0
• Why SSO?
• A Challenge for the Enterprise
• Deployment models
• Hybrid IAM
• Q & A
Optimizing IAM with Single Sign-On fr...
Moderator
Shanley Stern, Sr. Director
Marketing, Mycroft Inc.
Presenter
Lester Rivera, Sr. Business Solutions Architect,
M...
Why Single Sign-On?
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc...
SSO – SIMPLY STATED
Copyright ©2013 CA. All rights reserved
Mobile
employee
or
Customer
Partner
User
Internal
Employee
Ent...
A Challenge for the Enterprise
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 ...
WHAT TO LOOK FOR IN SSO PRODUCTS –
CLIENT SIDE
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
Suppor...
WHAT TO LOOK FOR IN SSO PRODUCTS –
RESOURCE SIDE
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
Apps...
WHAT TO LOOK FOR IN SSO PRODUCTS –
FROM CLIENT TO RESOURCE
Copyright ©2013 CA. All rights reserved
Administrator
Resources...
WHAT TO LOOK FOR IN SSO PRODUCTS –
ADMINISTRATION
Copyright ©2013 CA. All rights reserved
User Administrator
Resources
• M...
SSO also requires:
DON’T FORGET THESE OTHER KEY REQUIREMENTS
Copyright ©2013 CA. All rights reserved
User Administrator
Re...
WHAT’S AVAILABLE IN THE MARKET
Thick Client
SSO
Web/Html
Client SSO
TIME
Web/Html
Client SSO via
Federation
Web/SOAP
Clien...
Deployment Models
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc. ...
CHOOSE YOUR DEPLOYMENT MODEL
Copyright ©2013 Mycroft Inc. All rights reserved
On-Demand
• Deployed in third-
party datacen...
CHOOSE YOUR DEPLOYMENT MODEL
Copyright ©2013 Mycroft Inc. All rights reserved
On-Demand
Important to me:
• Tactical soluti...
HOW DO THEY COMPARE?
Not only about CAPEX vs. OPEX
• About optimizing 3 Es
• Effectiveness
• Economy
• Efficiency
On-Premi...
THINGS TO CONSIDER
SSO…is even MORE important
• Federate, Federate, Federate, Federate, Federate, Federate, Federate, F.E....
Hybrid IAM
WHY SSO?
A CHALLENGE FOR THE ENTERPRISE
DEPLOYMENT MODELS
HYBRID IAM
Q & A
Copyright ©2013 Mycroft Inc. All rig...
HYBRID IAM
Copyright ©2013 Mycroft Inc. All rights reserved
On-Premise
Enterprise Apps
Customers
Partners
Federated SSO
Advanced
Authentication
Employees
Privileged
Identity Mgt
Iden...
A single log-on, launch any SaaS application available to you
Copyright ©2013 Mycroft Inc. All rights reserved
MYCROFT XSP...
IN A NUTSHELL
SSO…is critical
• Simple, powerful access to applications a single log on - whether on-premise, in the cloud...
Q & A
Contact Mycroft:
212-983-2656
info@mycroftinc.com
www.mycroftcloud.com
@MycroftXSpectra
Sales Inquiries:
Nicole Koop...
Upcoming SlideShare
Loading in...5
×

Optimizing IAM with Single Sign-On From the Cloud to On-Premise

388

Published on

Single sign-on is no longer an option – it’s critical to ensuring companies have secure access to the vast numbers of applications running internally, on the Web and in the cloud for competitive and strategic advantage. Mycroft and CA Technologies conducted a highly educational webinar that examined the different deployment and expansion options for SSO, including Mycroft’s newest low cost, on demand solution based on CA’s CloudMinder platform, and how these solutions can become extensions to existing on-premise environments, that effectively address today’s authentication challenges.

The first in a series focused on IAM innovation, this interactive webinar was be led by Lester Rivera, Mycroft Sr. Consultant & Product Solutions Manager Technologies’ Herb Mehlhorn, Advisor, Product Management

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
388
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Proactive MonitoringIncident ManagementProblem Management & Problem ReportingProblem Resolution and RoutingChange ManagementRelease ManagementConfiguration ManagementService Level ManagementQuery ManagementService ReportingData Collection Development ManagementRequest Management 
  • Transcript of "Optimizing IAM with Single Sign-On From the Cloud to On-Premise"

    1. 1. • Why SSO? • A Challenge for the Enterprise • Deployment models • Hybrid IAM • Q & A Optimizing IAM with Single Sign-On from the Cloud to On-Premise Copyright ©2013 Mycroft Inc. All rights reserved
    2. 2. Moderator Shanley Stern, Sr. Director Marketing, Mycroft Inc. Presenter Lester Rivera, Sr. Business Solutions Architect, Mycroft Inc. Presenter Herb Mehlhorn, Product Manager, CA Technologies INTRODUCTIONS Copyright ©2013 Mycroft Inc. All rights reserved
    3. 3. Why Single Sign-On? WHY SSO? A CHALLENGE FOR THE ENTERPRISE DEPLOYMENT MODELS HYBRID IAM Q & A Copyright ©2013 Mycroft Inc. All rights reserved
    4. 4. SSO – SIMPLY STATED Copyright ©2013 CA. All rights reserved Mobile employee or Customer Partner User Internal Employee Enterprise or Partner Apps Cloud Apps/Platforms & Web Services SaaS Data Identities App/Resource App/Resource ClientSide
    5. 5. A Challenge for the Enterprise WHY SSO? A CHALLENGE FOR THE ENTERPRISE DEPLOYMENT MODELS HYBRID IAM Q & A Copyright ©2013 Mycroft Inc. All rights reserved
    6. 6. WHAT TO LOOK FOR IN SSO PRODUCTS – CLIENT SIDE Copyright ©2013 CA. All rights reserved User Administrator Resources Supported Devices Supported User Interfaces Browser Mobile Application Terminal Emulator Desktop/ Laptop Tablet Smart Phone
    7. 7. WHAT TO LOOK FOR IN SSO PRODUCTS – RESOURCE SIDE Copyright ©2013 CA. All rights reserved User Administrator Resources Apps/Resources Location of App On Premise Partner Site Partner App Access Path PaaS SiteSaaS App Rest API via Gateway Http over corp. Network Http over Internet Web Services
    8. 8. WHAT TO LOOK FOR IN SSO PRODUCTS – FROM CLIENT TO RESOURCE Copyright ©2013 CA. All rights reserved Administrator Resources Authentication User Experience User Password SmartCard + X.509 ArcotID® OpenID OAuth Single Sign on Personalized Experience Single Logoff Enforcement Context of the authentication Web Agent Proxy Gateway Native to the App
    9. 9. WHAT TO LOOK FOR IN SSO PRODUCTS – ADMINISTRATION Copyright ©2013 CA. All rights reserved User Administrator Resources • Managing SSO • Ability to manage the authentication and access via a UI or programmatic interface • …with efficiency • for all resource types via a single UI • for all access paths via a single UI • for all authentication policies via single UI • ….with confidence • provide ability to flexibly segregate and delegate administration • generating necessary log and audit data for governance and compliance purposes
    10. 10. SSO also requires: DON’T FORGET THESE OTHER KEY REQUIREMENTS Copyright ©2013 CA. All rights reserved User Administrator Resources Identity life cycle management Effective monitoring Efficient delivery if using physical authentication methods
    11. 11. WHAT’S AVAILABLE IN THE MARKET Thick Client SSO Web/Html Client SSO TIME Web/Html Client SSO via Federation Web/SOAP Client SSO via WS-* Web & Mobile native SSO via REST & API • Similarities across each of these developments: - SSO experience for the end user - Needed security characteristics of the solution • Differences - Location of the resource - Access path to the resource Copyright ©2013 CA. All rights reserved
    12. 12. Deployment Models WHY SSO? A CHALLENGE FOR THE ENTERPRISE DEPLOYMENT MODELS HYBRID IAM Q & A Copyright ©2013 Mycroft Inc. All rights reserved
    13. 13. CHOOSE YOUR DEPLOYMENT MODEL Copyright ©2013 Mycroft Inc. All rights reserved On-Demand • Deployed in third- party datacenter • Subscription pricing model, no hardware required • Federated SSO everywhere • No VPN, no Firewall changes • Fully managed On-Premise • Deployed at enterprise datacenter • Allows for customization • Requires professional services, longer deployment times Hosted • Deployed in third- party datacenter (private cloud) • Connected to enterprise thru VPN • Available as Managed Service
    14. 14. CHOOSE YOUR DEPLOYMENT MODEL Copyright ©2013 Mycroft Inc. All rights reserved On-Demand Important to me: • Tactical solution • Very quick to market • OpEX rather than CapEX • Standardized & ooB • Local market • No hardware hassle • Very small TCO On-Premise Important to me: • Strategic solution • Innovation • Individuality • Differentiate also by services • Tend to prefer CapEx • International market • Ownership Hosted Important to me: • Quick time to market • Some individuality • Some innovation • Tend to prefer OpEx • Sense of ownership • TCO • Differentiate from competition by assortment & price
    15. 15. HOW DO THEY COMPARE? Not only about CAPEX vs. OPEX • About optimizing 3 Es • Effectiveness • Economy • Efficiency On-Premise Hosted On Demand Benefits of Hosted Infrastructure Hardware acquisition not required Implementation SMEs readily available Operation 24x7 SOC, no internal management needed Security Top tier Most effective, economical & efficient More effective, economical & efficient Effective, economical & efficient Copyright ©2013 Mycroft Inc. All rights reserved
    16. 16. THINGS TO CONSIDER SSO…is even MORE important • Federate, Federate, Federate, Federate, Federate, Federate, Federate, F.E.D.E.R.A.T.E. • Request for access needs to be simple, powerful, pervasive…not just about user accounts! • SAML, OAuth, OpenID, WS-FED (Office365) Provisioning goes Just-In-Time • More SaaS applications supports it • BUT, no real automated de-provisioning Identity Governance continues to be important • Governance, risk, & compliance (GRC) • Ignores the enterprise “fence”; Data and users are mobile Think APIs…Everything is an API • Keep simple & authorize well • BUT not every API requires user accounts; sometimes you authorize device, source, etc. • AND sometimes the point is really identify the source Security is Policy-based • Security takes place outside of the app • Programmatic vs. declarative Copyright ©2013 Mycroft Inc. All rights reserved
    17. 17. Hybrid IAM WHY SSO? A CHALLENGE FOR THE ENTERPRISE DEPLOYMENT MODELS HYBRID IAM Q & A Copyright ©2013 Mycroft Inc. All rights reserved
    18. 18. HYBRID IAM Copyright ©2013 Mycroft Inc. All rights reserved
    19. 19. On-Premise Enterprise Apps Customers Partners Federated SSO Advanced Authentication Employees Privileged Identity Mgt Identity Governance Identity Management Identity Management Identity Governance Advanced Authentication Access Management Privileged Identity Mgt On-Premise Connector Cloud Platforms SaaS Enterprise Datacenter Copyright ©2013 Mycroft Inc. All rights reserved MYCROFT XSPECTRA ON-DEMAND SERVICE ARCHITECTURE
    20. 20. A single log-on, launch any SaaS application available to you Copyright ©2013 Mycroft Inc. All rights reserved MYCROFT XSPECTRA ON-DEMAND SERVICE
    21. 21. IN A NUTSHELL SSO…is critical • Simple, powerful access to applications a single log on - whether on-premise, in the cloud or hosted • Increased user productivity & overall company efficiency • Essential for security Deployment Models • Your organization has options • Cloud vs on-premise vs on-demand. Examine the pros and cons as it relates to your environment, as well as the overall efficiency, effectiveness & economy of each option Hybrid IAM • It doesn’t matter where your application is – behind the firewall or in the cloud • Scalable – seamless end-user experience between on-premise & cloud-based applications Security is Policy-based • Security takes place outside of the app • Programmatic vs. declarative Copyright ©2013 Mycroft Inc. All rights reserved
    22. 22. Q & A Contact Mycroft: 212-983-2656 info@mycroftinc.com www.mycroftcloud.com @MycroftXSpectra Sales Inquiries: Nicole Koopman 347-244-5481 Nicole.koopman@mycroftinc.com
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×