Challenges in Authenticationand Identity Management
|
|
- Osborn Pope
- 6 years ago
- Views:
Transcription
1 Sep 05 ISEC INFOSECURITY TOUR , Buenos Aires, Argentina Challenges in Authenticationand Identity Management CAMINANTE NO HAY CAMINO, SE HACE CAMINO AL ANDAR 2016 SecurIT
2 Who is MerStar? Founded 2013 in Switzerland IT Security Projects for banks, insurance companies, governments Architecture-driven approach from requirements phase to actual production launch SecurIT Business Partner 2
3 Who is SecurIT? Founded in 1999 in Belgium Offices in BE, NL and USA Security vendor Focus in Identity and Access Management Various IDM products Technology Partners Vasco, PhoneFactor, Gemalto, RSA SecurID, Kobil Id-me, SentryCom IBM, CyberArk Customer references 3
4 Authentication: Traditional Deployment Scenario Internet DMZ Intranet AD Authentication Server LDAP Server Browser Proxy Application Server Username/ Password One-Time- Password Smartcard (e.g. eid) Browser 4
5 Cloud Computing, Desktop SSO, Social media Identities (IdP) are no longer strictly local Private IdP Applications (SP) are no longer strictly local Cisco WebEx Private SP 5
6 Cloud services: Traditional Authentication requires integration with Federation Internet of SPs and IDPs DMZ Intranet AD Authentication Server LDAP Server Username/ Password Browser Proxy Application Server One-Time-Password Smartcard (e.g. eid) Cisco WebEx Browser 6
7 Integration challenges How do I become a SP? Which protocol? SAML2, WS-Federation, Oauth2, OpenID Connect, XAML How do I manage the technology? How do I manage my identities? Provisioning and life cycle? Legal on-boarding? 7
8 Recommendation (1) Think Authentication Broker! Extend the protocol stack but keep traditional functions 8
9 Recommendation (2) Authentication Broker becomes Federation Broker Architecture Principle Brokers the relationship between SP(s) IDP(s) Issues Federation Token Support features such as IDP discovery, Single Logout and Provisioning protocols 9
10 Recommendation (2) Authentication Broker becomes Federation Broker Avoid multiple access points such as com com com Prefer Single access point such as 10
11 Recommendation (3) Protect the application 90% of the IT investments are in applications Logon to the application using a token which is standardized (format and content) i.e. SAML2 Have an in-house Token Specification Standardize Identity Token (same for all apps) Define a shopping list for access control attributes Federation Token Have a common Identity Framework Transform token to API Single API for user-id and security context i.e. Java /.NET based Propagate Token through all layers End-to-end security, propagate issuing token through all layers up to enterprise tier 11
12 Muchas gracias Visit us in the Exhibition Area Stand 12 SecurIT Gent Amsterdam New York Karsten Oliver Starr / Marc Vanmaele marc.vanmaele@securit.biz mvanmaele 12
13 Identity Federation? Quick refresh... Service Provider (SP) Requestor Identity Provider (IDP) 13
14 Backup Slides - Other Recommendations Have an End-to-end architecture Buy, don t build Protect the legacy* systems (i.e. authorization systems) Do NOT throw well-established systems away because they are old, protect the wel-established resources such as workflows and business processes Rather renovate existing systems wherever possible and keep them Have a good product set for Reverse Proxy and Authentication Server But protect well-established systems and renovate wherever possible Design the application with security in mind (OWASP Top 10) Security in design process at all stages 14
15 Cloud Computing and Social media challenges Identities (IdP) are no longer strictly local Private IdP Applications (SP) are no longer strictly local Cisco WebEx Private SP 15
16 Backup Slides - Business Requirements Regulatory- and law enforcements Banking laws IT Diversity Legacy Mergers and Acquisitions Emerging standards Time to market Keep IT costs low 16
17 Backup Slides - Authentication Service requirements Support Multiple Authentication mechanisms PKI, OTP, uid/pw, OAUTH, SAML, WS-Federation, Transaction sgining For multiple client devices Mobile, Browser Across Multiple SSO protocols SAML2P, WS-Federation, OAUTH2 Across multiple transports HTTP, HTTP-REST, RPC Supporting multiple identities Google, Facebook, Swift, Supporting Business Security requirements Cross border policies, Authentication- and data rules Non-repudiation Step-up, Step-down Inactivity- Max security timeouts Replay detection... 17
18 Backup Slides - Identity Hub: The Implementation Where Are You From Not a standard Various proprietary implementations Often limited to SP cookie Supported by Common Domain Cookie Profiles for SAML 2.0 specification Not very practical Scalability and security issues Supported by IdP Discovery Service OASIS IdP Discovery Service specification OpenID Connect Discovery SP needs to be IDS enabled Supported by IdP Selection Service acts as a proxy terminates the Authentication Request executes IdP selection policy can leverage TrustFactor IdP Discovery & Attribute Provider initiates new Authentication Request 18
19 Backup Slides - Identity Hub: High-Level Architecture IdP (eid) IdP (Social Media) IdP (SaaS) Identity Providers SP SP SP IDHub Virtual SP Layer User Gateway Server Repository Orchestration Layer IdP IdP IdP Virtual IdP Layer SP (OAuth) SP (WS-Federation) SP (SAML 2.0) Cloud Applications Applications Using ADFS PoC (WAM, VPN, esso) 19
20 Backup Slides - Identity Hub: High-Level Architecture Local Authentication Username/Password One-Time-Password Certificates Out-of-band 3 rd Party Authentication Vasco DigiPass Gemalto Safenet Cloud Authentication eid Fedict Google+ Facebook LinkedIN Identity Providers SP SP SP IDHub Virtual SP Layer User Gateway Server Repository Orchestration Layer IdP IdP IdP Virtual IdP Layer Application Server Off-the-Shelf Local Common Applications Application Server Adobe EM Local Federated Applications SalesForce ServiceNow Office 365 WorkDay Cloud Applications Service Providers 20
21 Complete Picture 21
22 Backup Slides - IDHub Redundancy Internet DMZ Secure Intranet Intranet Repositories Repositories GUI Server Admin. User Server GUI Server Connection Setup Server Log Archive Server Gateway Protected Application Gateway External User LB/WAF Connection Setup LB/WAF Internal User Gateway Protected Application Gateway 22 Restricted Intranet
23 Internet DMZ Secure Intranet GUI Server Intranet Admin. User GUI Server Identity Provider ( Server) Authn Repository Identity Provider ( Server) Authn Repository ISAM WebSEAL Identity Hub ( Server) Repository External User LB/WAF ISAM WebSEAL Identity Hub ( Server) Repository Log Archive Server Protected Application 23 Protected Application Restricted Intranet
24 Identity Hub Architecture The Hub has an embedded Web Access Management Proxy. The proxy is used by the Hub to proxy federation requests between SPs and IdPs. Optionally however the proxy can also be used to protect and provide SSO to web applications that are not federation enabled. Note that a Identity Hub instance is dedicated to a single organisation. Hence there is no need for embedded multi-tenancy. Identity Hub The Federation Consumer interface allows the Hub to relay requests it can t handle locally to external IdPs. The Hub comes out-of-the-box with a range or pre-configured IdP (e.g. Google, Facebook, Twitter, Clef, eid). Other IdPs can be added through the Admin Portal. The choice of IdP is controlled by an orchestration workflow that can also be managed using the Admin Portal. The Federation Provider end-point allows the Hub to be used as a virtual IdP supporting protocols like SAML, OAuth, OpenID Connect and WS-Federation. It comes pre-configured for a range of well-known SPs like Salesforce, and Google Apps. Other SPs can be added using the Admin Portal. Federation Provider Web Access Management Proxy Federation Consumer The Hub has an embedded and replicated Directory Service on board. This service is used to store and manage the bridging of identities. Optionally, it can also be used for authenticating the user using any of the embedded authentication mechanisms. It is also possible to leverage an existing LDAP, AD or database server. The service supports SCIM. The LDAP end-point provides a virtual directory interface that can be used by applications to authenticate users or to retrieve attributes from the Hub s LDAP or from Federated repositories (Database, LDAP, AD) LDAP RADIUS IDHub Directory Service Authn Service The Hub also has an embedded Authentication Service that provides several ready-to-use authentication mechanisms. Among these mechanisms are Username/Password, OATH-based OTP over SMS and on mobile devices, out-of-band and PKI (e.g. eid and other smartcards). In the context of PKI it also provides CA fail-over and caching. This end-point allows applications that use RADIUS as an authentication protocol (e.g. VPN) to leverage the services of the Hub. User Portal The User Portal exposes self-service functions like account management, authentication enrolment, IdP preference, device enrolment Admin Portal The Admin Portal provides administrative functions like user, group and role management, IdP and SP onboarding and authentication mechanism activation 24
SAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationAuthor: Nils Meulemans, CTO. Date: June 7, Version: 2.1
Author: Nils Meulemans, CTO Date: June 7, 2018 Version: 2.1 TrustBuilder Identity Hub Technical White paper Contents A new approach to Identity and Access Management... 2 The TrustBuilder Approach... 2
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationSSO Integration Overview
