralized end-to-end lifecycle management of corporate identities in the cloud Automated provisioning of existing on-premise identities to cloud applications Retrieve cloud users and their attributes Create accounts and assign authorizations SAP Cloud Platform Identity Provisioning Retrieve on premise users and their attributes Corporate network 6
7 SAP Cloud Platform Identity Provisioning Employee life-cycle management in the cloud Automated, end-to-end identity life-cycle management for your employees On-boarding Role/position change Promotion Off-boarding Create user accounts Assign authorizations Update authorizations Update authorizations De-provision user and authorizations 7
8 SAP Cloud Platform Identity Provisioning Example: SAP SuccessFactors as the source for employee identity data When an employee record is created in SAP SuccessFactors, Identity Provisioning on-boards the new user to all cloud applications required for the person s role On-boarding Read the new employee s identity data from SAP SuccessFactors Define the initial authorization profile based on authorization policies Create user accounts and assign authorizations for the new employee in the relevant business systems Manage Update user details and authorizations automatically to ensure consistency between SAP SuccessFactors identity data and cloud applications Off-boarding De-provision authorizations Off-board employees from the cloud applications 8
9 SAP Cloud Platform Identity Provisioning Supported source and target systems Identity Provisioning supports multiple systems as sources of identity information and forwards identities to any of the listed target systems Source Systems On-premise: SAP NetWeaver Application Server for ABAP Microsoft Active Directory Cloud: SAP SuccessFactors SAP Cloud Platform Identity Authentication Microsoft Azure Active Directory Generic: SCIM-enabled solution LDAP Server SCIM SAP Cloud Platform Identity Provisioning Target Systems SAP Cloud Platform SAP Cloud Platform Identity Authentication SAP Hybris Cloud for Customer SAP Jam Concur Google G Suite Microsoft Azure Active Directory SCIM-enabled solution Cloud Foundry User Account and Authentication Server 9
10 SAP Cloud Platform Identity Provisioning Policy-based authorization management Assign authorizations to business applications through policy-based mapping of user store attributes Authorization policy management Simple and flexible policy definition Reuses existing user store data Microsoft Active Directory: User attributes and groups SAP NetWeaver AS ABAP: User attributes and roles SAP Cloud Platform Identity Authentication: User attributes and groups Efficient authorization assignment with quick updates 10
11 SAP Cloud Platform Identity Provisioning Data transformation modeling Integrate identity data models of different applications by defining rules for data transformation Apply a filter to decide which identities are read from the source system and written to the target SCIM Map attributes between the source and target systems data models to handle differences in the models Modify the format of the data taken from the source system to make it compatible with the target system SAP Cloud Platform Identity Provisioning 11
12 SAP Cloud Platform Identity Provisioning Integration with SAP Identity Management Existing customers of SAP Identity Management can extend their identity lifecycle management to cover cloud-based scenarios using Identity Provisioning and Identity Authentication Recommendations for on-premise landscapes SAP Identity Management is optimized for on-premise expectations (customization, performance) Recommendations for cloud systems Identity Provisioning offers a deployment model and simplicity suitable for cloud-based business applications. Identity Provisioning is the platform for broad cloud integration, allowing customers to efficiently on-board new applications SAP Identity Management includes a small set of connectors for cloud applications, Recommendations for hybrid scenarios Integration of SAP Identity Management with Identity Provisioning to benefit from the advantages of both worlds SAP Cloud Platform Identity Provisioning & Identity Authentication SAP Identity Management Cloud On-premise 12
13 SAP Cloud Platform Identity Provisioning DEMO 13
14 SAP Cloud Platform Identity Authentication Service
