Introduction. SecureAuth Corporation Tel: SecureAuth Corporation. All Rights Reserved.

Similar documents
VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

VAM. Epic epcs Value-Added Module (VAM) Deployment Guide

Cloud Access Manager Overview

VAM. Radius 2FA Value-Added Module (VAM) Deployment Guide

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

Health Analyzer VAM Best Practices Guide

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

BEST PRACTICES GUIDE RSA MIGRATION MODULE

Introduction. The Safe-T Solution

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

VAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide

Novell Access Manager 3.1

Choosing the right two-factor authentication solution for healthcare

SAML-Based SSO Solution

SAP Security in a Hybrid World. Kiran Kola

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

O365 Solutions. Three Phase Approach. Page 1 34

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

SAML-Based SSO Solution

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Dell One Identity Cloud Access Manager 8.0. Overview

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Office 365 and Azure Active Directory Identities In-depth

Authlogics for Azure and Office 365

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

The Modern Web Access Management Platform from on-premises to the Cloud

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

OpenIAM Identity and Access Manager Technical Architecture Overview

Echidna Concepts Guide

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

App Gateway Deployment Guide

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Are You Avoiding These Top 10 File Transfer Risks?

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

CA Adapter. CA Adapter Installation Guide for Windows 8.0

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Single Sign-On. Introduction

Identity Provider for SAP Single Sign-On and SAP Identity Management

1. Introduction. 2. Why Mi-Token? Product Overview

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Single Sign-On Showdown

Sentinet for BizTalk Server SENTINET

ForeScout Extended Module for VMware AirWatch MDM

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

SecureAuth IdP Realm Guide

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

Microsoft Architecting Microsoft Azure Solutions.

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Federated Identity Manager Business Gateway Version Configuration Guide GC

DreamFactory Security Guide

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

SAML-Based SSO Configuration

Device Recognition Best Practices Guide

Cirius Secure Messaging Single Sign-On

Integrated Access Management Solutions. Access Televentures

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

TIBCO Cloud Integration Security Overview

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Single Secure Credential to Access Facilities and IT Resources

Integration Patterns for Legacy Applications

SAML-Based SSO Configuration

Adaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

CA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

IBM C Exam. Volume: 65 Questions

ForeScout Extended Module for MobileIron

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

HIPAA Regulatory Compliance

Horizon Workspace Administrator's Guide

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

API Security Management SENTINET

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

CLOUD WORKLOAD SECURITY

WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices

Enterprise Guest Access

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Single Sign-On. Introduction. Feature Sheet

ShareFile Technical Presentation

white paper SMS Authentication: 10 Things to Know Before You Buy

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Solutions Business Manager Web Application Security Assessment

Projectplace: A Secure Project Collaboration Solution

AppSpider Enterprise. Getting Started Guide

Transcription:

Introduction Many of our clients have systems that work with SecureAuth IdP out-of-the-box: just deploy and configure. Some clients, however, require additional customization to work with SecureAuth. For this, SecureAuth provides Tailoring Frontline Services, a staff of developers specializing in taking SecureAuth IdP and customizing it to work seamlessly with your system. Some of these custom solutions prove useful beyond the needs of an individual client, so we offer them to other clients as ready-to-use modules. Value-Added Modules (VAMs) are software components that are developed by SecureAuth s Tailoring Frontline Services to fit the needs of customers seeking a simple way to adapt their system to the SecureAuth cybersecurity solution. Think of these VAMs as adapters or connectors, enabling you to link SecureAuth IdP to your system without additional development. Our current VAM release list covers a wide spectrum of functions and should satisfy the requirements for many potential clients, providing an easy method to marry their applications with SecureAuth s IdP. We do the work so you don t have to. The VAMs described in this list are: Converting Your.NET Apps to SAML-Enabled Apps.............................page 2 Converting Your Java Apps to SAML-Enabled Apps for SSO.....................page 2 Multi-Factor Authentication for ADFS..........................................page 3 Phased Migration from RSA Hard Tokens.......................................page 4 SecureAuth Access Gateway..................................................page 5 Self-Service Verification of User Contact Information............................page 6 HID Proximity Card Use in a Multi-Factor Authentication Work Flow..............page 6 Single Sign-On for Epic Care Link..............................................page 7 Bypass Cost and Maintenance of Email Servers with PostUp.com.................page 7 WebSphere-to-SAML Integration..............................................page 8 CAS Installer................................................................page 9 Epic EPCS Integration........................................................page 9 SQL User Manager.......................................................... page 10 SecureAuth Health Analyzer................................................. page 10 For information on purchasing any of these products, contact your SecureAuth sales representative: Email: inside-sales@secureauth.com Phone: +1.949.777.6959 Website: https://www.secureauth.com/contact-us.aspx

1 Converting Your.NET Apps to SAML-Enabled Apps.NET SAML Consumer The.NET SAML Consumer add-on module enables custom-built, nonstandard.net applications that do not currently support Federation to be converted quickly and easily to a SAML Federation-supported application. This provides customers with SecureAuth SSO access to applications that did not previously support federation access, simplifying integration times while providing increased security and a better user experience during application access. + Increase security by utilizing SAML certificate validation and protocol security + Eliminate unnecessary cookie data transfers and custom-built authentications, thereby allowing for a standardization of architecture throughout your environment + Simplify the integration between SecureAuth IdP and the.net form-based authentication supporting the application + Allow for the application to live cross domain from SecureAuth IdP. Use Cases A typical use case for the.net SAML Consumer is Company A s external collaborators or partners need to access Company B s on-premise portal resources securely and directly, thereby avoiding the need for clunky VPN connections. Typical integration points for this are the SecureAuth appliance via SAML and one or more portal applications being utilized by Company A s collaborators. Company A has multiple.net applications that need central authentication, data store collaboration, 2-factor authentication, audit logging, or other IdP functionality. This VAM allows for easy integration points for both the IdP and the service provider application. + All supported SecureAuth IdP versions + IIS7 or IIS8 +.NET 4.5 or later 2 Converting Your Java Apps to SAML-Enabled Apps for SSO Java SAML Consumer The Java SAML Consumer add-on module enables customer-owned and custom-built applications running on a Tomcat server that currently do not support SAML, or another WS-Federated-compliant security token architecture, to be converted quickly and easily to a form that supports SAML certificate

validation. Java SAML Consumer acts as an application broker, enabling and disabling applications at the server level through URL path parameters. This provides customers with SecureAuth s SSO access to applications that do not currently support such access, as well as provide increased security and a better user experience. Java SAML Consumer module endows SecureAuth IdP with the ability to accept authentication from external identity providers seeking to access applications residing on Tomcat servers. Essentially, Java SAML Consumer is a collaboration tool enabling external partners access to internal or DMZ service provider applications. This is particularly useful when non-employees, such as partners, need access to these applications. While there are many ways to integrate with Java web applications, Java SAML Consumer is unique in its ability to activate applications at the server level, avoiding the more typical Spring Security authentication framework or standard API calls. Through Java SAML Consumer s integration at the server level, group information is passed via SAML from the IdP to the Java SAML Consumer an inherently more efficient way of processing authentication data for SecureAuth IdPs. + Provides the ability to standardize on a specific authentication protocol + Allows for standardization of the authentication process from external identity providers to internal applications + Enable applications at the server level, not the application level + Enable customers to deprecate both Spring Security and API authentication integration + Integrate at the valve level, enabling group information to be passed via SAML + Allow for customers to standardize on a single authentication protocol for all applications Version support + All supported SecureAuth IdP versions + Tomcat 7.0 or later + Java 6 or 7 3 Multi-Factor Authentication for ADFS ADFS 2-Factor Module The SecureAuth ADFS 2-Factor module enables current ADFS customers to add strong authentication to their existing ADFS integrations. Many customers have comprehensive ADFS implementations that provide the convenience of SSO access but lack strong security, thereby putting all their applications at risk from a single breach. With this add-on module, over twenty forms of strong authentication can be enabled as well as advanced IP threat analysis. Many customers employ this tool when converting their SSO-available applications (using SSO standards such as SAML and WS-Federation) from the ADFS to SecureAuth IdP platform. ADFS SAML secures their applications before they are migrated to a single SecureAuth platform which greatly simplifies administration. 2017 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Integrating with ADFS using our 2-Factor Authentication (2FA) can be challenging when pure Federation protocols like SAML or WS-Federated are employed. The ADFS 2-Factor module was created to allow for SecureAuth 2-Factor integration, and enable a migration strategy that moves away from ADFS. In many cases, our clients have a large customer base that currently utilizes ADFS; however, they quickly realize that ADFS does not provide the security needed for today s hazardous environment. But while needing to migrate away from ADFS, the client soon learns that they have too many applications to do this all at once. The ADFS 2-Factor Module overcomes this obstacle, by enabling ADFS-dependent applications and data to support SecureAuth 2FA through our API command structure. SecureAuth has created a full 2FA interface directly into ADFS. This gives the customer an easy and straightforward path to moving their applications to SecureAuth federation, while still protecting applications behind ADFS. + Adds 2-factor authentication to ADFS + Makes multiple forms of 2FA available + Can be used as a bridge while migrating federated applications to SecureAuth IdP + Supports SMS, Phone, Email and Push-to-Accept 2FA selections + Support for ADFS direct integration + Supports Push notifications as a 2FA option + SecureAuth 8.2 + ADFS Version 2.x and above 4 Phased Migration from RSA Hard Tokens RSA Hard Token Migration Module The RSA Hard Token Migration module (RSA HTMM) provides a migration path for our customers leading away from RSA security tokens and toward more advanced 2-factor authentication methods. Customers can continue to use their existing RSA tokens when authenticating to SecureAuth IdP, allowing a phased retirement of the legacy hard token technology. This gives SecureAuth IdPs the ability to validate RSA soft and hard tokens by using the RSA RADIUS Validation client. Because the integration utilizes RADIUS, this module can be used with RSA and other legacy hard token products. + Once migrated from RSA, customers enjoy a dramatically lower administration cost, improved user uptime, and greater customer satisfaction + Support for RADIUS validation of RSA soft and hard tokens + Support for any vendor that currently uses a non-secureauth token and supports a RADIUS client validation process + SecureAuth Version 8.1.x + RSA SecureID version 2.2 and later + Virtually any OTP-based hard token product that supports RADIUS client integration

5 SecureAuth Access Gateway SecureAuth Access Gateway : Reverse Access Gateway The frequency of successful cyberattacks against today s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. There is inadequate visibility, control, and protection of user and application traffic transiting high-risk network boundaries, and an outdated assumption that everything on the inside of an organization s network should be trusted. Deploying SecureAuth Access Gateway removes the need to open any ports within the internal firewall, between two network segments, while allowing secured access through the firewall. This makes it a perfect fit to complement and enhance SecureAuth IdP security architecture, further improving and securing it. + SAML, WS-Federation, and other types of federation have become the standard in many environments; however, many environments have not yet switched over to federation. Using this product enables your organization to continue to support legacy authentication like Windows Authentication, Kerberos Authentication, or Header Authentication. This gives your organization the time it needs to standardize on a federation protocol-supporting system, switching these applications over in a calculated manner. + Done without changing existing infrastructure or applications and therefore removes the need to use a front-end perimeter firewall. + SecureAuth Access Gateway allows traffic to pass between the two segments on an outbound firewall rule. : Access Proxy SecureAuth Access Proxy introduces an evolution in the way organizations grant secure external access to their services. It offers true secure access to internal applications and machines. + Offers robust authentication options for both registered (internal, external, and partners) and ad hoc users (AD, SAML, certs, OTP, etc.) + Removes the need to distribute certificates for partners + Performs SSL decryption in a secure zone and removing any SSL keys from the DMZ + Ensures organizations do not deploy any DMZ components which can be hacked and utilized to access the network + Removes the need to open ports in the firewall, thereby preventing port and OS scanning attack vectors + Prevents access to the network while allowing access to a specific application or service + Eliminates the need for agents and extensive customization + SecureAuth Version 8.1.x 2017 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

6 Self-Service Verification of User Contact Information Self-Service Verification Module While the normal self-service post-authentication page allows the user to update their contact information (such as emails and phone numbers), there is no assurance that the user has updated with a valid phone number or email. The Self-Service Verification page enforces validity of the updated information. Once a user changes their email address or phone number, they are directed to verify that change with an OTP code sent to either their email or phone. + Acts as a safeguard to make sure the contact information is always valid + Supports OTP verification of updated account information + SecureAuth 8.2 and 9.0.x 7 HID Proximity Card Use in a Multi-Factor Authentication Work Flow HID Proximity Card Detection and SecureAuth Integration This proximity card detection and provisioning system offers an integration solution that enables the SecureAuth appliance to use an HID proximity card as part of the SecureAuth authentication flow. The card in this scenario is used as the first-factor authentication with a PIN entry required for the second factor. The process flow follows these steps: 1. A card holder is notified (via email or other method) of a unique link to complete the provision of their proximity card. 2. The user is redirected to a SecureAuth provisioning realm through a card reader. Unique information about the card is transmitted to the SecureAuth realm and the user selects a PIN and saves it to their profile. 3. Once the card provisioning is complete, during the next login attempt, the card information and PIN can be utilized to complete the authentication flow. The user s computer should have a connected proximity card reader that is detected and available at the OS level. A special plug-in is installed on the computer providing an interface to the card by exposing some web service endpoints. This plug-in makes it possible to exchange data between the SecureAuth realm and the reader.

The SecureAuth realm is updated with support for the proximity card integration. The card information and other user information is encrypted using X509 cert. + Enables you to use HID prox cards as a first factor in a multi-factor authentication process + SecureAuth 8.0 8 Single Sign-On for Epic Care Link Epic Care Link The Epic Care Link add-on provides post-authentication SSO for an Epic Care server using a signed XML user claim and a form POST action. No modifications to the SecureAuth core are required thereby streamlining future upgrades. Epic Care Link is a web-based service developed to provide physicians, who refer patients to Epic Care Link facilities, secure access to information about their patients treatment. This link provides registered users with immediate access to electronic medical record information and test results from Epic Care Link facilities. After requesting and receiving an Epic Care Link account with a secure login and password, referring physicians and office personnel can access patient results and medical records at any point during the course of patient care at an Epic Care Link facility, integrating Epic Care Link updates and reports into daily practice activities. This VAM supports Active Directory. + Allow a physician or other selected medical personnel with a secure login and password at any Epic Care Link facility to sign onto the Epic Care Link system using any web-based device + All supported SecureAuth IdP versions 9 Bypass Cost and Maintenance of Email Servers with PostUp.com Postup.com Integration 2017 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

PostUp integration replaces the SecureAuth core product s e-mail provider with Postup.com s SOAP web service. By using Postup.com, organizations can bypass the cost and maintenance of internal e-mail servers, eliminate blacklisting and junk folders, and utilize Postup.com s analytics and work flow. Access to PostUp is also available through a SOAP API exposed through the main web interface. SOAP is a simple, portable way to make remote procedure calls over HTTP. Clients may use SOAP with many programming languages including Perl, Java, Python, C, C++, and PHP. All SOAP APIs for PostUp are made available by connecting to: https://api.postup.com/services/soaprequestprocessor The Web Language (WSDL) file for the PostUp SOAP API is made available by connecting to: https://api.postup.com/services/soaprequestprocessor?wsdl The WSDL document describes the operations and the complex data types used as input or output parameters for retrieving information via SOAP calls. + Organizations can bypass the cost and maintenance of internal e-mail servers + Eliminate blacklisting and junk folders + Utilize Postup.com s analytics and work flow + Supports individual templates per SecureAuth realm that can be customized without SecureAuth involvement + Supports unlimited template tokens using replacement values at runtime + SecureAuth 8.1.1 10 WebSphere-to-SAML Integration WebSphere/SAML Integration This VAM is used to integrate the IBM WebSphere Application Server with SAML Consumer using the SecureAuth WebSphere Interceptor. + Enables IBM WebSphere Application Server to protect its applications from unauthorized users by authenticating all potential users through SecureAuth IdP + Supplies SAML certificate validation for all applications overseen by WebSphere Application Server SecureAuth 8.1.1 and 9.0.x

11 CAS Installer SecureAuth CAS Installer SecureAuth Central Authentication Service (CAS) Installer provides robust two-factor authentication for CAS clients. After successful primary authentication through the CAS Server, users must successfully complete a secondary authentication through SecureAuth IdP. + Enables seamless integration between CAS authentication and SecureAuth 2FA, greatly enhancing security at the CAS entry point + Increases the security of the CAS SSO procedure SecureAuth 8.1.1 and 9.0.x 12 Epic EPCS Integration Epic EPCS Integration SecureAuth s Epic EPCS Value-Added Module (VAM) enables seamless integration between SecureAuth IdP s multi-factor authentication (MFA) and Epic s Hyperspace platform for the E-Prescribing of Controlled Substances (EPCS) system. Using this integrated package, qualified physicians can write prescriptions quickly and securely while meeting DEA requirements for e-prescribing. SecureAuth s flexible authentication framework allows providers to deploy DEA compliant 2-factor authentication in ways that are not intrusive on physicians; and in many cases SecureAuth can actually optimize workflows by reducing clicks. Its aim is to provide the quickest way to ensure that the accessing physician is the one authorized to approve the prescription, per DEA standards. + Seamless integration into preexisting Epic e-prescribing workflows + Multiple authentication methods that not only meet DEA regulation but make 2-factor authentication easy for physicians such as push-to-accept, fingerprint, and other DEA-compliant methods + Flexible authentication platform that allows providers to select the 2FA method which best conforms to workflow requirements for e-prescribing SecureAuth 8.1.1 and 9.0.x 2017 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

13 SQL User Manager SQL User Manager The SQL User Manager is an add-on web application for IIS that enables management of user profiles when SQL Server is used as the data store. In place of using SQL Server Management Studio to query for more than one user at a time, the SQL User Manager presents a list of user accounts, along with an enhanced search capability. The list of user accounts displays the user name, first and last name, e-mail address, and account status. New user accounts can be created, individual users can be selected, and their profile edited for general profile information, including group membership. New groups can be added and deleted. This VAM also supports an audit log in the SQL database that tracks what user account performed a task and what the task was. + Provides access to SQL Server databases for users of IdP + Increases the range and flexibility available for user profile management + Audits the database for user account information SecureAuth 9.0.x 14 SecureAuth Health Analyzer SecureAuth Health Analyzer The SecureAuth Health Analyzer tests SecureAuth Realms to gather the following information and generate an HTML report based on the results. The elements tested include: + Average health and security score of all realms combined + Number of Identity Manager (IdM) Realms + Number of SSO Realms + Number of Network Realms + Machine Name & Host Name + Whether the machine is joined to a domain + Whether the server has an enabled firewall + IPv4 and Ipv6 address

+ Condition or Presence of the cluster Server This is followed by a list of all realms with a hyperlink to drill down into specifics for each realm. Each link is summarized with the title, authentication mode, purpose, and audit score. This testing applies to the IdM, SSO, and Network Realm. + Provides a thorough vetting of the IdM, SSO, and network realm + Enables managers and installers to establish the health and current configuration of the SecureAuth deployment + Audits the results and provides an HTML report SecureAuth 9.0.x Contact Information: For information on purchasing any of these products, contact your SecureAuth sales representative: Email: inside-sales@secureauth.com Phone: +1.949.777.6959 Website: https://www.secureauth.com/contact-us.aspx 2017 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback