Since its introduction with Windows Server 2008, AD FS 2.0 has been Microsoft’s answer to extending enterprise identity beyond the firewall. However, building an identity management solution with the AD FS toolkit has many hidden costs. While AD FS solves some identity challenges for Microsoft’s product family, as is typical from Microsoft, many more gaps exist when attempting to integrate with cloud or mobile applications from other vendors.
Built as a single sign-on toolkit, AD FS requires a significant investment to deploy into production and still doesn’t deliver a full identity management solution. This webinar will discuss the following AD FS hidden costs as well as free alternatives that help avoid them:
-Building-out missing features
-Setup & configuration
-Hardware & software
-Availability & reliability
-On-going maintenance
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
Simplify management of apps & devices
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
Developing an IAM Roadmap that Fits Your BusinessForgeRock
Presented by Jim McDonald, Engagement Manager, Identropy at ForgeRock Open Identity Stack Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
This presentation talks about Software Defined Vehicles, Automotive Standards including Cyber Security and Safety, Agile Methods like SAFe/Less , Continuous Delivery best practices.
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally. Millions of customers —including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. This session covers the benefits of cloud computing; our shared responsibility model; and AWS services and infrastructure. Uncover how constant innovation at AWS empowers customers to transform their own organizations.
An overview of cloud security
- Quick Context of Security in the cloud
- General Best Practices
- Networking Services
- Security and Identity Services
- Management Tools
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
Simplify management of apps & devices
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
Developing an IAM Roadmap that Fits Your BusinessForgeRock
Presented by Jim McDonald, Engagement Manager, Identropy at ForgeRock Open Identity Stack Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
This presentation talks about Software Defined Vehicles, Automotive Standards including Cyber Security and Safety, Agile Methods like SAFe/Less , Continuous Delivery best practices.
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally. Millions of customers —including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. This session covers the benefits of cloud computing; our shared responsibility model; and AWS services and infrastructure. Uncover how constant innovation at AWS empowers customers to transform their own organizations.
An overview of cloud security
- Quick Context of Security in the cloud
- General Best Practices
- Networking Services
- Security and Identity Services
- Management Tools
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected
The material discusses Quest's "future-ready" approach to IAM in the perspective of covering the EU GDPR compliance. We discuss about the five foundational concepts of the One Identity family of solutions, and our advantage and approach on covering the four IAM pillars.
With regards to the present audience, we also included an overview of the One Identity platform.
The presentation was developed for the RISK 2018 Conference in Lasko, Slovenia
Amazon Connect delivers personalized customer experience for your contact centerAmazon Web Services
Amazon Connect is a self-service, cloud-based contact center service that makes it easy for any business to deliver better customer service at lower cost. Amazon Connect is based on the same contact center technology used by Amazon customer service associates around the world to power millions of customer conversations. The self-service graphical interface in Amazon Connect makes it easy for non-technical users to design contact flows, manage agents, and track performance metrics – no specialized skills required. There are no up-front payments or long-term commitments and no infrastructure to manage with Amazon Connect; customers pay by the minute for Amazon Connect usage plus any associated telephony services.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
Identity and Access Management (IAM) enables more cost-effective and efficient access management, authentication, identity management, and governance across your enterprise.
Read more on How IAM benefits your business and best practices for an effective IAM implementation.
Read more: https://www.veritis.com/solutions/identity-and-access-management-services/
Okta is an enterprise grade identity management service, built from the ground up in the cloud and delivered with an unwavering focus on customer success. With Okta, IT can manage access across any application, person or device. Whether the people are employees, partners or customers or the applications are in the cloud, on-premises or on a mobile device, Okta helps IT become more secure, make people more productive, and maintain compliance.
The Okta service provides directory services, single sign-on, strong authentication, provisioning, workflow, and built in reporting. It runs in the cloud on a secure, reliable, extensively audited platform and integrates deeply with on premises applications, directories, and identity management systems.
Legacy on-premises identity and access management (IAM) solutions can slow your organization’s efficiency by forcing employees to focus on administrative tasks rather than business needs. Your organization can benefit from a tool to streamline IAM on AWS that securely connects users and ensures appropriate access to resources. Okta is an integrated identity and mobility management service. Learn through customer use cases how Okta has helped various organizations connect employees to the cloud by leveraging services such as AWS Identity and Access Management (AWS IAM) and logging services like AWS CloudTrail.
Join us to learn:
• Best practices for overcoming IAM challenges in the cloud, such as accessing multiple applications across multiple domains and securing your mobile workforce
• How to authenticate, manage, and secure your users’ access to the AWS Cloud more easily with Okta on AWS
• How to streamline identity management and the associated administrative tasks
Who should attend: IT Manager, IT Security Manager, Solution Architect, Cloud App Architect, Product Management, Product Manager, Business Development
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected
The material discusses Quest's "future-ready" approach to IAM in the perspective of covering the EU GDPR compliance. We discuss about the five foundational concepts of the One Identity family of solutions, and our advantage and approach on covering the four IAM pillars.
With regards to the present audience, we also included an overview of the One Identity platform.
The presentation was developed for the RISK 2018 Conference in Lasko, Slovenia
Amazon Connect delivers personalized customer experience for your contact centerAmazon Web Services
Amazon Connect is a self-service, cloud-based contact center service that makes it easy for any business to deliver better customer service at lower cost. Amazon Connect is based on the same contact center technology used by Amazon customer service associates around the world to power millions of customer conversations. The self-service graphical interface in Amazon Connect makes it easy for non-technical users to design contact flows, manage agents, and track performance metrics – no specialized skills required. There are no up-front payments or long-term commitments and no infrastructure to manage with Amazon Connect; customers pay by the minute for Amazon Connect usage plus any associated telephony services.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
Identity and Access Management (IAM) enables more cost-effective and efficient access management, authentication, identity management, and governance across your enterprise.
Read more on How IAM benefits your business and best practices for an effective IAM implementation.
Read more: https://www.veritis.com/solutions/identity-and-access-management-services/
Okta is an enterprise grade identity management service, built from the ground up in the cloud and delivered with an unwavering focus on customer success. With Okta, IT can manage access across any application, person or device. Whether the people are employees, partners or customers or the applications are in the cloud, on-premises or on a mobile device, Okta helps IT become more secure, make people more productive, and maintain compliance.
The Okta service provides directory services, single sign-on, strong authentication, provisioning, workflow, and built in reporting. It runs in the cloud on a secure, reliable, extensively audited platform and integrates deeply with on premises applications, directories, and identity management systems.
Legacy on-premises identity and access management (IAM) solutions can slow your organization’s efficiency by forcing employees to focus on administrative tasks rather than business needs. Your organization can benefit from a tool to streamline IAM on AWS that securely connects users and ensures appropriate access to resources. Okta is an integrated identity and mobility management service. Learn through customer use cases how Okta has helped various organizations connect employees to the cloud by leveraging services such as AWS Identity and Access Management (AWS IAM) and logging services like AWS CloudTrail.
Join us to learn:
• Best practices for overcoming IAM challenges in the cloud, such as accessing multiple applications across multiple domains and securing your mobile workforce
• How to authenticate, manage, and secure your users’ access to the AWS Cloud more easily with Okta on AWS
• How to streamline identity management and the associated administrative tasks
Who should attend: IT Manager, IT Security Manager, Solution Architect, Cloud App Architect, Product Management, Product Manager, Business Development
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Okta-Inc
If you run a website, operate a customer or partner portal or your business is running a cloud service, you need a way to manage users and their access to applications. Okta’s enterprise grade, zero downtime identity service can help you innovate faster, decrease IT costs, increase revenue and ensure a seamless user experience.
Okta automates account creation and user registration, enabling single sign-on across your sites. The Okta UI is fully customizable, with built-in tools or by using Okta’s REST APIs.
Configuration is flexible and simple, with support for individual, 3rd party enterprise or social authentication. Okta comes pre-integrated with over 2,000 apps and can easily connect to custom cloud and on-premises applications.
This presentation provides an overview of external identity management and how Okta can provide identity services for your web presence.
Link for more information: http://www.okta.com/problems-we-solve/managing-external-identities.html
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
As organizations move mission critical files and data into Box, security and productivity become increasingly important. How can IT enable users to seamlessly access Box with their existing network credentials or ensure that user accounts are automatically provisioned and deprovisioned as employee roles change?
Historically, Active Directory has been core to application security and productivity. However, Active Directory was built for on-premise networks and does not easily integrate with cloud applications like Box. Okta’s Active Directory integration service bridges this gap, takes only moments to set up, and best of all… is FREE!
This webinar will discuss Okta’s free Directory Integration Edition for Box, and how it can deliver the following benefits:
-Single sign-on with federation or delegated authentication
-Automated provisioning & de-provisioning via Security Groups
-True end-to-end provisioning from HRIS systems like Workday
-Password synchronization
-Multifactor authentication
The value of containers is widely touted, but running them securely at scale and in long lived production environments presents new challenges. Amazon EC2 Container Service (ECS) changes the game by delivering cluster management and scheduling as a service. In this talk we’ll present how Okta uses ECS for parallelized testing in CI and for production microservices in a multi-region, always on cloud service. Learn why we chose ECS and many of the tips and tricks for securing, scaling and managing cost.
One of the biggest challenges in writing code that manages encrypted data is developing a secure model for obtaining keys and rotating them when an administrator leaves. AWS Key Management Service (KMS) changes the equation by offering key management as a service, enabling a number of security improvements over conventional key storage methods. Jon Todd will show how Okta uses the KMS API to secure a multi-region system serving thousands of customers. This talk is oriented toward developers looking to secure their applications and simplify key management.
By automating user onboarding and offboarding processes, you can streamline access control based on role, department, location, title and other attributes, reduce IT involvement, and accelerate time to productivity.
Join Chip Epps and Rob Capozzi from OneLogin for actionable insights to automating cloud application and user provisioning.
- Increase workforce productivity by removing manual user updates
- Enhance security by preventing unauthorized access to enterprise data from former employees
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesOneLogin
On-demand at https://www.onelogin.com/resources/webinars/identity-access-management-trends
In Part 3 of our Leading Trends in IAM webinar series, we’ll introduce you to latest practices to give users instant and secure access to their applications, while improving user experience and reducing risk in day to day operations.
How to increase your understanding of application usage with LeanIX and OneLo...LeanIX GmbH
In the slides from the LeanIX and OneLogin webinar we look at Identity Access Management Systems are mandatory nowadays to increase security while offering Single Sign On (SSO) to easy access different applications across all used devices regardless where the user is located.
Single Sign On (SSO) not only makes your IT security department happy, it saves users 10 minutes every day and makes their work easier. In this live webinar, we show you three ways how OneLogin and LeanIX complement each other to increase user acceptance and your understanding of application usage.
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners"
Speaker:
Russell Tait, Prolifics
Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.
User Creation and Authentication in RemedyforceBMC Software
Learn how to create users in BMC Remedyforce cloud IT service management (ITSM) and how to authenticate users. Together with other settings, the profile determines what tasks users can perform, what data they see, and what they can do with the data for true high-speed IT. Learn more about Remedyforce: http://bmc.com/remedyforce
In this session Tomasso will explain what Web APIs are, why do we need them and how to implement them in Azure with API Apps. He is going to show in several demos how you can create a custom API App, test and deploy it, but also more advanced topics like how to add authentication to an API App.
Office 365 and other SaaS apps offer a number of advantages over premises-based apps, from easy access and deployment to lower costs. A key advantage of SaaS apps is IT's ability to shift the burden for app and infrastructure security to the cloud vendor while data security remains the responsibility of the enterprise. Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and many more.
Bitglass and (ISC)2 presents Episode 2 of our CASB Wars webinar trilogy where we explore the security gaps in Office 365 and how a Cloud Access Security Broker (CASB) can help mitigate the threat of data leakage across all SaaS apps. Using real-world use cases, see where native Office 365 security falls short and how a CASB can protect data end-to-end, from cloud to device.
Introducing the Vulnerability Management Maturity Model - VM3
The information security landscape has evolved significantly during the last 5 years with the emergence and wider use of new technologies such as Cloud, BYOD, Mobile and the Internet of Things. Alongside this landscape, corporate organizations‰Ûª key defense leaders, CIOs, CSOs and CISOs, have evolved in their information security defense strategies, as well as in how they think and approach information security. This different and evolved landscape, combined with defense leaders‰Ûª new mindset, has influenced key information security processes and in particular, has resulted in a greater understanding of the process of Vulnerability Management.
This session presents a Vulnerability Management Maturity Model, referred to as VM3, and which identifies six different levels of vulnerability management maturity within which different organizations operate. Detailed findings and lessons learned from of a recent study on vulnerability management maturity are shared.
The session covers the six high level activities, as well as a surrounding business environment which characterize an organization's execution of the vulnerability management process. Key challenges present within each of the six high level activities of vulnerability management, as well as challenges imposed by the organization's surrounding business environment are identified and described. Attendees will learn and appreciate how these key challenges impede one's ability to achieve higher levels of maturity, as well as strategies on overcoming these identified challenges. Attendees will learn how they may help their organization evolve to higher levels of vulnerability management maturity, with the goal of achieving lower levels of information security risk.
Gordon MacKay, CISSP, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology.
He has presented at many conferences including ISC2 Security Summit, Cyber Texas, BSides Detroit, BSides San Antonio, BSides Austin, BSides DFW, RSA and more, and has been featured by top media outlets such as Fox News, CIO Review, Softpedia and others.
He holds a Bachelor's in Computer Engineering from McGill University and is a Distinguished Ponemon Institute Fellow.
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
Key components of the Enterprise Mobility Suite are Azure AD Premium, Windows Intune and Azure Rights Management.
Learn from Peter De Tender, Microsoft Infrastructure Architect, MCT and MVP not only what the Microsoft Enterprise Mobility Suite is, but also how one can deploy it in an enterprise organization. By attending this session, you will gain the knowledge to optimize the adoption of IT, BYOD and SaaS as the core cloud solution components. Key concepts that will be covered are identity and access management, mobile device management and data protection.
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security.
Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources.
In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
Hybrid cloud architecture creates security, governance, user experience, and performance challenges. In this session, learn to use Citrix Workspace to create a secure digital perimeter, enhancing security policy controls. Provide instant access for users to manage SaaS and virtualized Microsoft apps and unique data loss prevention features with on-premises data centers and AWS. Use Citrix to deploy machine learning (ML)-enhanced, user behavior analytics (UBA) with new security insights. Learn how your network can deeply inspect and optimize traffic, increasing the resiliency, performance, and security of hybrid application stacks. Build and move workloads onto AWS, improve legacy approaches to securing data, and create a world-class user experience. This session is brought to you by AWS partner, Citrix.
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 Data Breach Report)
More than 80% of employees admit using non-approved SaaS apps for work purposes (Stratecast, December 2013)
0.6% global IT spend increase. http://www.gartner.com/newsroom/id/3186517
IT cannot afford to live in the past. Successful businesses of today (and tomorrow) realize the power of mobility to support employee productivity and collaboration. You need to prepare to mitigate the risks of providing freedom and space to your employees. You need to meet compliance and regulatory standards, maintain company security policies and requirements, and detect threats — all the while giving workers a better and more productive experience, so that they’re motivated to follow protocol. You need an enterprise mobility partner that can help you achieve all of this, so that everyone is a winner, and your business stays out of the headlines.
Microsoft’s vision includes management and protection across four key layers: users, device, app, and data – for both your employees, business partners, and customers.
Our strategy is to ensure management across these layers while ensuring your employees, business partners, and customers by providing access to everything they need from everything; protecting corporate data across email and collaboration apps all while integrating these new capabilities with what customers already have like Active Directory and System Center.
How News Corp Secured Their Digital Transformation through Identity and Acces...Amazon Web Services
How much time is your organization putting towards promptly and securely provisioning and deprovisioning employee access to AWS services and applications? Between employees joining, leaving, and managing disparate passwords, managing access to cloud resources can become a substantial time commitment. To mitigate this risk, NewsCorp, a mass media corporation, migrated over 25,000 employees and over 150 systems in 9 months to a secure access solution using Okta.
Learn:
Best practices for securing access to your applications on the cloud such as Single Sign-On, Multi-Factor AuthN, AD/LDAP Integration
How to remove blockers in order to digitally transform your business
How Okta helps you manage access and provide a consolidated view on identity types across your organization
Speakers:
AWS Speaker: David Wright, Solutions Architect
News Corp Speaker:
Nicholas Tan, Chief Architect – Infrastructure, Cloud & Cyber, NewsCorp Australia
Okta Speaker: Madhu Mahadevan, Sr. Manager, Technical Alliances
RapidScale, a managed cloud services provider, delivers world-class, secure, and reliable cloud computing solutions to companies of all sizes across the globe. Its state-of-the-art managed CloudDesktop platform and market-leading cloud solutions are the reasons why RapidScale is the provider of choice for leading MSOs, VARs, MSPs, Carriers and Master Agents throughout the United States. RapidScale is not only delivering a service but also innovating advancored solutions and applications for the cloud computing space. RapidScale’s innovative solutions include CloudServer, CloudDesktop, CloudOffice, CloudMail, CloudRecovery, CloudApps, and more. For more information on RapidScale, visit www.rapidscale.net.
Proven Practices for Office 365 Deployment, Security and ManagementPerficient, Inc.
Learn how the single sign-on and automated account provisioning for Office 365 can stop the cloud password sprawl, close security holes and free up IT time for new projects. This covers topics such as how to drive cloud app adoption, centralize, standardize and automate access, leverage active directory without the expense and risk of replicating it, and to ultimately simply your Office 365 deployment.
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow UpNicole Bray
In this webinar replay you will learn how you can ignite your company’s managed services offering with ServiceControl’s Simplified Hybrid Identity and Account Governance platform. This is the follow-up webinar to our sponsorship of the Microsoft Worldwide Partner conference in July, 2016.
Kaasaegsed ettevõtted muutuvad üha mobiilsemaks, kuna töötajad suudavad üha enam tööd teha kontorisse tulemata. Kuidas sellises uues situatsioonis säilitada kontroll organisatsiooni andmete üle ning tagada kasutajate ja seadmete turvalisus.
Esineja: Tõnis Tikerpäe
3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...Jürgen Ambrosi
I dispositivi mobili stanno proliferando nelle aziende ad un ritmo esponenziale. Con il crescente numero di modelli di dispositivi, piattaforme e versioni di sistemi operativi disponibili, le aziende si trovano a dover affrontare nuove e complesse sfide di gestione dei device mobili e di tutte le problematiche connesse. L'accesso alle risorse aziendali da un dispositivo mobile può comportare una seria minaccia per la sicurezza aziendale.
AirWatch® consente di affrontare con successo le sfide connesse alla mobility, fornendo un modo semplice ed efficiente per controllare e gestire tutti i dispositivi e le applicazioni aziendali.
These customers are front-runners in different industries, but all five were united by a need to rethink IAM. For large organizations with millions of customers, the stakes are simply too high to ignore the demands of the modern IT environment.
We surveyed 1000+ IT, Security, and Engineering decision makers from the world’s largest companies — those with at least $1 billion in revenue — to find out how they’re capturing technological and business opportunities while protecting against risk, and how they see their organizations evolving for the future.
Zero Trust security is a new strategy for keeping enterprise data secure, rooted in the idea that you can no longer rely on the network perimeter to assess trust. Instead, people are the new perimeter, and identity is the core for maintaining a secure environment.
Zero Trust: the idea that all access to corporate resources should be restricted until the user has proven their identity and access permissions, and the device has passed a security profile check. A core concept for Okta.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Agenda
- Trends in IT à How They Affect Identity
- AD FS Overview, Costs, and Shortcomings
- Okta’s Approach to AD Integration
- Q&A
okta confidential 2
3. What We’ll Show Today
okta confidential 3
• Significant server costs
• Setup and configuration efforts
• Ongoing maintenance costs
• No repeatability
• more apps = more costs
AD FS is Not Free
• Limited app support
• No provisioning
• No reporting
• No native mobile apps
AD FS is Not A Complete Solution
10. • Service
• Enterprise Grade
• Integrated
• Future Proof
• Easy to Use
“Cloud
IAM
Has
Superior
ROI”
“Cloud
IAM
is
the
best
op9on;
310%
ROI
over
manual
processes,
90%
reduc9on
of
opera9ons
vs.
on-‐prem
solu9ons.”
“By the end of 2015, IDaaS will account
for 40% of all new IAM sales”
• HW, SW, Infrastructure
• Services Intense
• Connector Treadmill
• Forklift Upgrades
AD
FS
2.0
12. okta confidential 12
Your Network
Firewall
Internet
Active
Directory
User
storeUser
store
On-prem Apps
What to
Use Here?
