The document discusses implementing a federated identity solution for a company to securely provide access to its B2B applications to 100,000 users including employees, business partners, and contractors. It covers the business needs and challenges, concepts of federated identity and single sign-on (SSO), the proposed technical architecture using standards like SAML, and strategies around user provisioning, access management and auditing for partners of different trust levels.
SAP Identity Management helps companies centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. More information: http://scn.sap.com/community/idm.
Identity As A Service Evaluation, Implementation, Realized BenefitsCA Technologies
Learn how to evaluate IAM offerings and the trade-off between the customization level available on-premises, and the speed/cost model benefits of SaaS. See how CA Secure Cloud (formerly CA CloudMinder™) can efficiently enable the business with faster implementation times, improved compliance and a reduction in infrastructure and support costs.
For more information on Security solutions from CA Technologies, please visit: http://bit.ly/10WHYDm
The document discusses Oracle Identity Governance, a unified identity and access governance solution. It addresses challenges of managing access across enterprise, mobile, and cloud applications. The solution provides identity administration, access request management, access risk management, privileged access management, and other features. It uses a modular architecture with components like self-service interfaces, runtime engines, connectors, and common services.
- The document introduces Oracle Identity and Access Management (IAM) solutions including Access Control, Directory Services, Identity Administration, Authentication & Authorization, Single Sign-On, Federation, Web Services Security, Identity Lifecycle Administration, Role & Membership Administration, Provisioning & Reconciliation, Compliance Automation, Virtualization, Synchronization, Storage, Audit & Compliance, and Management.
- It discusses Oracle IAM products that address these solutions and how Oracle has been a leader in industry evaluations. Customer examples are provided that demonstrate cost savings, improved security and compliance, and consolidated identity management.
- The future of Oracle IAM is discussed in terms of expanding the product portfolio, building security into databases and middleware,
Con8902 developing secure mobile applications-finalOracleIDM
This document discusses developing secure mobile applications. It provides an overview of Oracle Access Management which can be used to centrally manage mobile security. Oracle Access Management includes features for mobile security, social single sign-on, cloud access, and support for standards. It also provides client SDKs to help build security into native mobile apps and manages single sign-on. The document outlines a deployment architecture and is followed by a partner presentation and developer demo of Oracle's mobile security solution.
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
The document discusses Oracle Identity Management and provides an overview of its products and vision. It describes how Oracle Identity Management offers a unified approach to access management, governance, directory services, and mobile security to help organizations secure access across the extended enterprise. It highlights key customer use cases and provides a roadmap for further enhancing cloud and mobile identity capabilities and simplifying identity management.
SAP Identity Management helps companies centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. More information: http://scn.sap.com/community/idm.
Identity As A Service Evaluation, Implementation, Realized BenefitsCA Technologies
Learn how to evaluate IAM offerings and the trade-off between the customization level available on-premises, and the speed/cost model benefits of SaaS. See how CA Secure Cloud (formerly CA CloudMinder™) can efficiently enable the business with faster implementation times, improved compliance and a reduction in infrastructure and support costs.
For more information on Security solutions from CA Technologies, please visit: http://bit.ly/10WHYDm
The document discusses Oracle Identity Governance, a unified identity and access governance solution. It addresses challenges of managing access across enterprise, mobile, and cloud applications. The solution provides identity administration, access request management, access risk management, privileged access management, and other features. It uses a modular architecture with components like self-service interfaces, runtime engines, connectors, and common services.
- The document introduces Oracle Identity and Access Management (IAM) solutions including Access Control, Directory Services, Identity Administration, Authentication & Authorization, Single Sign-On, Federation, Web Services Security, Identity Lifecycle Administration, Role & Membership Administration, Provisioning & Reconciliation, Compliance Automation, Virtualization, Synchronization, Storage, Audit & Compliance, and Management.
- It discusses Oracle IAM products that address these solutions and how Oracle has been a leader in industry evaluations. Customer examples are provided that demonstrate cost savings, improved security and compliance, and consolidated identity management.
- The future of Oracle IAM is discussed in terms of expanding the product portfolio, building security into databases and middleware,
Con8902 developing secure mobile applications-finalOracleIDM
This document discusses developing secure mobile applications. It provides an overview of Oracle Access Management which can be used to centrally manage mobile security. Oracle Access Management includes features for mobile security, social single sign-on, cloud access, and support for standards. It also provides client SDKs to help build security into native mobile apps and manages single sign-on. The document outlines a deployment architecture and is followed by a partner presentation and developer demo of Oracle's mobile security solution.
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
The document discusses Oracle Identity Management and provides an overview of its products and vision. It describes how Oracle Identity Management offers a unified approach to access management, governance, directory services, and mobile security to help organizations secure access across the extended enterprise. It highlights key customer use cases and provides a roadmap for further enhancing cloud and mobile identity capabilities and simplifying identity management.
Con9573 managing the oim platform with oracle enterprise manager OracleIDM
The document discusses how Qualcomm implemented Oracle Enterprise Manager 12c to manage its Oracle Identity Management platform. Some key points:
- Qualcomm needed to provide high service levels for identity and access management (IAM) and databases, monitor SLAs, and improve compliance through role-based access.
- It implemented EM12c in a highly available configuration with disaster recovery to manage applications, middleware, IAM, and databases from a single console.
- Through dynamic groups and roles in EM12c, IAM administrators, network operators, and database administrators received restricted views of only their relevant targets while using a shared infrastructure.
- This streamlined operations and improved compliance by allowing different teams to manage incidents
Transcendent provides an asset management and maintenance optimization software for the hospitality industry. The software helps hotel managers do more with fewer resources by automating maintenance tasks, providing data and insights, and ensuring accountability. It offers features like asset tracking, work order management, QR code scanning, reporting, and capital expenditure planning to help hotels reduce costs, prevent breakdowns, and plan for the future. The document discusses how the software provides robust tools and expertise to help hotels manage their assets and maintenance operations more efficiently.
The document provides an overview of Oracle Identity and Access Management (OIDAM) from social, enterprise, and solution perspectives. It discusses Oracle Identity Manager (OIDM) which is about governance, including requesting access, risk assessment, and auditing. It also discusses Oracle Access Manager (OAM) which is about identity controlling by checking for authentication and authorization. The document outlines the overall OIDAM architecture and components and how OIDAM must be integrated as part of an enterprise solution.
Comprehensive Identity and Access Governance for Rapid, Actionable Compliance
The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.
SSO Agility Made Possible - November 2014Andrew Ames
CA SSO (formerly SiteMinder) has served the web access security functions of so many, yet the mobile channel is expanding how organizations think about security and APIs are the fundamental connectivity point.
Acclaim Consulting, CA and National Rural Electric Cooperative Association (NRECA) present a strategy and solution for "future-proofing" security and SSO.
Topics covered:
• Centralizing security policy and auditing across multiple platforms and devices
• Unified security using cookies or tokens for authorization and session management
• Leveraging current investments in IT security assets and extending to mobile apps
• Business Solution Collaboration - Security Architect and Application Developers
Making the Move to SaaS: 10 Key Technical Considerations OpSource
This document discusses 10 key technical considerations for companies making the move to software as a service (SaaS): selecting features, identifying skill gaps, defining the level of "SaaSification", incorporating architecture aspects like multi-tenancy and scalability, including functionality like billing and subscriptions, leveraging commercial components, choosing a technology stack/platform, selecting a hosting provider, preparing for operations, and adopting an agile development process.
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
This document discusses why APIs must be part of a mobile strategy and provides 5 reasons: 1) Firewalls make accessing APIs difficult due to changing clients and back-end systems, 2) Authentication, authorization, and single sign-on are important for mobile access but challenging, 3) Local app single sign-on is desirable without the negatives of a VPN, 4) Mobile OS isolation silos data and prevents sharing credentials, 5) Users need a way to logout if their device is lost or stolen. It then describes a solution of a native single sign-on SDK for mobile developers to address these problems using OAuth, OpenID Connect, and managing users, apps, and devices securely.
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...oow123
The document discusses Oracle's identity management solutions for the cloud. It outlines Oracle's approach of providing cloud ready identity services, managed identity services, and public cloud identity services. Cloud ready identity services allow customers to extend their on-premise identity solutions to the cloud. Managed identity services offer pre-configured and Oracle-managed identity functionality. Public cloud identity services provide a multi-tenant identity as a service offering hosted on Oracle Cloud.
PortalGuard is a software solution that provides five layers of authentication functionality including two-factor authentication. It can enforce two-factor authentication for accessing cloud applications directly, via VPN using RADIUS, or during self-service password resets. PortalGuard delivers one-time passwords (OTPs) for verification via SMS, email, voice call, printer, or transparent tokens. It has configurable OTP settings and supports standard RADIUS authentication for VPN access. Implementation requires server-side software installation on IIS servers and optional client-side software for additional features.
The document introduces a Software Monetization Maturity Model created by Flexera Software to help application producers and device manufacturers overcome business challenges and meet revenue goals. The model defines four levels of maturity - Reactive, Enabled, Automated, and Optimized - across four key business processes: Licensing & Security, Entitlement Management, Delivery & Updates, and In-Product Analytics. The levels describe increasing degrees of process standardization, automation, and optimization that lead to benefits like improved customer experience, access to analytics, and ability to enter new markets. The model is meant to help companies assess their current maturity and plan steps to advance to higher levels.
The document discusses a privileged access management maturity model that organizations can use to assess their PAM program. The model outlines key areas of focus across five levels of maturity, from basic/manual controls to advanced automation. It is intended to help organizations identify strengths and weaknesses so they can prioritize improvements to their PAM practices over time.
Tech Talk: Defense In Depth Privileged Access Management for Hybrid EnterprisesCA Technologies
This document discusses privileged access management and defense-in-depth security strategies. It begins with an overview of recent security breaches and notes that over 80% involved privileged credentials. The presenter then discusses trends seen in 2015-2016, including an increase in the number and scale of breaches as well as adoption of privileged access management (PAM) solutions. Key points covered include the risks posed by privileged users and identities, and how contextual authentication techniques can help mitigate those risks by collecting user risk data and enabling step-up authentication.
