Mobilize your workforce with secure identity services
Upcoming SlideShare
Loading in...5
×
 

Mobilize your workforce with secure identity services

on

  • 387 views

Active Directory-Based Authentication for Mobile Apps ...

Active Directory-Based Authentication for Mobile Apps
Centrify partner program provides mobile application developers with a free, easy-to-deploy solution for integrating their apps with Active Directory and delivering 'Zero Sign-On' to enterprise users


Centrify Mobile Authentication Services (MAS) and Software Developer Kit (SDK) delivers the first cloud-based solution that enables Active Directory-based authentication for mobile applications. With a simple, high-level API, developers can easily add Centrify's unique "zero sign-on" authentication and authorization services to their multi-tier applications, from the mobile device seamlessly through to their existing back-end infrastructure. Centrify's Mobile Authentication Service adds a critical capability not available in existing Mobile Device Management offerings, yet it is compatible with any existing MDM solution, including Centrify's mobile security management solution, to enable a comprehensive mobile security solution.

http://www.centrify.com/mobile/mobile-authentication-services.asp

Statistics

Views

Total Views
387
Views on SlideShare
356
Embed Views
31

Actions

Likes
2
Downloads
10
Comments
0

1 Embed 31

https://twitter.com 31

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Mobilize your workforce with secure identity services Mobilize your workforce with secure identity services Presentation Transcript

  • Secure Identity Services for Cloud and Mobile apps © 2004-2012. Centrify Corporation. All Rights Reserved.
  • Authentication Nirvana • One password for Enterprise Users • Protection by AD inside Firewall • Mobile app gets SSO • App Dev only needs to ask the platform for authentication and security token for backend • IT controls app authentication and authorization Mobile App Mobile Auth Step 4 Token based Authentication SDK MDM Hosted Application Mobile OS Step 2 One time user authentication & device registration Step 3 Token Generation Step 1 Web Application Registration IDP as a Service Firewall Cloud Proxy Server ID • …….All with 3 simple API calls | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 2
  • Challenges for IT admins & App Developers | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 3
  • Evolution of Enterprise 15 Years Ago Current Environment Enterprise IT Systems Just core processes All the business processes Application Users A few transaction experts Most employees Access Device Desktop PC Desktop, Laptop, Tablet or Smartphone Access Location Your desk Anywhere Application usage modality Specific data entry and access On demand, ongoing, mostly for access to information Security risk Limited – access by specific individuals, from known locations for predictable purposes Much Larger – potentially from any device, located anywhere | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 4
  • Bring Your Own (BYO) | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 5
  • Bring Your Own Apps (BYOA) | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 6
  • Bring Your Own: Laptop, Smartphone, Tablet • Organizations are increasingly allowing employees to bring their own devices EDA: 3/4 of All Organizations Condone BYOD 85% 78% 75% 100-500 All 67% 66% • Enterprise Device Alliance (EDA) polled 277 organizations representing ~1.5M users 10000+ 2-10,000 500-2,000 Responding Organizations by Number of Employees | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 7
  • Bring Your Own: Conquering Enterprise | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 8
  • Bring Your Own Presents New Challenges • Consumer oriented features present security challenges for the Enterprise • “Day 1” effect for new products • End User is the “admin” | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 9
  • Multiple identities + Password Sprawl Create risk • Multiple logins for users • Multiple identity infrastructures for IT to manage ID ID ID ID Smartphones and Tablets ID ID ID ID Inhouse ID and 100’s Apps ID more…. Laptops | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 10
  • Regulatory compliance overhead • Security Policies are designed to protect: Federal Information Security Management Act NIST Special Publication 800-53 • The Rules are well defined for IT: Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. Basel II. FFIEC Information Security Booklet Sarbanes-Oxley Act Section 404 11
  • What IT cares about 1. Enable employee productivity • They can access data they need for work, anywhere at anytime • IT and security don’t get in the way 2. Ensure compliance requirements are addressed • IT can enforce requires security policies on business data • IT is able to maintain access controls over business applications 3. Efficient management • Security officers can easily describe the security policies to be enforced • Helpdesk can easily take on the responsibilities of managing | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 12
  • Solution: Federated Identity | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 13
  • Federated Identity Where users have one login ID and password And IT has one Federated Identity Infrastructure to manage Smartphones and Tablets End Users ID Laptops | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 14
  • Strengthen Security with Federated Identity • Federated Identity ensures that users only need to use their AD userid/password ID • Only one password to remember Federation Trust • Password is protected by the Enterprise in AD • AD-based federation provides several advantages for IT IDP as a Service • Leverages existing account and password policies – simplifying management Firewall • Ensures that IT controls access eliminating risk of orphaned accounts | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. Cloud Proxy Server ID 15
  • Extend Identity Services to Mobile Platforms Mobilize app and service access • Enable mobile access to Enterprise services and applications • Design mobile interfaces to seamlessly integrate with the Enterprise services Containerization to separate work from personal • Protect work applications and data from data leakage • Provide the laptop experience on mobile, unlock and access all business apps Centralize mobile and application administration • Enabling IT to manage security policies for Mobile, Workstations and Servers • Unifying app management into one interface for Mobile, Web and SaaS Apps • Leveraging automated lifecycle management through AD | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 16
  • Federated Auth for Mobile is too hard | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 17
  • Federated Auth for Mobile is too hard 1) App launches 2) Displays a login screen and additional link for ”Are you a Single Sign-On user?" 3) User clicks on it and is presented form for entering email address 4) App then connects to backend, redirects to Enterprise IDP and opens browser to present the IDP login screen 5) IDP displays the login screen asking for userid and password 6) IDP authenticates and generate token, provides the token back 7) App will receive the token and closes the browser window, then provide access to the service. | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 18
  • Centrify Simplifies Mobile Federated Auth Mobile App Mobile Auth MDM Step 4 Token based Authentication Hosted Application SDK Mobile OS • Step 2 One time user authentication & device registration Step 3 Token Generation • Step 1 Web Application Registration IDP as a Service • Firewall Cloud Proxy Server | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. ID 19
  • Centrify SDK: Auth, Authorization & SSO • Example Sales app integrated into Federated Auth via Mobile Auth Service SDK • App launch calls EnterpriseAuthentication.getUserInformation() • onClick “Profile” calls EnterpriseAuthentication.userLookup() • onClick “Sales Records” calls EnterpriseAuthentication.getSecurityToken(target) | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 20
  • What to avoid! “False assumption of security is worse than no security” • Caching of username & password inside mobile app • Take on burden of managing User identities • Proprietary authentication implementations • PIN code across group of Apps and assume SSO | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 21
  • Solution: Container | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 22
  • Containers for a Secured Enterprise Environment • Containers enable IT to create and control an Enterprise Environment, vs. managing the entire device, eg. Passcode auto-lock on the container not the device • Enterprise IT controls all apps and data within the container ensuring no data leak • Data can be shared between mobile apps within the container without leaving the Enterprise Environment • SSO is provided for all apps in container - enabling the laptop experience on a mobile device | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 23
  • Using Containerization for Dual Persona • Dual persona enables usage of the same app with different personalities Mail: david@mcneely.com Gmail: dfmcneely@gmail.com Dropbox: david@mcneely.com | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. Office 365: david.mcneely@centrify.com Box: david.mcneely@centrify.com 24
  • Samsung KNOX: Security From The Ground Up • HW level and OS level Security • Android F/W and Application level Security | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 25
  • Enterprise SSO Service for Samsung KNOX • Multi-application SSO is built into the Knox Container Mobile App 1 Mobile Personal Mobile App 2 Mobile Auth SDK Auth SDK App KNOX Container Enterprise SSO Samsung SE Android • The container provides Enterprise Step 2 One time user authentication & Container registration SSO as a Service Step 4 Token based Authentication Web Application Step 3 Token Generation Step 1 Web Application Registration IDP as a Service Firewall Cloud Proxy Server | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. ID 26
  • App SSO Transaction Flow Centrify Cloud Service Application Identity Provider SAML script Step 3 Authenticate and Authorize user Step 4 IDP generates and returns encrypted SAML response token Step 2 Authentication API Query Step 5 SSO passes the SAML token to Mobile App | Identify. Unify. Centrify. Step 7 SP verifies SAML token and allows access Mobile Device Centrify Mobile API SSO Service © 2004-2012. Centrify Corporation. All Rights Reserved. Step 6 SAML token sent to ACS URL Service Provider (Box, DropBox ) Mobile Application Step 1 User launches the application 27
  • Secure Identity Services for a Mobilized Workforce Federated Identity Service centralizes application authorization under IT control Mobilized application access and ZSO enables employee productivity Containerization enables security to addresses compliance requirements Integrated administration enables IT to efficiently manage mobility | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 28
  • Today  Nirvana  Now | Identify. Unify. Centrify. © 2004-2012. Centrify Corporation. All Rights Reserved. 29
  • Sumana Annam sumana.annam@centrify.com http://www.centrify.com/mas Thank You © 2004-2012. Centrify Corporation. All Rights Reserved.