How to connect these cloud apps
to Active Directory?
15. AD FS – High Level
15
Source: technet.microsoft.com
okta confidential 15
16. AD FS – High Level
Server Farm?
Source: technet.microsoft.com
okta confidential 16
17. Step 1: Deploy Your Federation Server Farm
okta confidential 17
Source: technet.microsoft.com
- Dedicated servers behind
your corporate network
- Double server count for HA
18. Step 2: Deploy Your Federation Server Proxies
okta confidential 18
Source: technet.microsoft.com
- Dedicated proxy servers in
your DMZ (!)
- Double server count for HA
19. How Many Servers are We Talking About?
okta confidential 19
Number of users accessing
the cloud service
Minimum number of servers to deploy
1,000 to 15,000 users
2 dedicated federation servers
+
2 dedicated federation server proxies
15,000 to 60,000 users
Between 3 and 5 dedicated federation servers
+
At least 2 dedicated federation server proxies
Source: technet.microsoft.com
4-7 dedicated servers for one cloud application
Half of these are deployed in your DMZ
20. …we’re not done
okta confidential 20
Source: technet.microsoft.com
Even more servers to run the database that
holds configuration
22. Don’t forget your Certificates
okta confidential 22
Certificate type
Token-signing certificate
Service communication certificate
Token-decryption certificate
Source: technet.microsoft.com
Separate certificates for each server
Must be purchased from a CA
Must be managed and renewed
23. The true costs of AD FS…
okta confidential 23
Year One Year Two Year Three Total
Support &
Maintenance
Setup (Time) +
Hardware Costs
$25k - $50k
for first app
24. Year One Year Two Year Three Total
…are costs that grow over time
okta confidential 24
More apps = more cost
28. AD Integration with Okta – 30 minutes or less
okta confidential 28
Download AD Agent,
Install on Windows Machine
1
Configure Agent:
Directory Location, Credentials
3
Configure
import rules
4
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
https://yourcompany.okta.com
2
• Enter Okta URL and credentials
• HTTPS from company to Okta
• No firewall configuration necessary
39. It’s Not Just About Cost
okta confidential 39
• Significant server costs
• Setup and configuration efforts
• Ongoing maintenance costs
• No repeatability
• more apps = more costs
AD FS is Not Free
• Limited app support
• No provisioning
• No reporting
• No native mobile apps
AD FS is Not A Complete Solution
41. All Your Devices
All Your People
Desktop, Laptops,
Tablets, Smartphones,
Employees, Customers,
Partners, Contractors
Mobile
On Prem
Cloud
On Prem Identity
LDAP
46. All Your Devices
All Your People
Desktop, Laptops,
Tablets, Smartphones,
Employees, Customers,
Partners, Contractors
Mobile
On Prem
Cloud
On Prem Identity
LDAP
47. Mobile
On Prem
Cloud
On Prem Identity
LDAP
All Your Devices
All Your People
Desktop, Laptops,
Tablets, Smartphones,
Employees, Customers,
Partners, Contractors
49. Mobile
On Prem
Cloud
On Prem Identity
LDAP
All Your Devices
All Your People
Desktop, Laptops,
Tablets, Smartphones,
Employees, Customers,
Partners, Contractors
50. Okta Powered Customer & Partners Portals
Manage identities outside your firewall
Customers
Partners
Cloud Apps
On Premise Apps
Porta
l
Username
Password
52. Active Directory Integration with Okta
okta confidential 52
Remote users authenticate with
AD username and password
1 Local users transparently authenticate
using Integrated Windows Authentication
2
Access policies driven
by AD security groups
3
Remote/Mobile
Employees
Active
Directory
Employees
Okta Agent(s)
Group
Sales
Firewall
53. Active Directory Integration with Okta
okta confidential 53
Remote users authenticate with
AD username and password
1 Local users transparently authenticate
using Integrated Windows Authentication
2
Access policies driven
by AD security groups
3
Remote/Mobile
Employees
Active
Directory
Employees
Okta Agent(s)
Group
Sales
Firewall• Simple agent install, no network configuration required
• Multiple agents supported for High Availability
Easy to Use,
Just Works
• Real-time Synchronization with AD (no scheduled imports needed)
• Automatic De-Activation in Okta of Disabled/Deleted Users
• Delegate Authentication for Okta to AD
Broad
Functionality
• Integration into Windows Desktop Login
Tight Windows
Integration
54. Setting Up AD Integration with Okta
okta confidential 54
Download AD Agent,
Install on Windows Machine
1
Configure Agent:
Directory Location, Credentials
3
Configure
import rules
4
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
https://yourcompany.okta.com
2
• Enter Okta URL and credentials
• HTTPS from company to Okta
• No firewall configuration necessary
55. Real Time AD User Synchronization
okta confidential 55
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
(On Windows Server)
https://yourcompany.okta.com
3
Users provisioned, de-provisioned, application
assignments based on security group membership
AD Agent dynamically looks for changes in
AD, makes HTTPS connection to Okta
1 Okta gets real time updates, makes
user and group changes as needed
2
okta confidential 55
56. Delegated Authentication to AD
okta confidential 56
Internet Firewall Your Network
AD Domain
Controller
Okta Agent
(On Windows Server)
https://yourcompany.okta.com
User logs into https://yourcompany.okta.com
using Okta username & AD password
1 Okta communicates to AD Agent via persistent
connection to validate credentials
2
Agent responds with
success or failure
3 Okta returns Cloud App homepage
(success) or failure message
4
Inside/Outside Network
okta confidential 56
57. Desktop SSO
Firewall
2
1
AD Domain
Controller
Get To Cloud Apps with NO Login Page
• User logs on to domain
• Can then access Cloud apps with no additional login
Secure: Uses Integrated Windows
Authentication (Kerberos)
Easy to deploy: Leverages light
weight agent running under IISOkta IWA
Agent
okta confidential 57
58. User Provisioning with Active Directory
New employees
created in Active
Directory
1
Applications provisioned
centrally through Okta
2
Okta login using AD credentials.
Immediate SSO Access to Apps
3
AD Domain
ControllerOkta Agent
Firewall
okta confidential 58
60. All Your Devices
All Your People
Desktop, Laptops,
Tablets, Smartphones,
Employees, Customers,
Partners, Contractors
Mobile
On Prem
Cloud
On Prem Identity
LDAP
61. All Your Devices
All Your People
Desktop, Laptops,
Tablets, Smartphones,
Employees, Customers,
Partners, Contractors
Mobile
On Prem
Cloud
On Prem Identity
LDAP
Increase Productivity
Reduce IT Costs
Strengthen Security
62. 3,300 users | 100 apps
“Cloud IAM is the best option, providing
310% ROI over manual processes”
- Forrester Research, October 2012
> $10M
savings
65. • First true Cloud IAM service
• Full suite of IAM features (SSO, provisioning, analytics)
• Bridges existing user stores (AD / LDAP) to the cloud
• Connects to legacy on-prem IAM software
Modern Identity
Management
Dedicated
Support
• 24 / 7 / 365 Premier Support Team
• SmartStart Professional Services Team
• Training and Education Team
Veteran
Team
“Okta is the gold standard of
companies we’ve worked with.”
“Okta makes our problems their
own and it’s why we can rely on
them to make us successful.”
66. What We Covered
okta confidential 66
• Significant server costs
• Setup and configuration efforts
• Ongoing maintenance costs
• No repeatability
• more apps = more costs
AD FS is Not Free
• Limited app support
• No provisioning
• No reporting
• No native mobile apps
AD FS is Not A Complete Solution
67. AD FS
• 100% Multi-Tenant, Fully Managed
• Always On
• Features and Capacity On Demand
• No changes required to AD infrastructure
Cloud Service,
Built in HA
• You install, configure & manage
• Redundancy for HA = more HW
• Must maintain as apps change
• Control who has access to which app
• Easily map different username formats
• Quickly import, match, rollout
Access Management
• Create & manage custom attributes
• Every app may require changes
• No concept of user import, matching
User Provisioning,
De-Provisioning
• Easily add/remove users and access
• Drive directly from AD, security groups
• Pre-integrated with your applications
• None
Logging & Reporting
• Better visibility into access and usage
• Easy to access from Okta admin UI
• None
Application Integrations
• 1,500+ Pre-integrated apps
• No engineering to configure, maintain
• SSO with any app, not just SAML
• User Mgmt integrations
• You build, maintain every integration
• Only supports SAML, WS-*
• Only single sign-on
okta confidential 67
68. - Download the AD FS whitepaper
- Start a free trial of Okta for unlimited apps
- Use Okta for free for one app
Getting Started with Okta
okta confidential 68
70. ADFS Terminology
okta confidential 70
AD
FS
2.0
term
Defini>on
AD
FS
2.0
configura9on
database
A
database
used
to
store
all
configura9on
data
that
represents
a
single
AD
FS
2.0
instance
or
Federa9on
Service.
