Authlogics for Azure and Office 365

Similar documents
Authlogics Forefront TMG and UAG Agent Integration Guide

BlackBerry 2FA. Datasheet. BlackBerry 2FA

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

Crash course in Azure Active Directory

MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK

Yubico with Centrify for Mac - Deployment Guide

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

BlackBerry Enterprise Identity

The only authentication platform you ll

Centrify for Dropbox Deployment Guide

Multi Factor Authentication & Self Password Reset

The Device Has Left the Building

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Microsoft 365 Business FAQs

The only authentication platform you ll COVER. ever need.

SafeNet Authentication Service

Choosing the right two-factor authentication solution for healthcare

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Office 365 and Azure Active Directory Identities In-depth

Identity as the core of enterprise mobility

Object of this document

Giovanni Carnovale Technical Account Manager Southeast Europe VASCO Data Security

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Use EMS to protect your mobile data and mobile app

white paper SMS Authentication: 10 Things to Know Before You Buy

Cloud Access Manager Overview

VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

Azure Multi-Factor Authentication: Who do you think you are?

SafeNet Authentication Service

Azure Multi-Factor Authentication. Technical Note

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Single Sign-On. Introduction

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Access Management Handbook

Contents. Multi-Factor Authentication Overview. Available MFA Factors

Simplify Application Access with Azure Active Directory

Hybrid Identity de paraplu in de cloud

Phil Schwan Technical

SharePoint 2019 and Extranet User Manager

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

Securing Office 365 with MobileIron

Managing Devices and Corporate Data on ios

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Six steps to control the uncontrollable

Maximize your move to Microsoft in the cloud

SafeNet MobilePASS+ for Android. User Guide

5 OAuth EssEntiAls for APi AccEss control layer7.com

At Course Completion After completing this course, students will be able to:

5 OAuth Essentials for API Access Control

DDS Identity Federation Service

SafeNet Authentication Service

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

SurePassID Local Agent Guide SurePassID Authentication Server 2016

October J. Polycom Cloud Services Portal

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

THE SECURITY LEADER S GUIDE TO SSO

ManageEngine ADSelfService Plus

Azure Active Directory from Zero to Hero

Technical Bulletin, November 2014

SafeNet Authentication Client

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

SafeNet Authentication Client

Set up Your Corporate or Personal (BYOD) iphone for Office 365 (Cloud)

ServicePass Installation Guide SurePassID Authentication Server 2017

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

Identity & security CLOUDCARD+ When security meets convenience

How Next Generation Trusted Identities Can Help Transform Your Business

Why is Office 365 the right choice?

SafeNet Authentication Service

SAP Single Sign-On 2.0 Overview Presentation

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Liferay Security Features Overview. How Liferay Approaches Security

Cirius Secure Messaging Single Sign-On

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Welcome to Database Exporter for SharePoint

SafeNet Authentication Service

SafeNet Authentication Service

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Dell One Identity Cloud Access Manager 8.0. Overview

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Next Generation Authentication

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Vendor: Microsoft. Exam Code: MB Exam Name: Microsoft Dynamics CRM Online Deployment. Version: Demo

CLOUD WORKLOAD SECURITY

Introduction. SecureAuth Corporation Tel: SecureAuth Corporation. All Rights Reserved.

Hosted Exchange. Presented by Joseph Lee

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Advanced Authentication 6.0 includes new features, improves usability, and resolves several previous issues.

MD-101: Modern Desktop Administrator Part 2

Transcription:

Authlogics for Azure and Office 365 Single Sign-On and Flexible MFA for the Microsoft Cloud Whitepaper Authlogics, 12 th Floor, Ocean House, The Ring, Bracknell, Berkshire, RG12 1AX, United Kingdom UK Tel: +44 1344 568 900 US Tel: +1 857 214 2174 email: info@authlogics.com web: http://authlogics.com/

The information contained in this document represents the current view of Authlogics on the issues discussed as of the date of publication. Because Authlogics must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Authlogics, and Authlogics cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. AUTHLOGICS LTD MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS Document. Copyright 2017 Authlogics. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Page 1

