SecureAuth IEP
SAML Services

SecureAuth’s SAML Services Bridge the Identity Gap Between the Enterprise and the Cloud

Today’s IT security professionals spend too much time dealing with one task: managing user identities. As more and more mission-critical applications migrate beyond the firewall and as SaaS, Web Services and cloud-based applications continue to rise, organizations are learning the hard way that their access and identity enforcement processes aren’t ready for Web 2.0. To minimize the impact on users, many organizations are trying to extend their legacy single sign-on (SSO) to the cloud, but these approaches can’t bring together on-premise applications with those beyond the firewall. To prevent the proliferation of non-interoperable proprietary technologies, standards bodies have stepped in to propose underlying SSO and identity federation standards.

The SAML (Security Assertion Markup Language) has emerged as the go-to SSO protocol for B2B applications. SAML is deployed in tens of thousands of Internet SSO connections, and thousands of large enterprises, government agencies and service providers have selected it as their standard protocol for communicating identities across the Internet. SAML is an XML-based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.

What isn’t clear to many is that SAML doesn't actually perform the authentication; it transports the authentication information and relies on different types of authentication authorities such as LDAP, Active Directory, and Radius. This enables different identification methods such as password, biometric, Public Key Infrastructure (PKI), Secure Socket Layer (SSL), Kerberos, to be used based on the security requirements of an organization. Once authentication is performed, the SAML transports the assertion information that the user is authenticated to the application.

Finding a unified authentication and Identity Enforcement Platform (IEP) is the obvious goal. Unfortunately, many current approaches fall short, forcing you to migrate or synch identity databases to the cloud, outsource identity management to third parties, and/or abandon existing infrastructure investments.

Leveraging SAML SSO to Deliver Secure, Simple Access to Every Web and Cloud-based Application

SecureAuth is an Identity Enforcement Platform (IEP) that secures and simplifies access to every cloud, VPN, and web application with integrated Authentication, SSO, Access and User Management Services. Leveraging SAML, SecureAuth IEP paves the way for Web 2.0 including cloud computing, SaaS, Web services, and remote and mobile access. SecureAuth’s best-in-class solution offers seamless integration with existing identity data stores, including Active Directory, to protect both internal and external assets with two-factor authentication, phishing protection, out-of-band enrollment, SSO, group policy enforcement, access control and more.

SecureAuth’s hybrid architecture supports SAML to make any cloud-based application an extremely secure extension of your enterprise without compromising the security of your user identities and access controls! Simply install SecureAuth and your SaaS applications can be immediately integrated into a transparent SSO user experience. A user attempts to login to any SaaS application and a SAML authentication request is automatically redirected to SecureAuth. SecureAuth parses the request, authenticates the user to an organization’s directory (Activity Directory), and generates a SAML response to the application for verification. Once verified, the user is automatically logged in to the application.

SecureAuth doesn’t require APIs or application modifications. With SecureAuth SSO, an administrator determines the level of authentication and only one set of authentication credentials is needed to create a single login experience for all cloud applications. Furthermore, users don’t have to remember separate passwords and administrators aren’t flooded with calls to reset forgotten passwords. Plus, the same credentials support web, desktop and VPN resources. And your authentication credentials are securely stored on-premise in Microsoft Active Directory or other industry leading directories. Bottom line, SecureAuth delivers easily configured SAML options that eliminate the expense and expertise needed to integrate a SAML solution into your directory.

SecureAuth Highlights SAML SSO

• Easily enables SAML SSO from the desktop to the cloud in a single solution.
• Automatically authenticates the user and converts the local identity into a SAML assertion, communicating that assertion to the service provider or directly to the application.
• Supports configurable authentication options including two-factor authentication (Certificate, SMS, Telephony, Username/Password) map the right level of authentication based on user group, applications accessed, and security policies.
• Protects existing infrastructure investment by leveraging native data stores (Active Directory, LDAP, SQL, etc.).
  
  
  • Hybrid architecture enables secure, simple access from the desktop to the cloud while access controls are securely stored on-premise in Active Directory, etc.
  • Eliminates the need to migrate user identities to the cloud and the security risks inherent with having multiple identity stores or synching various identity databases.
  • The identity used for authentication is the same that is utilized by the application for processing, permissions and role management.
  • Automatically provisions new users from a local Active Directory or other enterprise data store.
• No APIs or modifications to applications ensure rapid deployment within days, not weeks, or months.
• User friendly self-registration and automated certificate distribution reduces administrative overhead and help desk calls
• Strong authentication and audit reporting support compliance requirements including FFIEC, NCUA, PCI DSS, and Sarbanes-Oxley.
• Natively supports Microsoft Forms-Based Authentication (FBA), OWA, ASP.NET, SharePoint, MOSS, Microsoft Dynamics, IBM Websphere LTPA, WebSphere portal server and applications, IBM TAMeb EAI, Tivoli Access Manager, OpenID, and SAML.
• Only purchase one product to secure and simplify access to all cloud, web and VPN resources.

SecureAuth SAML SSO for on-premise web and cloud-based applications is one of many functions of the SecureAuth Identity Enforcement Platform which provides Identity Enforcement plus SSO, access and user management services in a single solution.