15 Identity provider options on SAP Cloud Platform SAML U/P X.509 Internet SAML SAP HANA Cloud Platform Corporate network SAML * SAP ID Service SAP Cloud Identity Bring your own identity provider SAP s public IdP on the Internet Free service, similar to social IdPs Shared user base with SCN, SAP Service Marketplace and other public SAP web sites Authentication only - no user lifecycle management Default IdP for HCP trial accounts Cloud solution for Identity lifecycle management Pay-per-logon-requests (counted once per day and user) Isolated user base per tenant User import and export Rich customization and branding features Main scenarios: B2C and B2B Pre-configured trusted IdP for productive HCP accounts Prerequisite: SAML 2.0 compliance Main scenario: B2E * Product-specific support for authentication mechanisms, such as Kerberos, X.509, 15
16 SAP Cloud Platform Identity Authentication Product Overview SAP Cloud Platform Identity Authentication provides secure access to web applications. It is a software as a service (SaaS) offering by SAP Access protection Identity federation based on SAML 2.0 Web single sign-on and desktop SSO Secure on-premise integration with existing authentication system Social and strong authentication Risk-based authentication Manage users and access to applications User administration and integration with on-premise user stores User groups and application access management User self-services Password and privacy policies Enterprise features for integration Branding of end user UIs Programmatic integration via SCIM standard Identity Authentication 16
17 Business-to-Employee Scenario (B2E) Firewall Identity Authentication Employee Central Central User Store Identity Authentication for B2E: Single Sign-On from anywhere and on any device User self-service for password reset User Interface in company look & feel Administration services Corporate branding User management Application on-boarding Template configuration Authentication based on common standards like SAML Password policy enforcement on application level 17
18 Business-to-Customer (B2C) and Business-to-Business (B2B) Scenario Identity Authentication for B2C and B2B: Self-registration with confirmation customer Identity Authentication partner Invitation flow On-behalf registration Single Sign-On Firewall Access on any device from outside corporate network Password reset self-service Corporate branding Authentication based on trusted standards Password policies enforcement on application level 18
19 Integrating SAP- and 3 rd party-applications Identity access management HR & Collaboration ERP, CRM Planning & Analytics 3 rd party SF Employee Central S4HANA IBP Microsoft: Office365, Azure Jam C4C Cloud for Customer Cloud Analytics Travel, Authentication, SSO Cloud SAP Cloud Platform Identity Authentication Service Delegate authentication Social Platforms Facebook, Google, Twitter On-premise HCM Authentication, Provisioning Identity Management HR IDM IdP 19
20 Secure Access and Single Sign-on Identity access management SAP S/4HANA, cloud ****** Logon Identity Authentication Service SAP Mobile Secure 3 rd party Cloud Innovation Management Applications SAP Cloud Platform Cloud Portal Sites SAP Document Center Other Corporate Network 20
21 Configurable access levels Identity access management Access protection on user level and on application level Public access Self registration is allowed Social authentication [optional] User status new, active, inactive, locked Internal access Only users already registered are entitled to access Private access Only users registered for the application can access 21
22 Custom password policy configuration Identity access management Custom password policies serve the need to comply with corporate security guidelines Custom password policies Min/max password length Password expiration period Max period for unused password Min password age Number of passwords in history Number of failed logon attempts until user gets locked Time period a user gets locked due to failed logon attempts 22
23 Risk-based authentication Identity access management Define authentication rules to control application access Allow User Group Membership and/or ****** ****** Logon Logon Network IP Ranges Deny Two-factor-authentication 23
24 Two-factor authentication with SAP Authenticator Identity access management Authentication with one-time passwords Provide two means of identification OTP required for login in addition to password or security token Second factor for high security scenarios Based on SAP Authenticator mobile app OTP (6-digit) created on mobile device Available for ios and Android RFC 6238 compatible 24
25 Delegated Authentication SAP Cloud Platform Identity Authentication - used as a proxy
26 Identity authentication service as a proxy to a corporate IdP Delegated authentication IdP proxy via the SAML standard easy to establish Applications SAML Identity Authentication Service SAML Identity provider proxy Authentication is delegated to corporate identity provider login Reuse of existing single sign-on infrastructure 3 rd party Cloud ****** Logon Corporate Identity Provider Easy and secure authentication for business-to-employee (B2E) scenarios Federation based on the SAML 2.0 standard Corporate Network 26
27 Authentication with on-premise user store Delegated authentication Integrate with an on-premise user store via a secure tunnel Applications ****** Logon Identity Authentication Service On-premise user store Users credentials from: Active Directory 3rd party user store No user replication to the cloud required Cloud Connector Internal network ports do not need to be exposed to the Internet LDAP SAP NW JAVA + SAP SSO SAP NetWeaver AS ABAP Corporate Network In addition usual product features can be used: UI configuration, policies, twofactor-authentication 27
28 SPNEGO authentication Delegated authentication SPNEGO: integrate with MS Windows domain authentication SAML Identity Authentication Service SPNEGO* authentication Users authenticated with corporate LDAP enjoy single sign-on to cloud applications without re-authentication Applications SPNEGO Reuse of existing corporate identity infrastructure Secure authentication and SSO for cloud and on-premise web applications Kerberos token Increase user productivity in B2E scenarios LDAP Corporate LDAP credentials AS AAP Corporate Network * Simple and Protected GSSAPI Negotiation Mechanism 28
29 Social IdP integration Delegated authentication Enable social login with popular identity providers in the Internet Applications 3 rd party Cloud SAML ****** OAuth Logon Identity Authentication Service Social Media IdPs Social media authentication Suitable for B2C, B2B scenarios Configurable per application Linking and unlinking of social accounts Logon credentials Social media username & password 29
30 IdP initiated SSO Delegated authentication Secure your business network and allow partner users to login via their corporate IdP SAML IdP 1 ****** Logon User Group 1 can access via SAML IdP 1 SAML IdP 2 ****** Logon Identity Authentication Service User Group 2 can access via SAML IdP 2 Application SAP Cloud Platform Identity Authentication as a proxy to multiple SAML identity providers Authentication is initiated by the SAML identity provider Upon successful authentication, a check for correct user group assignment can be configured (optional) 30
31 Solution Chart Identity and Access Management (IAM) solution 31
32 SAP Cloud Platform Identity Authentication DEMO 32
33 SAP Cloud Connector & Principal Propagation
34 Secure backend connectivity with the SAP Cloud Platform Cloud Connector Establishes secure VPN connection between the SAP Cloud Platform and on-premise systems Connectivity created by on-premise agent through reverse-invoke process Supports pre-configured destination API and certificate inspection to safeguard against forgeries Complementary to SAP Gateway, Cloud Integration and 3rd party integration suites both on-premise and in the cloud Cloud XS HTTP(S), RFC SAP Cloud Platform SAP Cloud Platform Cloud Connector Reverse Proxy LDAP Demilitarized Zone (DMZ) Corporate network SAP/non-SAP backend system(s) 34
35 Principle Propagation Introduction Principle Propagation means the ability to forward the user context of a message unchanged from the sender to the receiver. Application Server SAP Backend 35
36 SCP: Authentication and Single Sign-On Log in and Principal Propagation steps to make back-end data available on SCP pre-requisite: mutual SAML trust SP IDP SAML trust setup between 1a) SP = SCP and 1b) IDP, e.g. SCI, SAML assertion with user ID or LOGIN_NAME attribute pre-requisite: SAP Cloud Connector (SCC) Virtual host mapping, System certificate, Principal Propagation: CA certificate, mapping and pattern pre-requisite: ABAP system SSL server requesting client certificate, trust setup for SCC s system certificate, user ID mapping to ABAP user (EXTID_DN or CERTRULE) pre-requisite: SCP destination Configured destination, with Principal Propagation enabled account member application user SCC admin data requests 5a account login Account Cockpit SCP (SAP Cloud Platform) SCP HCP - -customer account service/ application service/ application subscriptions SCP HCP --provider account service/ application SCC trust destination 4 2 (SCP Connector) 5b 1a assertion account trust platform trust SCI (SAP Cloud Identity Authentication Service) SCI - customer SCI - customer 1b tenant tenant app appl. users SCI - SAP tenant SCP users cloud on premise 5 Log in to SCP, Principal Propagation to backend 5a) Log in based on SAML assertion, 5b) user ID mapped from SCP bearer assertion to X.509 in SCC, 5c) X.509 user ID from SCC mapped to actual ABAP user back-end (ABAP) 3 5c ABAP user 36
37 SCP: Authentication and Single Sign-On Principal Propagation in detail (Mutual SSL trust, and SAML / X.509 forwarding) browser (SSL client) SSL sessions Principal Propagation application user 2 IDP SCP 1 2 SCC SSL server destination SSL server SCC client SAML assertion SAML bearer assertion Client 4 SSL server ABAP CA 4 5 forwarded user certificate mapping ABAP user 3 1) 1 Establish tunnel from SCC to SCP (trust established automatically) 2) 2 Browser to SCP Browser: validates SSL server certificate, HCP: will trust any client (on SSL level) 2 authenticated by SAML assertion from IDP 3) 3 SCP to SCC (trust established automatically) 3 propagation by SAML bearer assertion from IDP 4) 4 SCC to ABAP back-end SCC: by default, any SSL server is trusted optional: whitelist setup for specific SSL servers ABAP:present ICM s SSL server certificate, requests client certificate matching certificate list, trust client matching profile parameters (icm/https/trust_client_with...) 4 5 propagation by forwarded X.509 user certificate (ssl_client_cert header) mapping X.509 user certificate to ABAP user id via EXTID_DN or CERTRULE SCP (SAP Cloud Platform) HCP SCP -account customer account service/ application service/ application SCC (SCP Connector) WebDispatcher destination back-end (ABAP) ABAP user 37
38 Summary Administrators Developers Users No need to manage a separate user store for cloud-based applications No user provisioning required Wide range of options for implementing the IdP Integration with IdP via well-known and proven security protocols Identity Provisioning provides a seamless integration of new cloud applications into the identity lifecycle management Identity Provisioning offers fast time-to-value and low TCO Out-of-the-box integration for authentication and SSO No coding required configuration only Simple APIs for Java, HTML5 and HANA XS to retrieve federated user attributes Single sign-on to browser-based applications running on SAP Cloud Platform No need for a separate user account and password in the cloud Together with the SAP Cloud Platform Identity Authentication service, Identity Provisioning enables customers to run identity and access management in a cloud consumption model 38
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation June 2014 Public Legal disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationUnified Secure Access Beyond VPN
Unified Secure Access Beyond VPN Luboš Klokner F5 Systems Engineer lubos@f5.com +421 908 755152 @lklokner Humans v. Technology F5 Networks, Inc Agenda Introduction General APM Use-Cases APM Use-Cases from
More informationSAP IoT Application Enablement Best Practices Authorization Guide
SAP IoT Application Enablement Best Practices Authorization Guide TABLE OF CONTENTS 1 INITIAL TENANT SETUP... 3 1.1 Configure Trust... 3 1.1.1 Technical Background... 6 1.2 Establish Trust... 6 1.3 Set
More informationSAP API Management Cloud Connector PUBLIC
SAP API Management Cloud Connector PUBLIC Objectives After completing this unit, you will be able to: - Understand Cloud connector and its value proposition - Call an API accessible through Cloud Connector
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationCreating Application Definitions in Hana Cloud Platform Mobile Services
SAP Hana Cloud Platform Mobile Services How-To Guide Provided by SAP s Technology RIG Creating Application Definitions in Hana Cloud Platform Mobile Services Applicable Releases: Platform Mobile Services
More informationREVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE
REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE Table of Contents Component Design: VMware Identity Manager Architecture Design Overview VMware Identity Manager Connector
More informationIntro to the Identity Experience Engine. Kim Cameron, Microsoft Architect of Identity ISSE Paris November 2016
Intro to the Identity Experience Engine Kim Cameron, Microsoft Architect of Identity ISSE Paris November 2016 Intro to the Identity Experience Engine (IEE) Withering away of the enterprise domain boundary
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationApp Gateway Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E App Gateway Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationREVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE
REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: VMware Workspace ONE Table of Contents Introduction.... 3 Purpose of This Guide....3 Audience...3 Before You Begin....3
More informationVMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018
VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018 Table of Contents Introduction to Horizon Cloud with Manager.... 3 Benefits of Integration.... 3 Single Sign-On....3
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationVMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1
VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June
More informationHorizon Workspace Administrator's Guide
Horizon Workspace Administrator's Guide Horizon Workspace 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationSharePoint 2019 and Extranet User Manager
SharePoint 2019 and Extranet User Manager Tuesday, June 5, 2018 12:00-1:00 PM http://eum.co (#) Agenda Introductions SharePoint 2019 Announcements SharePoint On Premises Extranets EUM Features and Licensing
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationVMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2
VMware Identity Manager Administration MAY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationTech Dive: Microsoft Azure Identity Management and Office 365
Tech Dive: Microsoft Azure Identity Management and Office 365 Tech Dive: Microsoft Azure Identity Management and Office 365 Microsoft Partner Confidential 2 Tech Dive: Microsoft Azure Identity Management
More informationHybrid Identity de paraplu in de cloud
EXPERTS LIVE SUMMER NIGHT Hybrid Identity de paraplu in de cloud Robbert van der Zwan TSP EM+S Netherlands EXPERTS LIVE SUMMER NIGHT Robbert van der Zwan Robbert works as an Enterprise Mobility and Security
More informationIntegration Patterns for Legacy Applications
Integration Patterns for Legacy Applications Index Why should I integrate my apps with Okta? 3 Scope 5 When to use this ebook 6 How to read this ebook 7 Integration patterns supported by Okta 8 RADIUS
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationDATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz
Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz Osman Akagunduz Consultant @ InSpark Microsoft Country Partner Of The Year Twitter: @Osman_Akagunduz What s in this session The role of Azure
More informationIntegrating AirWatch and VMware Identity Manager
Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationNews and Updates June 1, 2017
Microsoft Azure News and Updates June 1, 2017 Azure Backup for Windows Server System State Modern Backup Storage with Azure Backup Server v2 vcenter/esxi 6.5 support for Azure Backup Server Larger Disk
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationChallenges in Authenticationand Identity Management
Sep 05 ISEC INFOSECURITY TOUR 2017 05.09.2017, Buenos Aires, Argentina Challenges in Authenticationand Identity Management CAMINANTE NO HAY CAMINO, SE HACE CAMINO AL ANDAR 2016 SecurIT Who is MerStar?
More informationSAP API Management and API Business Hub Overview
SAP API Management and API Business Hub Overview Harsh Jegadeesan Head of Product Management, Digital Transformation Services, SAP Cloud Platform Overview Accelarate your digital transformation with APIs
More informationARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018
REVISED 6 NOVEMBER 2018 Table of Contents Architectural Overview Workspace ONE Logical Architecture GUIDE 2 VMware Workspace ONE Cloud-Based Reference Architecture - Architectural Overview Architectural
More informationUGKnowledge. SAP User Groups
UGKnowledge Knowledge @ SAP User Groups SAP HCP Webinar Series 4 SAP User Groups Moderator: Jos Houben SAP HCP Digital Future Enabled by SAP HANA Cloud Platform Prakash Darji Mar 17 SAP HCP and HEC: How
More informationSAP HANA Operation Expert Summit BUILD User Management & Security Overview Andrea Kristen/SAP HANA Product Management May 2014.
SAP HANA Operation Expert Summit BUILD User Management & Security Overview Andrea Kristen/SAP HANA Product Management May 2014 Customer Disclaimer This presentation outlines our general product direction
More informationDell One Identity Cloud Access Manager 8.0. Overview
Dell One Identity Cloud Access Manager 8.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under
More informationAzure Active Directory from Zero to Hero
Azure Active Directory from Zero to Hero Azure &.NET Meetup Freiburg, 2018 Esmaeil Sarabadani What we cover today Overview on Azure AD Differences between on-prem AD and Azure AD Azure AD usage scenarios
More informationWSO2 Identity Management
WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017 Few things about me First engagement with open source technologies in 1995 Open source consultant and systems
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Summer 17 @salesforcedocs Last updated: September 28, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationSSO Integration Overview
SSO Integration Overview 2006-2014 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 7.2 June, 2014 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationCA CloudMinder. Administration Guide 1.52
CA CloudMinder Administration Guide 1.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationExpertise that goes beyond experience.
Pre-Conference Training and Certification Expertise that goes beyond experience. OKTANE18.COM Monday, May 21 - Tuesday, May 22 ARIA Resort & Casino, Las Vegas Contents 03 04 05 Okta Education Services
More informationUse EMS to protect your mobile data and mobile app
Use EMS to protect your mobile data and mobile app Peter Daalmans Senior Consultant, Enterprise Mobility MVP CTGlobal. pds@ctglobalservices.com PETER DAALMANS Enterprise Mobility MVP @ CTGlobal Blog: https://peterdaalmans.com
More informationSAS and F5 integration at F5 Networks. Updates for Version 11.6
SAS and F5 integration at F5 Networks Updates for Version 11.6 Managing access based on Identity Employees Partner Customer Administrator IT challenges: Control access based on user-type and role Unify
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationPrzejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku
Przejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku Łukasz Knysak Senior System Inżynier w Veracomp SA Back in 1963 JFK ordered that all nuclear warheads
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: December 20, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationAdaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia
Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia F5 EMEA Webinar Listopad 2014 Andrzej Kroczek Field Systems Engineer Today s Network and App Access: So Many Variables! LOCATIONS USERS DEVICES
More informationArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young
ArcGIS Online A Security, Privacy, and Compliance Overview Andrea Rosso Michael Young ArcGIS Online A Multi-Tenant System Portal Portal Portal ArcGIS Online Agenda Online Platform Security Deployment Architecture
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationShareFile Technical Presentation
ShareFile Technical Presentation Joerg Vosse Senior Systems Engineer - Citrix ShareFile CEE joerg.vosse@citrix.com ShareFile Enterprise Architecture Overview ShareFile Document Cloud ShareFile.com ShareFile.eu
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware AirWatch 9.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Spring 17 @salesforcedocs Last updated: March 11, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationAndroid Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.
Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationCrash course in Azure Active Directory
Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.
More informationAzure Active Directory B2C. Daniel Dickinson Enterprise Mobility Specialist
Azure Active Directory B2C Daniel Dickinson Enterprise Mobility Specialist Are you ready? Is your identity system ready and secure? A consumer identity and access management system needs to be: Consumer-centric
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationRSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013
Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationCentrify Identity Services for AWS
F R E Q U E N T L Y A S K E D Q U E S T I O N S Centrify Identity Services for AWS Service Description and Capabilities What is included with Centrify Identity Services for AWS? Centrify Identity Services
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationAbout This Document 3. Overview 3. System Requirements 3. Installation & Setup 4
About This Document 3 Overview 3 System Requirements 3 Installation & Setup 4 Step By Step Instructions 5 1. Login to Admin Console 6 2. Show Node Structure 7 3. Create SSO Node 8 4. Create SAML IdP 10
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationSecurity Guide Zoom Video Communications Inc.
Zoom unifies cloud video conferencing, simple online meetings, group messaging, and a softwaredefined conference room solution into one easy-to-use platform. Zoom offers the best video, audio, and wireless
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials
More informationAppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
AppController 2.6 2014-03-18 13:21:56 UTC 2014 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents AppController 2.6... 6 About This Release... 8 Getting Started...
More informationAKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview
AKAMAI WHITE PAPER Enterprise Application Access Architecture Overview Enterprise Application Access Architecture Overview 1 Providing secure remote access is a core requirement for all businesses. Though
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationEXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings
EXPERTS LIVE SUMMER NIGHT Close your datacenter and give your users-wings Stefan van der Wiele Robbert van der Zwan TSP EMS Blackbelt TSP EMS Netherlands EXPERTS LIVE SUMMER NIGHT Stefan van der Wiele
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationTivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic
Tivoli Federated Identity Manager Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic svest@dk.ibm.com IBM Software Day Vilnius 2009 Agenda IBM strategy on IAA What is a federation
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
ADV1591BU Delivering Virtual Desktops and Apps via the Digital Workspace with Workspace ONE and VMware Horizon VMworld 2017 Content: Not for publication Peter Bjork @thepeb & Matt Coppinger @mcopping #VMworld
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationRECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO
July 2017 Contents Introduction...3 The Integrated Solution...3 Prerequisites...4 Configuration...4 Set up BIG-IP APM to be a SAML IdP...4 Create a self-signed certificate for signing SAML assertions...4
More informationConfigure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSAP Global Track and Trace Onboarding Guide
SAP Global Track and Trace Onboarding Guide Document Version: Cloud 2019.04a Implementation Guide PUBLIC TABLE OF CONTENTS 1 INTRODUCTION... 3 1.1 Prerequisite... 3 1.2 Overview... 3 2 SET UP AN SAP CLOUD
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More information