Introduction Office 365 is a comprehensive suite of online and offline applications backed up by Azure Active Directory. As Azure and Office 365 provide access to and store confidential company information, it is critical to secure the access to them. Out of the box, Office 365 allows access via a username and password combination which is not very secure, especially since they are not protected by your perimeter network firewall and remote access controls. The Authlogics for Azure and Office 365 solution provides secure authenticated access from inside and outside the network to cater for a multitude of scenarios; be it Azure administrator access, Mobile device sync, Outlook client connectivity or simple browser access to OWA or SharePoint. How it fits together When a user logs into an Office 365 they are actually authenticated by Azure AD and that account is then used for access to Exchange Online, SharePoint Online, Skype for Business etc. When you first setup Office 365 you need to create user accounts (in Azure). They can be manually created via the Office 365 Portal browser interface or, more typically, they are synchronised from an On-Premise Active Directory with Microsoft s Azure AD Connect tool. Synchronisation is only half the story though as it simply sets up the user accounts in Azure, but how do you logon with the new accounts? The simple way to achieve this is to synchronise your On- Premise passwords to Azure (via Azure AD Connect); this makes it appear to users that they are logging on with their usual AD user account, even though in truth they being authenticated by Azure this is known as Same Sign-On. The more secure way is to let Azure / Office 365 authenticate your users directly with the On- Premise Active Directory using federation (via Microsoft ADFS) this is known as Single Sign-On. With this method, the users are actually logging on to your own local Active Directory and then a SAML token is provided to Azure and Office 365 for the user, allowing access to the cloud services seamlessly. Although the foundations have been laid, we are still relying on unsecure passwords to access the applications so we still need to add something stronger. Page 2

Authlogics Integration The Authlogics solution for Azure and Office 365 integrates directly with Microsoft ADFS as this provides the greatest level of control and covers the most use case scenarios for strong authentication. Not only do you reap the benefits of Single Sign-On to Azure, Office 365, and any other Cloud provider which supports SAML 2.0 (which is most of them), you can also decide which applications must use strong authentication and from where. Since there is an On-Premise Authentication Server working with ADFS, you can also use Authlogics with On-Premise services such as Network Access Control, VPN & Wireless access (RADIUS), or even to secure Windows Desktop logons. Directory Sync (1) User goes to the Office 365 sign-on page and enters their account name (6) If successful, redirect back to Office 365 and load the app Sign-On (2) User is redirected to the ADFS logon page and enters password Redirect Redirect back Authenticate (3) Authenticate the AD account DB access User (4) Authlogics Agent for ADFS requests One Time Code ADFS Authenticate (5) Authenticate the One Time Code Authlogics AUTHLOGICS ADFS AGENT WITH OFFICE 365 AUTHENTICATION WORKFLOW Page 3

Many factors to consider Authlogics goes beyond simply adding 2FA to Azure and Office 365. It provides 1.5 and 2 Factor Authentication options, via three authentication technologies (PINpass, PINphrase & PINgrid) and can be delivered via the Web, Mobile App, Email or SMS/TEXT. 1.5 Factor Our 1.5 Factor Authentication is a unique (and patented) One Time Code system that does not require a second physical device. While technically not as secure as 2FA, it is much quicker and less costly to deploy and more convenient to use while mitigating most of the security concerns associated with 1 Factor Authentication technologies (passwords). OFFICE 365 WEB BASED LOGON WITH AUTHLOGICS PINGRID AND 1.5 FACTOR AUTHENTICATION 2 Factor Strong 2 Factor Authentication is also available for higher security requirements. The primary delivery method of our 2FA is a soft token available on all major and minor mobile app stores for complete device coverage. The soft token works 100% offline and has no dependency on 3G or Wi-Fi which is critical for people on the move. Alternatively, users can receive tokens via Email or SMS/TEXT if they don t have the soft token installed. All these options can be configured on a peruser basis for control and flexibility. Got a device? Bring it! In the modern multi-platform ecosystems and the reality of BYOD, it is crucial to be able to support multiple types of devices running different operating systems. Authlogics provides seamless integration with all web browsers, desktop and mobile operating systems capable of working with Azure and Office 365. Page 4

Office 365 clients The client side of Office 365 is often overlooked but is vitally important. When you enable Multi Factor Authentication with Office 365 (from any vendor), by definition, you make a username and password only combination redundant. As such, any client application that asks for and remembers a password will no longer work. Microsoft has addressed this issue with Modern Authentication which is built into all the office desktop apps (Office 2013 and higher). When required, the office app, e.g. Outlook, will present a mini web browser view of a logon page allowing for a new logon process which includes Multi Factor Authentication. Once authentication is complete, an OAuth token is generated which the app uses to authenticate with the back-end services instead of a stored password. From a user s perspective, it is similar to how a Microsoft Account works with consumer based services. Modern Authentication is already built into many Microsoft applications including Outlook, Skype for Business, Active Sync and Workplace Join. WORKPLACE JOIN ON IPHONE 7 WITH AUTHLOGICS PINGRID AND 1.5 FACTOR AUTHENTICATION Page 5

Microsoft Multi-Factor Authentication Microsoft s MFA solution is primarily built around OATH which is a very well known One Time Pin standard used by most vendors (including Authlogics PINpass). It also supports Push notifications via a mobile app. Microsoft includes a limited version of their MFA solution (Multi-Factor Authentication for Office 365) with all Office 365 SKUs which covers some basic scenarios. Furthermore, Microsoft offer a more feature complete version of their MFA solution (Azure Multi-Factor Authentication) which is available as part of the more expensive Azure AD Premium and Enterprise Mobility Suite services. Multi-Factor Authentication for Office 365 is limited to Office 365 applications only and administered via the Office 365 portal, so if you require secure Single Sign-On to other cloud providers or On- Premise applications this is not an option. For those features you will need to upgrade (for a fee) to Azure Multi-Factor Authentication which gives you One-Time Bypass, reporting, and allows you to install an On-Premise server (essentially the recently purchased Phone Factor product). The down side to this is that you need to administer the On-Premise and Cloud offerings separately as there is no integration. Feature \ Solution Authlogics Azure MFA MFA for O365 Multiple authentication technologies 1.5 Factor Authentication option Mobile App token Real-Time SMS token delivery Pre-Send SMS token delivery Email token delivery 3 rd Party Cloud support On-Premise app support Self Service AD password reset Emergency Bypass Codes Reporting 2FA PIN option Authentication SDK Web API (100% automation) Uses AD as a database (no syncing) AUTHLOGICS VS MICROSOFT MFA OFFERINGS Page 6

About Authlogics Authlogics provides IT security professionals with a fresh alternative to legacy authentication and transaction verification methods. We help companies remove the reliance on password-based authentication and hardware tokens, and encourage the use of self service capabilities. We eliminate costs and administration surrounding card readers and keyring tokens, and innovate without the need to implement expensive biometrics. Whether you want to authenticate to a Web portal, VPN, firewall, or to a multitude of different Cloud providers, Authlogics offers a range of authentication methods to suit your business. Our solution provides 1.5, 2 and 3 Factor Authentication options, via three authentication technologies (PINpass, PINphrase & PINgrid) and can be delivered via the Web, Mobile App, Email or SMS/TEXT. Additionally, we have several integration agents for various 3 rd party systems should you need them. PINgrid PINgrid is an award-winning and patented multi-factor authentication and transaction signing solution that is being used in the public and private sector today to transform any mobile device into a soft-token, via a simple offline application, replacing passwords with a memorable pattern that automatically generates a One Time Code (OTC). PINphrase PINphrase is a memorable word technology where users are asked for random letters from answers they already know to log in, instead of providing a full password. PINphrase is the only off-the-shelf solution that delivers this type of technology used by many banks we web sites. PINpass PINpass is a 2 and 3 Factor OATH compliant 6-8 digit random code solution. This standard is widely adopted by many vendors and is well trusted. PINpass turns a mobile device into a token via an App or by sending an OTP via SMS or e-mail. Like most OATH solutions, PINpass works with a fixed PIN code which must be remembered, however it can also be used with an AD password or work in PINless mode. Page 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback