Learn how to add two-factor authentication to secure remote access for employees, staff, partners, and customers that need to access PeopleSoft at your organization.
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
1. Grey Heller, Proprietary and Confidential
Presenters
Larry Grey
President, GreyHeller
Brian Kelly
Principal Product Marketing Manager
GreyHeller + Duo Security
2. Grey Heller, Proprietary and Confidential
Agenda
n GreyHeller & Duo Security Overview
n Today’s Security Challenges
n Solving with Two-Factor Authentication
n ERP Firewall and Duo Integration
n Implementation and Administration
3. Grey Heller, Proprietary and Confidential
GreyHeller
§ Nearly 200 years of PeopleSoft engineering
experience
§ ~100 customers
§ Oracle PeopleSoft Customer Advisory Board
§ PeopleSoft beta test partner: PeopleTools 8.54
12. Grey Heller, Proprietary and Confidential
Today’s Security Challenges
n Phishing and targeted spear phishing
n Access anywhere anytime
n Complex support environments
n Security policy enforcement
n Non-technical users that receive little training
13. Grey Heller, Proprietary and Confidential
Two Factor Use Cases
n Protecting Self Service use
n Protection by location
n Super User / Admin protection
¨ Functional and technical privileged users
n Sharing credentials, policy violations
n Protects untrained users
15. Grey Heller, Proprietary and Confidential
Solving with Two Factor Authentication
n Where should the challenge occur?
¨ Log in
¨ Only when accessing Sensitive Transactions
¨ Unlocking Masked Data
n One Size does not fit All
¨ Self Service versus Admin Use
¨ Privileged versus General Users
¨ Trusted versus Untrusted Locations
¨ HR versus CS versus FS
18. Grey Heller, Proprietary and Confidential
Integration
n ERP Firewall
¨ Provides the mechanism to enforce a Duo Challenge
¨ Allows mixing and matching of enforcement rules
n Duo Security
¨ Generates a second factor challenge to the user and
evaluates the result
¨ Supports multiple channels for challenging users
19. Grey Heller, Proprietary and Confidential
ERP Firewall
n Delivers the ability to:
¨ Control access based on location, user, role, content,
state, or any header and data attribute
¨ Flexible and configurable logging
¨ Implement 2nd factor challenges for content you wish
to secure more strongly
¨ Display your own system messages to your users
¨ Restrict access when system is under maintenance
20. Grey Heller, Proprietary and Confidential
Access Control Made Easy
Restrict access when
Down for Admin
Display System
Message
Allow access to Self
Service Pages
Challenge External
access to vendor pages
Block all other external
internet access
Log Access by at Risk
employees
21. Grey Heller, Proprietary and Confidential
ERP Firewall Flow
PeopleSoft
App Server
PeopleSoft
Application
Database
PeopleSoftApplication
Permissions
Display
Page
Business
Logic
PeopleSoft
Web Server
PeopleSoft
Servlet
Response
Request
Load
Configuration
Config
Cache
Evaluate
Data Rule
Activity
Log
Log
Block
GreyHellerERPFirewallPlug-in
AllowAllow
Redirect
22. Grey Heller, Proprietary and Confidential
Powerful Logging
n Gathers a complete picture of access
¨ Userid / IP Address / Result / Browser / Date / Time
¨ Login Page / Portal Content / PeopleSoft Page / iScript
¨ EMPLID / Search Criteria / Actions taken
n Allows creation of targeted logs
¨ Failed login activity
¨ Activity for specific content
¨ Activity for types of users
¨ 2-factor activity
23.
24.
25. Duo Security – Two-Factor Authentication Made Easy
☁
-. ,
!Easy to Manage Easy To Deploy
Easy to Use
✓
26.
27. Easy To Use – Your Phone Is Your Key
‣ One-tap to authenticate
‣ Reduce 2FA interruptions
‣ Help users help themselves
‣ Support every phone (and token)
28.
29. Easy To Manage – For Help Desk, IT, and Security Staff
‣ Flexible user enrollment
‣ Support end users quickly
‣ Customize security policy, by group
‣ Get real-time authentication information
‣ Fully extensible with Admin API
30. Grey Heller, Proprietary and Confidential
Configuration
n When the user is challenged
n What types of users should be challenged
n Portal rules
n Field masking
n Location rules
n Event logging
n Duo server rules
31. Grey Heller, Proprietary and Confidential
Configuration
n Provisioning users in Duo
ü Self-Enrollment
ü Active Directory Sync
ü Bulk Import
ü Manual
ü API
32. Grey Heller, Proprietary and Confidential
Lifecycle Management
n PeopleSoft General Maintenance
¨ Application Upgrades and Bundles
¨ PeopleTools Upgrades and Patches
¨ Customizations
n ERP Firewall
¨ Rules Engine means existing configuration is resilient to
upgrades
¨ Understands differences between PeopleSoft releases
n Duo
¨ ERP Firewall isolates Duo from PeopleSoft impact
33. Grey Heller, Proprietary and Confidential
Duo Implementation Methodology
Functional Steps
n 2 Factor Challenge
¨ Identify Pages
¨ Configure Firewall based on
content
n Functional Testing
¨ Initial Testing using temporary 2
Factor infrastructure
n Logging
¨ Determine log conditions
¨ Determine log content
Infrastructure Steps
n PeopleSoft/Duo Environments
¨ Development / Test / Production
n Product Installation
n 2 Factor Infrastructure
¨ Configure DUO Server/ERP
Firewall Integration
¨ Define Duo User Provisioning
Rules
n Move to Production
34. Grey Heller, Proprietary and Confidential
Thank you
For more information on
GreyHeller or to schedule a
private demonstration,
please email:
Kelly Jones
Vice-President, Marketing
kelly.jones@greyheller.com