This
configura9on
data
can
be
stored
using
the
Windows
Internal
Database
(WID)
feature
included
with
Windows
Server
2008
and
Windows
Server
2008
R2
or
using
a
MicrosoS
SQL
Server
database.
Claim
A
statement
that
one
subject
makes
about
itself
or
another
subject.
For
example,
the
statement
can
be
about
a
name,
email,
group,
privilege,
or
capability.
Claims
have
a
provider
that
issues
them
and
they
are
given
one
or
more
values.
They
are
also
defined
by
a
claim
value
type
and,
possibly,
associated
metadata.
Federa9on
Service
A
logical
instance
of
AD
FS
2.0.
A
Federa9on
Service
can
be
deployed
as
a
standalone
federa9on
server
or
as
a
load-‐balanced
federa9on
server
farm.
You
can
configure
the
name
of
the
Federa9on
Service
using
the
AD
FS
2.0
Management
snap-‐in.
The
DNS
name
of
the
Federa9on
Service
must
be
used
in
the
Subject
name
of
the
Secure
Sockets
Layer
(SSL)
cer9ficate.
Federa9on
server
A
computer
running
Windows
Server
2008
or
Windows
Server
2008
R2
that
has
been
configured
to
act
in
the
federa9on
server
role.
A
federa9on
server
serves
as
part
of
a
Federa9on
Service
that
can
issue,
manage,
and
validate
requests
for
security
tokens
and
iden9ty
management.
Security
tokens
consist
of
a
collec9on
of
claims,
such
as
a
user's
name
or
role.
Source: technet.microsoft.com
71. ADFS Terminology - continued
okta confidential 71
AD
FS
2.0
term
Defini>on
Federa9on
server
farm
Two
or
more
federa9on
servers
in
the
same
network
that
are
configured
to
act
as
one
Federa9on
Service
instance.
Federa9on
server
proxy
A
computer
running
Windows
Server
2008
or
Windows
Server
2008
R2
that
has
been
configured
to
act
as
an
intermediary
proxy
service
between
a
client
on
the
Internet
and
a
Federa9on
Service
that
is
located
behind
a
firewall
on
a
corporate
network.
Relying
party
A
Federa9on
Service
or
applica9on
that
consumes
claims
in
a
par9cular
transac9on.
Relying
party
trust
In
the
AD
FS
2.0
Management
snap-‐in,
a
relying
party
trust
is
a
trust
object
that
is
created
to
maintain
the
rela9onship
with
another
Federa9on
Service,
applica9on,
or
service
(in
this
case
with
Google
Apps
or
Salesforce.com)
that
consumes
claims
from
your
organiza9on’s
Federa9on
Service.
Network
load
balancer
A
dedicated
applica9on
(such
as
Network
Load
Balancing)
or
hardware
device
(such
as
a
mul9layer
switch)
used
to
provide
fault
tolerance,
high
availability,
and
load
balancing
across
mul9ple
nodes.
For
AD
FS
2.0,
the
cluster
DNS
name
that
you
create
using
this
NLB
must
match
the
Federa9on
Service
name
that
you
specified
when
you
deployed
your
first
federa9on
server
in
your
farm.
Source: technet.microsoft.com
72. Summary – ADFS Pros and Cons
okta confidential 72
• Just a Windows Server Role
• Flexible SAML, WS-FED solution
• Tight AD integration
Pros
• Difficult to configure
• Difficult to make production ready
• Limited application coverage
• No re-use (must set up for each app)
• No provisioning
• No reporting
• No policy controls
Cons
73. okta confidential 73
How are accounts
created?
How do users
authenticate?
How does IT manage
these accounts?
How are accounts
de-provisioned?
Solution: Connect AD to the Cloud