3. / / / I N T R O D U C T I O N
/ / / F O R R E S T E R
General SaaS Trends
Challenges with Traditional On-premise IAM
Recommendations
How to Measure IDaaS Success
/ / / O N E L O G I N
Mobile
On-premises Provisioning
Cloud Directory
/ / / Q & A
+
A G E N D A
10. Cloud pulls the CISO in many directions
CISO and security
organization
Shadow IT
LOB procures
cloud services.
Cloud offers
significant
benefits (financial
and operational).
Security
struggles to
reduce cloud
security risks.
Data center is
now loosely
coupled.
CISO can’t say
no (all the time).
24. Most mobile apps don’t even support SAML
• Tiny keyboards are incompatible with passwords
• SAML for web + password = #failure
M O B I L E - T H E L A S T M I L E P R O B L E M I N S S O
25. The mobile apps that do support SAML
• Clunky SAML handshake that requires user to authenticate twice
• Sessions not frequently revalidated because of the sign-in complexity
M O B I L E - S A M L I S N O T T H E S O L U T I O N
26. Designed for Mobile
Standards-Based
Superior User Experience
Major driver in NAPPS specification work
Leverage vendor traction to change the game
T H E N E W S T A N D A R D F O R M O B I L E S S O
I N B E T A W I T H C U S T O M E R S & P A R T N E R S
N A P P S
27. W E ’ V E D O N E I T B E F O R E
OneLogin SAML toolkits adopted by 300+ ISVs
600+ SAML apps in our catalog
Driving SCIM for user provisioning
Co-authoring NAPPS standard for mobile SSO
Good standards prevail
SAML-based apps integrated with OneLogin
28. S T A R T B U I L D I N G T O D A Y
Major ISVs & Major Customers
Building NAPPS Apps Today
Free Toolkits Available
DEVELPERS.ONELOGIN.COM
email: napps-info@onelogin.com
29. Sandy, Contractor working at a cafe
MFA Required
Rob, Sales meetings from the HQ
Auto logged-in
M O B I L E T R E N D S - D E V I C E S A R E E V E R Y W H E R E
E N D P O I N T S A R E T H E N E W P E R I M E T E R
Brent, In-person Sales meetings at the HQ
No access to Billing
MFA Required
Brent, Designer working at the HQ
Auto logged-in
Finally can manage the actual risk
of mobile access
IT Admin
30. Private Key Protected
Policy Controlled
NAPPS Enabled
Launch any Web app
Launch any Native App
“Push” based OTP
O N E V E R Y D E V I C E
31. M O B I L E T R E N D S
• Mobile is becoming the primary mode of work
• % of employees that are full time, in office, is plummeting
• OS vendors are doing more of the heavy lifting for security
• Identity is a growing risk / gap
• Solving identity let’s employees do work without risk
32. U S E C A S E
On-Premises Provisioning and Onboarding
33. P R O V I S I O N I N G TO L E G A C Y A P P S
60+ custom fields
PROVISIONING
MAPPINGS
RULES
COMPLIANCE
SAML SSO
CLOUD
APPS
Firewall
PROXY
AGENT
CUSTO
M
PROVISIONING
SCIM
TLS SOCKETPROVISIONING POWER
• Org Hierarchy
• Any Custom Attributes
• Proxy Agents
• Custom Schema
• Scriptlets
• Photos
34. P R O V I S I O N I N G T R E N D S
• On-premise provisioning infrastructure not suitable for cloud
• Increasing desire to “move off” of on-premises pain
• Shift to Workday (SaaS HCM) puts the data in the cloud
anyway
• Shift to ServiceNow (SaaS ITSM) demands service activation
of cloud apps
• IDaaS is the logical conclusion for SaaS
• IDaaS doing on-premises provisioning makes it complete
35. U S E C A S E
Cloud Directory and Directory Consolidation
36. I D A A S A S M E T A D I R E C T O R Y
ACTIVE DIRECTORY
FOREST A
ACTIVE DIRECTORY
FOREST B
OPENLDAPWORKDAY
39. D I R E C T O R Y T R E N D S
Heterogeneity is the norm
Increasingly users are mastered in the cloud
This allows a modern workplace that is compliant
This allows policy enforcement outside the domain