SSO Integration Overview 2006-2014 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 7.2 June, 2014 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationIntegration Patterns for Legacy Applications
Integration Patterns for Legacy Applications Index Why should I integrate my apps with Okta? 3 Scope 5 When to use this ebook 6 How to read this ebook 7 Integration patterns supported by Okta 8 RADIUS
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationThe flexible IAM platform
WHITEPAPER The flexible IAM platform Author: Nils Meulemans, CTO Date: February 2019 Version: 2.2 Contents TrustBuilder the first flexible IAM platform...3 IAM solutions the current state...3 A new approach
More informationARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018
REVISED 6 NOVEMBER 2018 Table of Contents Architectural Overview Workspace ONE Logical Architecture GUIDE 2 VMware Workspace ONE Cloud-Based Reference Architecture - Architectural Overview Architectural
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationUnified Secure Access Beyond VPN
Unified Secure Access Beyond VPN Luboš Klokner F5 Systems Engineer lubos@f5.com +421 908 755152 @lklokner Humans v. Technology F5 Networks, Inc Agenda Introduction General APM Use-Cases APM Use-Cases from
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
ADV1591BE Delivering Virtual Desktops and Apps via the Digital Workspace with Workspace ONE and VMware Horizon VMworld 2017 Content: Not for publication Johan van Amersfoort & Stephane Padique #VMWORLD
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationGiovanni Carnovale Technical Account Manager Southeast Europe VASCO Data Security
Giovanni Carnovale Technical Account Manager Southeast Europe The concept of strong authentication Something you have Something you know We authenticate the world 2 Authenticate where? We authenticate
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationWSO2 Identity Management
WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017 Few things about me First engagement with open source technologies in 1995 Open source consultant and systems
More informationServer Installation and Administration Guide
NetApp Connect 5.1 Server Installation and Administration Guide NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501 Support telephone: +1 (888)
More informationPortal for ArcGIS. Matthias Schenker, Esri Switzerland
Portal for ArcGIS Matthias Schenker, Esri Switzerland Empower people to use and create maps More apps Operations Dashboard for ArcGIS Collector for ArcGIS Maps everywhere Organize your maps and apps enable
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation June 2014 Public Legal disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationEchidna Concepts Guide
Salt Group Concepts Guide Version 15.1 May 2015 2015 Salt Group Proprietary Limited. All rights reserved. Information in this document is subject to change without notice. The software described in this
More informationTivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic
Tivoli Federated Identity Manager Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic svest@dk.ibm.com IBM Software Day Vilnius 2009 Agenda IBM strategy on IAA What is a federation
More informationDell One Identity Cloud Access Manager 8.0. Overview
Dell One Identity Cloud Access Manager 8.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under
More informationBusting the top 5 myths of cloud-based authentication
Busting the top 5 myths of cloud-based authentication Insert Your Name Jason Hart CISSP CISM Vice President, Cloud Solutions SafeNet, Inc. Insert Your Title Insert Date Overview Cloud benefits Agility
More informationArcGIS for Server: Security
DevSummit DC February 11, 2015 Washington, DC Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow - ArcGIS Server Roles and Identity Stores - Authentication - Authorization: Securing
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
ADV1591BU Delivering Virtual Desktops and Apps via the Digital Workspace with Workspace ONE and VMware Horizon VMworld 2017 Content: Not for publication Peter Bjork @thepeb & Matt Coppinger @mcopping #VMworld
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationVMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018
VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018 Table of Contents Introduction to Horizon Cloud with Manager.... 3 Benefits of Integration.... 3 Single Sign-On....3
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationCA Adapter. CA Adapter Installation Guide for Windows 8.0
CA Adapter CA Adapter Installation Guide for Windows 8.0 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationConfigure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support
More informationCertification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Summer Salesforce.com, inc. All rights reserved.
Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER Summer 18 2018 Salesforce.com, inc. All rights reserved. S ALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationSentinet for Microsoft Azure SENTINET
Sentinet for Microsoft Azure SENTINET Sentinet for Microsoft Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Cloud Deployment Model... 3 Hybrid Deployment Model...
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationREVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE
REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE Table of Contents Component Design: VMware Identity Manager Architecture Design Overview VMware Identity Manager Connector
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationCA Adapter. Installation and Configuration Guide for Windows. r2.2.9
CA Adapter Installation and Configuration Guide for Windows r2.2.9 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationStandards-based Secure Signon for Cloud and Native Mobile Agents
Standards-based Secure Signon for Cloud and Native Mobile Agents P. Dingle July 2013 1 Mobile http://www.flickr.com/photos/nataliejohnson/2776045330 2 http://www.flickr.com/photos/soo/5525383948 Mobile
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationUdemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal
Single Sign-On (SSO) capability for the UFB portal Table of contents Overview SSO and SAML PingOne and Ping Federate Data Flow FAQ What is the End User Experience With SSO? Can users access the Udemy app
More informationAzure Multi-Factor Authentication: Who do you think you are?
Azure Multi-Factor Authentication: Who do you think you are? Sander Berkouwer CTO at SCCT scct.nl Sander Berkouwer CTO at SCCT scct.nl Microsoft MVP Veeam Vanguard A little history Server Microsoft acquired
More informationConfiguration Guide. BlackBerry UEM. Version 12.9
Configuration Guide BlackBerry UEM Version 12.9 Published: 2018-07-16 SWD-20180713083904821 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the first time...9 Configuration
More informationSecureAuth IdP Realm Guide
SecureAuth IdP Realm Guide What is a Realm? A realm is a configured workflow that leads end-users to a target resource (application, IdM page, certificate enrollment page, etc.). Each SecureAuth IdP realm
More informationOverview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT
DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor
More informationCertification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Winter Salesforce.com, inc. All rights reserved.
Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER Winter 18 2017 Salesforce.com, inc. All rights reserved. S ALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Spring 17 @salesforcedocs Last updated: March 11, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationAzure Active Directory from Zero to Hero
Azure Active Directory from Zero to Hero Azure &.NET Meetup Freiburg, 2018 Esmaeil Sarabadani What we cover today Overview on Azure AD Differences between on-prem AD and Azure AD Azure AD usage scenarios
More informationAuthlogics for Azure and Office 365
Authlogics for Azure and Office 365 Single Sign-On and Flexible MFA for the Microsoft Cloud Whitepaper Authlogics, 12 th Floor, Ocean House, The Ring, Bracknell, Berkshire, RG12 1AX, United Kingdom UK
More informationConfiguration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2
Configuration Guide BlackBerry UEM Version 12.7 Maintenance Release 2 Published: 2017-12-04 SWD-20171130134721747 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the
More informationSOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES
SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES Todd Haddaway, University of Maryland, Baltimore County Jacob Farmer, Indiana University Dedra Chamberlin, Cirrus Identity 2015 Internet2
More informationVMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2
VMware Identity Manager Administration MAY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More information<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide
RSA SECURID ACCESS Standard Agent Client Implementation Guide VMware Horizon View 7.2 Clients Daniel R. Pintal, RSA Partner Engineering Last Modified: September 14, 2017
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationCA SiteMinder. Federation in Your Enterprise 12.51
CA SiteMinder Federation in Your Enterprise 12.51 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation ), is for
More informationEMS Platform Services Installation & Configuration Guides
EMS Platform Services Installation & Configuration Guides V44.1 Last Updated: August 7, 2018 EMS Software emssoftware.com/help 800.440.3994 2018 EMS Software, LLC. All Rights Reserved. Table of Contents
More informationThe Old is New Again Engineering Security in the Age of Data Access from Anywhere
The Old is New Again Engineering Security in the Age of Data Access from Anywhere Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 10, 2014 Session 14971 AGENDA History 1 This
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Summer 17 @salesforcedocs Last updated: September 28, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationPrzejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku
Przejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku Łukasz Knysak Senior System Inżynier w Veracomp SA Back in 1963 JFK ordered that all nuclear warheads
More informationTHE SECURITY LEADER S GUIDE TO SSO
THE SECURITY LEADER S TO SSO When security leaders think of single sign-on (SSO), they usually think of user convenience and experience. But SSO also plays a critical role in delivering security for data
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: December 20, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationBlackBerry UEM Configuration Guide
BlackBerry UEM Configuration Guide 12.9 2018-11-05Z 2 Contents Getting started... 7 Configuring BlackBerry UEM for the first time... 7 Configuration tasks for managing BlackBerry OS devices... 9 Administrator
More information1 Modular architecture
1 Modular architecture UI customization IIS ID assignment Authorizer selection HTML/CSS/JS HTML/CSS/JS skin skin API User module Admin module Attribute validation Resource assignment Escalation / delegation
More informationThe Business of Identity: Business Drivers and Use Cases of Identity Web Services
The Business of Identity: Business Drivers and Use Cases of Identity Web Services Roger Sullivan, Vice President, Liberty Alliance Vice President, Oracle Corporation Liberty s Architecture Liberty Identity
More informationCONNECTED IDENTITY: BENEFITS, RISKS, AND CHALLENGES DIRECTOR - SECURITY ARCHITECTURE, WSO2
CONNECTED IDENTITY: BENEFITS, RISKS, AND CHALLENGES BY FRANK PRABATH LEYMANN SIRIWARDENA DIRECTOR - SECURITY ARCHITECTURE, WSO2 TABLE OF CONTENTS 1. Introduction... 03 2. Breaking Silos in a Connected
More informationFlexible, robust, easy and thorough authentication
Flexible, robust, easy and thorough authentication VPN/PRIVATE WEBSITE ACCESS ACCESS TO APPLICATIONS APPLICATION CONTENT WORKSTATION The freedom your business needs from an authentication system Don t
More informationSafeNet Authentication Service for Your Business Introducing Strong Authentication as-a-service. Marko Bobinac PreSales Engineer CEE, Russia & CIS
SafeNet Authentication Service for Your Business Introducing Strong Authentication as-a-service Marko Bobinac PreSales Engineer CEE, Russia & CIS Agenda SafeNet introduction Introduction to Authentication
More informationDeploying Tableau at Enterprise Scale in the Cloud
# T C 1 8 Deploying Tableau at Enterprise Scale in the Cloud Calvin Chaney Senior Systems Analyst Enterprise Analytics / Tableau Enterprise Analytics supports Tableau s mission of driving self-service
More informationglobus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory
globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory Computation Institute (CI) Apply to challenging problems Accelerate by building the research
More informationExpertise that goes beyond experience.
Pre-Conference Training and Certification Expertise that goes beyond experience. OKTANE18.COM Monday, May 21 - Tuesday, May 22 ARIA Resort & Casino, Las Vegas Contents 03 04 05 Okta Education Services
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationUser Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017
User Management Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017 Agenda Introduction User Management Federation Objectives 1 Introduction NextGEOSS High-Level Architecture DataHub harvest
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault
RSA SECURID ACCESS Implementation Guide CyberArk Peter Waranowski, RSA Partner Engineering Last Modified: March 5 th, 2018 Solution Summary CyberArk can integrate with
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationCA SSO Cloud-Enabled with SSO/Rest
CA SSO Cloud-Enabled with SSO/Rest SSO/Rest Solves Many Challenges Applications in the Cloud AJAX / Mobile / Thick Client Application Integration "Agent-less" Infrastructure Server-side Application Integration
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationSxS Authentication solution. - SXS
SxS Authentication solution. - SXS www.asseco.com/see SxS Single Point of Authentication Solution Asseco Authentication Server (SxS) is a two-factor authentication solution specifically designed to meet
More informationOpenID Cloud Identity Connector. Version 1.3.x. User Guide
OpenID Cloud Identity Connector Version 1.3.x User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate OpenID Cloud Identity Connector User Guide Version 1.3.x January, 2016 Ping Identity
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young
ArcGIS Online A Security, Privacy, and Compliance Overview Andrea Rosso Michael Young ArcGIS Online A Multi-Tenant System Portal Portal Portal ArcGIS Online Agenda Online Platform Security Deployment Architecture
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More information