CA SiteMinder is a comprehensive web access management solution that addresses key objectives such as authentication, single sign-on, authorization, and auditing. It provides proven scalability, reliability, and advanced capabilities to help organizations securely deliver applications and information over the web. Recent innovations in CA SiteMinder release 12 include an extensible policy store, tools for administering large-scale deployments, and enterprise policy management capabilities.
Secure Enterprise Apps in Seconds Across Managed and Unmanaged Mobile DevicesSAP Solution Extensions
Read about the SAP Mobile App Protection solution by Mocana and learn how companies can move quickly toward mobile computing while maintaining security and device management. App wrapping with the solution allows administrators to meet security needs in deploying either internal or third-party software.
Pre-Con Ed (Lab): CA Identity Suite—Raising the Bar on User Productivity and ...CA Technologies
The document discusses configuring analytics capabilities in the CA Identity Suite. It describes how to enable analytics tracking, define analytics views to gather metrics, and configure the CA Identity Analytics dashboard. The lab portion has steps to set up analytics tracking of Salesforce.com access requests, including metrics on managers approving access and departments requesting access, and showing SLA metrics on completed transactions.
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...CA Technologies
Without security, Digital Transformation cannot be successful. Opening organizational boundaries and providing crucial information to the right people at the right time requires the right controls and a new security model is needed. Identities are at the heart of this transformation. In this presentation, Steve Firestone (GM, CA Security) will show how security is an essential component to the CA strategy for Digital Transformation and how organizations can use the power of Identities to drive their business forward.
For more information, please visit http://cainc.to/Nv2VOe
Applications web hautement évolutives sur AzureMicrosoft
Vous avez besoin de passer la seconde sur Azure et de mettre en place un service capable de résister à une très forte charge, hautement "scalable" et/ou largement distribué ? Nous expliquerons dans cette session les concepts, techniques et bonnes pratiques nécessaires pour cela.
Con9573 managing the oim platform with oracle enterprise manager OracleIDM
The document discusses how Qualcomm implemented Oracle Enterprise Manager 12c to manage its Oracle Identity Management platform. Some key points:
- Qualcomm needed to provide high service levels for identity and access management (IAM) and databases, monitor SLAs, and improve compliance through role-based access.
- It implemented EM12c in a highly available configuration with disaster recovery to manage applications, middleware, IAM, and databases from a single console.
- Through dynamic groups and roles in EM12c, IAM administrators, network operators, and database administrators received restricted views of only their relevant targets while using a shared infrastructure.
- This streamlined operations and improved compliance by allowing different teams to manage incidents
Transcendent provides an asset management and maintenance optimization software for the hospitality industry. The software helps hotel managers do more with fewer resources by automating maintenance tasks, providing data and insights, and ensuring accountability. It offers features like asset tracking, work order management, QR code scanning, reporting, and capital expenditure planning to help hotels reduce costs, prevent breakdowns, and plan for the future. The document discusses how the software provides robust tools and expertise to help hotels manage their assets and maintenance operations more efficiently.
The document provides an overview of Oracle Identity and Access Management (OIDAM) from social, enterprise, and solution perspectives. It discusses Oracle Identity Manager (OIDM) which is about governance, including requesting access, risk assessment, and auditing. It also discusses Oracle Access Manager (OAM) which is about identity controlling by checking for authentication and authorization. The document outlines the overall OIDAM architecture and components and how OIDAM must be integrated as part of an enterprise solution.
Comprehensive Identity and Access Governance for Rapid, Actionable Compliance
The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.
SSO Agility Made Possible - November 2014Andrew Ames
CA SSO (formerly SiteMinder) has served the web access security functions of so many, yet the mobile channel is expanding how organizations think about security and APIs are the fundamental connectivity point.
Acclaim Consulting, CA and National Rural Electric Cooperative Association (NRECA) present a strategy and solution for "future-proofing" security and SSO.
Topics covered:
• Centralizing security policy and auditing across multiple platforms and devices
• Unified security using cookies or tokens for authorization and session management
• Leveraging current investments in IT security assets and extending to mobile apps
• Business Solution Collaboration - Security Architect and Application Developers
Making the Move to SaaS: 10 Key Technical Considerations OpSource
This document discusses 10 key technical considerations for companies making the move to software as a service (SaaS): selecting features, identifying skill gaps, defining the level of "SaaSification", incorporating architecture aspects like multi-tenancy and scalability, including functionality like billing and subscriptions, leveraging commercial components, choosing a technology stack/platform, selecting a hosting provider, preparing for operations, and adopting an agile development process.
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
This document discusses why APIs must be part of a mobile strategy and provides 5 reasons: 1) Firewalls make accessing APIs difficult due to changing clients and back-end systems, 2) Authentication, authorization, and single sign-on are important for mobile access but challenging, 3) Local app single sign-on is desirable without the negatives of a VPN, 4) Mobile OS isolation silos data and prevents sharing credentials, 5) Users need a way to logout if their device is lost or stolen. It then describes a solution of a native single sign-on SDK for mobile developers to address these problems using OAuth, OpenID Connect, and managing users, apps, and devices securely.
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...oow123
The document discusses Oracle's identity management solutions for the cloud. It outlines Oracle's approach of providing cloud ready identity services, managed identity services, and public cloud identity services. Cloud ready identity services allow customers to extend their on-premise identity solutions to the cloud. Managed identity services offer pre-configured and Oracle-managed identity functionality. Public cloud identity services provide a multi-tenant identity as a service offering hosted on Oracle Cloud.
PortalGuard is a software solution that provides five layers of authentication functionality including two-factor authentication. It can enforce two-factor authentication for accessing cloud applications directly, via VPN using RADIUS, or during self-service password resets. PortalGuard delivers one-time passwords (OTPs) for verification via SMS, email, voice call, printer, or transparent tokens. It has configurable OTP settings and supports standard RADIUS authentication for VPN access. Implementation requires server-side software installation on IIS servers and optional client-side software for additional features.
The document introduces a Software Monetization Maturity Model created by Flexera Software to help application producers and device manufacturers overcome business challenges and meet revenue goals. The model defines four levels of maturity - Reactive, Enabled, Automated, and Optimized - across four key business processes: Licensing & Security, Entitlement Management, Delivery & Updates, and In-Product Analytics. The levels describe increasing degrees of process standardization, automation, and optimization that lead to benefits like improved customer experience, access to analytics, and ability to enter new markets. The model is meant to help companies assess their current maturity and plan steps to advance to higher levels.
The document discusses a privileged access management maturity model that organizations can use to assess their PAM program. The model outlines key areas of focus across five levels of maturity, from basic/manual controls to advanced automation. It is intended to help organizations identify strengths and weaknesses so they can prioritize improvements to their PAM practices over time.
Tech Talk: Defense In Depth Privileged Access Management for Hybrid EnterprisesCA Technologies
This document discusses privileged access management and defense-in-depth security strategies. It begins with an overview of recent security breaches and notes that over 80% involved privileged credentials. The presenter then discusses trends seen in 2015-2016, including an increase in the number and scale of breaches as well as adoption of privileged access management (PAM) solutions. Key points covered include the risks posed by privileged users and identities, and how contextual authentication techniques can help mitigate those risks by collecting user risk data and enabling step-up authentication.
CA SiteMinder is a comprehensive web access management solution that addresses key objectives such as authentication, single sign-on, authorization, and auditing. It provides proven scalability, reliability, and advanced capabilities to help organizations securely deliver applications and information over the web. Recent innovations in CA SiteMinder release 12 include an extensible policy store, tools for administering large-scale deployments, and enterprise policy management capabilities.
Secure Enterprise Apps in Seconds Across Managed and Unmanaged Mobile DevicesSAP Solution Extensions
Read about the SAP Mobile App Protection solution by Mocana and learn how companies can move quickly toward mobile computing while maintaining security and device management. App wrapping with the solution allows administrators to meet security needs in deploying either internal or third-party software.
Pre-Con Ed (Lab): CA Identity Suite—Raising the Bar on User Productivity and ...CA Technologies
The document discusses configuring analytics capabilities in the CA Identity Suite. It describes how to enable analytics tracking, define analytics views to gather metrics, and configure the CA Identity Analytics dashboard. The lab portion has steps to set up analytics tracking of Salesforce.com access requests, including metrics on managers approving access and departments requesting access, and showing SLA metrics on completed transactions.
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...CA Technologies
Without security, Digital Transformation cannot be successful. Opening organizational boundaries and providing crucial information to the right people at the right time requires the right controls and a new security model is needed. Identities are at the heart of this transformation. In this presentation, Steve Firestone (GM, CA Security) will show how security is an essential component to the CA strategy for Digital Transformation and how organizations can use the power of Identities to drive their business forward.
For more information, please visit http://cainc.to/Nv2VOe
Applications web hautement évolutives sur AzureMicrosoft
Vous avez besoin de passer la seconde sur Azure et de mettre en place un service capable de résister à une très forte charge, hautement "scalable" et/ou largement distribué ? Nous expliquerons dans cette session les concepts, techniques et bonnes pratiques nécessaires pour cela.
Partage des problématiques récurrentes de sécurité avec une attention particulière sur des attaques potentielles parfois insoupçonnées pour les clients… (fake Smart Card, PassTheHash, Clear Text password, Cheval de Troie..)Retour d’expérience sur les bonnes pratiques de sécurité identifiées et implémentées (forêt d’administration, gestion des mots de passe des comptes locaux, notion de SRP, etc). La session sera agrémentée de démonstrations.
Speakers : Jugoslav STEVIC (Microsoft France), Daniel Pasquier (Microsoft France)
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...Microsoft Technet France
Les recommandations ont changé depuis Windows 2000 avec l’apport de nouvelles fonctionnalités et la nécessité de répondre à de nouvelles contraintes : • Les choix d’architecture en fonction de la stratégie de l’entreprise et de son secteur d’activité • Placement, déploiement et consolidation des Contrôleurs de Domaine, apports du RODC et de Windows Server Core Edition • Virtualisation : les précautions à prendre • Réseau : DNS, IPV6, IPSEC • Monitoring, traçabilité, protection des données et des services sur lesquels l’annuaire s’appuie • Pourquoi et comment il faut vraiment sécuriser votre annuaire Active Directory • Délégation d’administration et sécurisation des comptes privilégiés, les nouvelles approches • Prestations d’audit du Support Microsoft : ADRAP, ADSA, … et plans de remédiation • Solutions d’interopérabilité : forest trusts, ADFS • Nouvelles solutions d’administration (PowerShell, nouvelle console, …) • Importance des process d’administration autour d’Active Directory • Sauvegarde et DRP Cette session sera l'occasion de faire un état des lieux et de passer en revue ces différentes evolutions et leurs impacts
Petit déjeuner Octo - L'infra au service de ses projetsAdrien Blind
Cette présentation revient sur le projet d'automatisation de l'infrastructure informatique de Société Générale, dans un contexte plus large de déploiement des pratiques et outils du continuous delivery et devops.
Aujourd'hui, tout un chacun aspire à travailler de n'importe où, sur n'importe quel appareil, etc. Comment permettre une telle expérience, tout en conservant le contrôle et en répondant aux différentes exigences de conformité à la fois en local et à travers le cloud (hybride) ? Le « provisioning », la gestion des identités, l'authentification, les autorisations et la gestion des rôles sont des services essentiels pour l’entreprise dans ce contexte. Avec la souscription croissante d’abonnements à des applications SaaS (Software-as-a-Service) au sein des différentes entités de l’entreprise, l’utilisation du cloud (hybride) pour des applications cœur de métier, le désir de mieux collaborer en interne « à la » Facebook et/ou d’interagir directement avec les réseaux sociaux, l'identité devient un véritable service où des « ponts » d'identité dans le cloud « parlent » avec les annuaires à demeure et/ou des applications SaaS, où les annuaires eux-mêmes sont déplacés/situés dans le cloud pour répondre aux besoins applicatifs cloud ou mobiles. Joignez-vous à nous dans cette session pour en savoir plus sur notre proposition d'identité hybride qui s'étend d’Active Directory à Azure Active Directory. Cette session illustrera plus particulièrement les scénarios clé d'intégration d'annuaires entre Active Directory et Active Directory Azure, avec nos investissements dans et les nouvelles fonctionnalités d’Azure AD Sync, d’Azure AD Connect et comment nous facilitons aujourd’hui la mise en place d’un pont d’identité en termes de provisioning, de synchronisation montante et descendante pour maintenir au final un « seul et unique annuaire » entre l’environnement local et le cloud. Cette session nous permettra d’aborder les « paramètres Express pour une forêt unique », les scénarios propres aux environnements multi-forêts, la synchronisation de mots de passe, etc. La session MOD308 viendra compléter ce tour d’horizon avec les différents modèles d’identité à considérer dans la contexte Office 365.
BYOD et Télétravail : Comment autoriser ces nouveaux scénarios avec Windows T...Microsoft Décideurs IT
Le Bring Your Own Device (BYOD) définit la possibilité pour des employés d’utiliser leurs périphériques personnels pour accéder à l’entreprise. Le BYOD est tendance mais pose un vrai défi de sécurité et la réponse à tous les scénarios n’est pas forcément VDI ! D’un autre côté, le télétravail offre la liberté de travailler depuis la maison mais doit s’accompagner de solutions simples pour se connecter au réseau d’entreprise depuis un poste personnel. Durant cette session, nous allons vous présenter comment les technologies Windows To Go, Hyper-V client, DirectAccess et UE-V peuvent contribuer à couvrir ces différents scénarios.
Comment migrer votre capital décisionnel BO vers la BI de Microsoft ?Microsoft Décideurs IT
GFI propose une offre de migration automatisée de votre capital décisionnel sous BO permettant : Une optimisation des coûts liés aux licences avec un retour sur investissement rapide, Une réduction drastique du coût de migration des documents et des univers, Une mise à disposition de nouveaux usages avec MS BI. Nous proposons d'animer une session sur ce sujet via des démonstrations en live de notre solution.
La fin de support prochaine de Windows Sevrer 2003 est pour de nombreux clients l’occasion de migrer leur environnement Active Directory existant. C’est aussi l’occasion de regarder les évolutions apportées par les versions 2012 / 2012 R2 d’Active Directory afin de ne pas limiter cette opération à une simple montée de version mais de l’utiliser comme une occasion de mettre en place les évolutions en terme de fonctionnalités et d’architecture qui permettront d’envisager de nouveaux scénario de mise en œuvre. De quoi faire d’une pierre deux coups en restant pleinement supporté et en apportant à vos utilisateurs de nouveaux services… de quoi permettre à votre DSI de retrouver le sourire en transformant un souci en occasion de briller…
Identity & Access Management in the cloudAdrien Blind
This presentation discusses the evolution of IAM (Identity & Access Management) problematic, considering a context pushing more & more externalization & opening (B2B, B2C) of enterprises IS, also leveraging massively on the cloud.
The talk particularly focuses on IAM SSO & federation topics, and subsequent technologies (SAML, OpenID, OAuth...).
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
This document discusses Single Sign On (SSO), which allows a user to access multiple services or applications with a single set of login credentials. It describes common SSO protocols like SAML and OpenID Connect and where SSO can be implemented, such as on-premise or in the cloud. Examples of SSO use cases and product categories are provided.
ThousandEyes provides network performance monitoring and visibility tools to help organizations ensure optimal application performance and end-user experience. It offers different agent types that are deployed across networks and endpoints to measure connectivity and performance. Key tests and metrics help identify issues affecting applications and users. The solution helps technical and business stakeholders reduce troubleshooting time, maintain service level agreements, and improve digital experiences for customers interacting with applications anywhere.
Today, with the advancement of technology, the number of devices, applications,
and users is also growing. It is critical to have a solid Identity and Access
Management (IAM) solution to manage these digital identities and limit the risk of
connections. SailPoint is a pioneer in the field. Therefore, the demand for experts
knowledgeable in secure Identity and Access Management (IAM) technologies such
as SailPoint has surged. Many reputable firms provide fantastic opportunities for
these professionals with a variety of packages
Microsoft Power Platform Governance with RunpipeRunpipe
www.runpipe.com
This Slide Deck is designed for anyone responsible for the governance and adoption of Power Apps and Power Automate and Power Bi in a large organisations.
It will list all the features, tools and practices available in the Power Platform to help you monitor, protect and support your data and applications, while also enabling and encouraging innovation from your makers.
It shares top tips and best practice suggestions for governance, security and monitoring, and strategies employed by customers to enable digital transformation with the Power Platform.
Runpipe provides an intuitive platform that brings together security, governance and enablement for multiple Low-Code Platforms, all in one place.
Rixyncs is a global provider of outsourced software services with offices in Ohio, India, and Saudi Arabia. It offers flexible resourcing, quality and productivity metrics, expertise in various technologies, and experience transforming business processes. Rixyncs has successfully developed software for clients in industries such as financial services, retail, and manufacturing. Case studies describe projects involving check cashing software, a store management system, and an expenditure claim system on SAP.
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...CA Technologies
Companies of every size have been disrupted by new business models, new digital devices and new forms of connectivity. But it is the largest enterprises that face the greatest challenges when it comes to integrating their vast legacy architectures with new systems of engagement and innovation that consumers now demand. In this session, Terry White, Fellow and Chief Technologist, Enterprise Services Applications and Business Services at Hewlett Packard Enterprise, will bring more than 30 years of perspective to a discussion on how critical APIs are as a catalyst for legacy application transformation and migration to the cloud. Terry will also cover the importance of being able to manage and secure those APIs to avoid massive service disruptions and security breaches.
For more information, please visit http://cainc.to/Nv2VOe
The Evolution of the Enterprise Operating Model - Ryan Lockardagilemaine
The document discusses Contino, a professional services firm that helps clients adopt enterprise DevOps, cloud native computing, and data platforms to improve software delivery. It outlines Contino's approach called "Momentum" which starts with small proofs-of-concept and scales best practices throughout an organization. The document also describes Contino's delivery teams approach, typical upskilling capabilities, and why transformations are beneficial for organizations.
This webinar describes how you can manage the risk of privileged accounts being compromised, creating a breach of sensitive data or other assets in your organization, through privileged access management, or PAM. PAM can reduce risks by hardening your environment in ways no other solution can, but is challenging to deploy. This webinar provides an unbiased perspective on PAM capabilities, lessons learned and deployment challenges, distilling the good practices you need to be successful. It covers:
- PAM definitions, core features and specific security and compliance drivers
- The PAM market landscape and major vendors
- How to integrate PAM with identity management, service ticketing and monitoring
- Avoiding availability and performance issues
Synapse India is an IT solutions provider that offers software development and marketing services. It is CMMI level-3 certified and works with over 2000 clients worldwide. Single sign-on (SSO) allows a user to log in once and gain access to multiple independent systems without re-authenticating, saving time. SAML is a protocol that implements SSO in enterprises by defining identity providers, service providers, and the transfer of authentication data between the two using XML messages. Implementing SSO involves configuring servers as identity providers or service providers and exchanging metadata between the two to enable single sign-on access across systems.
Cloud, Microserves, Mobile, IoT... jedes für sich oder gemeinsam, haben dramatische Auswirkungen auf die Art und Weise wie wir Monitoring betreiben. Ein statischer Grenzwert auf CPU oder Memory stammt aus einem früheren Jahrzehnt. In diesem Vortrag erfahren Sie werden wir uns anschauen was es bedeutet, Industrie führendes "richtiges" Monitoring im Einsatz zu haben, wie und warum es in die DevOps-Pipelines integriert werden muss, warum wir künstliche Intelligenz brauchen um die Flut an Digitalen Touchpoints zu überleben und was die Migration vom eigenen Datenzentrum in die Amazon Cloud uns dabei gelehrt hat. https://www.xing.com/events/atb-expertentreff-monitoring-redefined-1872743
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
Office 365 Seguro? Sym, Cloud!
1-Estratégia de Segurança da Symantec
2-VIP & SAM for Office 365
3-DLP for Office 365
4-Email Security.cloud
Be Aware Webinar acontece todas as quartas às 10h30. Curta nossa página no Facebook e acompanhe a programação
Challenges of Mobile HR framework and programJinen Dedhia
This document discusses challenges and solutions for implementing a mobile HR strategy. It outlines key challenges in the planning, implementation, and launch phases such as determining ROI, choosing between native and hybrid apps, and gaining security approval. Guidelines are provided for each challenge, such as starting with low-risk processes, using a hybrid approach for cross-platform upgrades, and involving stakeholders early. An enterprise mobile app platform called DronaHQ is introduced that allows building, deploying, and managing customized apps securely with tools for user management, security policies, and integration capabilities.
Softengi offers IT outsourcing services including software development, testing, and consulting. They have over 400 IT professionals across multiple countries who can help clients design complex enterprise solutions, minimize risks, and transition to digitalization. Softengi has expertise in various technologies and can take over ongoing projects to meet clients' business needs through agile development.
SailPoint is a centralized identity management solution that allows organizations to manage employee authorizations, digital identities, data security, network management, compliance, and more. CyberArk is used to access local admin accounts, domain admin accounts, service accounts, and other privileged accounts simply and safely.
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
Find here the slides of the presentation on Sentinet, given by Massimo Crippa (Codit) on the BTUG Event of 13th of October 2015.
Sentinet has recently introduced the support for the OAuth and OpenID Connect protocols.
In this presentation you will see the supported authentication flows, how to secure a regular BizTalk SOAP and REST service with OAuth 2.0 and how to call an OAuth-protected API from BizTalk with no coding or any changes in the existing application.
The Future of Enterprise Identity ManagementOneLogin
The document discusses identity and access management (IAM) trends and recommendations for the cloud. It notes challenges with traditional on-premise IAM systems like high costs and inflexibility. The rise of cloud apps and mobile users is driving demand for cloud-based IAM (IDaaS). Recommendations include assessing vendors' application coverage, planning future IDaaS phases, and promoting benefits using ROI metrics. Use cases discussed include mobile single sign-on, on-premise provisioning through IDaaS, and using a cloud directory for consolidated identity management across directories.
Connect 2017 catalyst accelerator for bankingMuleSoft
The document introduces the Catalyst Accelerator for Banking, which provides reference API designs, implementations, and a sandbox environment to help banks establish an API-led approach. It discusses how APIs can help banks address challenges around operational excellence, new products/services, and customer engagement. Specific use cases are also described, such as abstracting legacy systems with APIs and exposing payments capabilities. The accelerator is intended to illustrate best practices and is available publicly for banks to leverage.
EasySOA business case and real world use case 20130220Marc Dutoo
EasySOA is a lightweight SOA governance solution that provides a non-intrusive layer over existing SOA implementations to improve governance. It utilizes a collaborative document management platform like Nuxeo to store SOA models, specifications, and other documents. This includes business concepts, technical specifications of services, and deployment information. It also facilitates automated discovery of services and their documentation from code to integrate information from multiple teams. EasySOA aims to improve visibility and sharing of SOA assets without burdening teams with new tools or processes.
CloudOps evening presentation from Salesforce.comAlistair Croll
Peter Coffee, VP and Head of Platform Research at Salesforce, discussed building business apps on the Force.com platform. Force.com provides developers with tools to build scalable apps faster and at lower costs compared to traditional platforms. It offers capabilities such as visual process design, business rules, social business processes, and real-time device interactions. Force.com also enables secure communities and social business through its security and sharing models.
Similar to Fédération d’identité : des concepts Théoriques aux études de cas d’implémentations concrètes (20)
Mise en place d'un Use Case d'Adaptive Authentication avec F5 APM et Insight ...e-Xpert Solutions SA
Afin d'éviter que l'utilisateur doit saisir son Multi-facteur (MFA) à chaque nouvelle authentification sur une application web, nous proposons une solution qui permet de vérifier la légitimé de la connexion. C'est seulement en cas de connexion potentiellement non légitime que l'utilisateur doit saisir son multi-facteur.
Les différents types de contenu de la présentation :
- Articles by the Jedi Masters
- A monsterstash of API documentation
- Q&A for everything
- Downloads galore
- Videos by geeks and for geeks
- Upcoming events
This document discusses Check Point's CloudGuard solution for securing cloud environments. It begins by noting concerns about cloud security from IT leaders and the need for new security models for the cloud. It then outlines CloudGuard's advanced threat prevention capabilities for cloud environments. The following sections describe how CloudGuard provides security across private, public, hybrid, and multi-cloud deployments using automation, orchestration, and a hub and spoke architecture. Check Point's cloud security blueprint aims to deliver agile, automatic, efficient, and controlled security that enables innovation across cloud platforms.
Check Point CloudGuard SaaS is a security solution that provides superior threat prevention for SaaS applications. It protects against the biggest threats to SaaS apps like account takeover and malware delivery. The solution prevents account takeovers through identity protection techniques like device verification and blocking unauthorized access attempts. It also protects against zero-day threats by scanning files and blocking malicious content from being accessed or shared through SaaS apps. The solution offers other capabilities like data leakage prevention, shadow IT discovery, threat intelligence, and simplified management.
La mobilité s'impose et nous expose. Faut-il subir ou gérer ? L'évolution de la mobilité en entreprise présentée et agrémentée par des démonstrations d'attaque et par les moyens de ...
La fuite de données est un fléau pour les entreprises. De plus, l’émergence de la mobilité et du cloud augmentent les risques de perte ou vol de données confidentielles. Les approches traditionnelles ont montré leurs limites et laissent place à des solutions beaucoup plus pragmatiques.
Avoir sous la main à tout moment ses e-mails, documents professionnels, contacts devient une exigence universelle. Les Smartphones et tablettes numériques, plus « mobiles », prennent petit à petit le pas sur les ordinateurs traditionnels, non sans risques pour les entreprises.
Le déni de service existe depuis des années. Cependant, cette attaque retrouve un nouveau souffle avec son évolution, le DDoS (Distributed Denial of Service). Plus difficile à contrer, cette attaque cause également beaucoup plus de dégâts.
Sandboxing, une nouvelle défense contre les menaces intelligentese-Xpert Solutions SA
Les APT (Advanced Persistent Threats) sont des menaces réputées subtiles, intelligentes et dangereuses. Des protections standards utilisant la reconnaissance par signatures ne sont plus suffisantes. Des techniques comme le sandboxing sont alors nécessaires.
Séminaire e-Xpert Solutions : Que sont les Web Services et comment les sécuriser ?
Que sont les Web Services ?
Comment sécuriser les Web Services ?
Rappels sur Bee-Ware V5
i-Suite XML Firewall module
Démonstration de manipulation des flux XML
Démonstration d’attaque sur un Web Service
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Fédération d’identité : des concepts Théoriques aux études de cas d’implémentations concrètes
1. Séminaire Fédération d’identité : des concepts Théoriques
aux études de cas d’implémentations concrètes.
Nagib Aouini, Head of IAM Division
Genève, 27.11.2014
Organisé par
2. AGENDA
Contexte / Besoins / Challenges clients – 5 min
Vision Fédération (concepts, benefices, besoins) – 15 min
Architecture sécurité ELCA – 15 min
Stratégie Projet – 5 min
Lessons Learned / Services Sécurité ELCA / Questions /
Réponses – 15 min
3. CURRENT CUSTOMER NEEDS
■ Allow a secure access to a B2B applications based on
SharePoint 2013 to all employees, business partners and
contractors (maximum 100’000 users).
■ Simplify the registration and on-boarding process to business
partners and employee without adding huge administration tasks
to Business and IT admins (access right management).
■ Provide the best user-experience for end-users in terms of
access, registration and collaboration.
■ Identify user and audit all access to sensitive documents using a
unique identifier (which is strongly linked to the phyiscal person).
■ Deliver the best performance for the B2B application and support
peak demand during specific events.
4. BUSINESS DRIVERS
Business FacilitationBusiness Facilitation
Improve security & risk
management
Improve security & risk
management
Strong authentication to protect sensitive assets
Enforce access control policy
Timely revocation of inactive accounts
Imposing policies and improve audit capability
Regulatory complianceRegulatory compliance
Loi fédérale du 19 juin 1992 (LPD)
Company Audit policy and compliance report
Reduce operational costsReduce operational costs
Align technology in both data-centers (use of F5)
Reducing management costs and security
Cutting costs of developments by using standard protocols
(SAML2, OAUTH, WS-Fed …)
Improve user experience (with SSO and federated
SSO)
Integrating partners (top sponsors)
Integrate new business application in time-to-market
(SaaS apps, on-premises using SAML SSO).
5. BUSINESS CHALLENGES
Project Business Team :
How to manage this mass amount of
users in term of registration and access
rights ? We are only 5 people !
Project Business Team :
How to manage this mass amount of
users in term of registration and access
rights ? We are only 5 people !
IT Security Officer
I will not let 100’000 users
accessing my network without
identifiying them in a secure way !
Today our LAN is not opened to
Internet Worldwide.
IT Security Officer
I will not let 100’000 users
accessing my network without
identifiying them in a secure way !
Today our LAN is not opened to
Internet Worldwide.
IT System administrator
How many system administrator we need to
manage those amount of servers (required for
SharePoint 2013). Do we need to manage a lot of
firewall rules for SAML ?
IT System administrator
How many system administrator we need to
manage those amount of servers (required for
SharePoint 2013). Do we need to manage a lot of
firewall rules for SAML ?Help Desk and Support
I don’t want to receive call or ticket for
people working outside our company.
I’m supposed to handle request only
for employee !
Help Desk and Support
I don’t want to receive call or ticket for
people working outside our company.
I’m supposed to handle request only
for employee !
Head of IT
Are you sure that SAML is the right
choice ? Does it will faster application
integration in the future.
Does it enables SSO to SaaS platform
? It cost a lot, No ?
Head of IT
Are you sure that SAML is the right
choice ? Does it will faster application
integration in the future.
Does it enables SSO to SaaS platform
? It cost a lot, No ?
6. AGENDA
Contexte / Besoins / Challenges clients – 5 min
Vision Fédération (concepts, benefices, besoins) – 15 min
Architecture sécurité ELCA – 15 min
Stratégie Projet – 5 min
Lessons Learned / Services Sécurité ELCA / Questions /
Réponses – 15 min
7. Company Logo
HOW FEDERATED IDENTITY AND SSO CAN SOLVE THOSES CHALLENGES ?
Federated Identity & SSOFederated Identity & SSOFederated Identity & SSOFederated Identity & SSO
Benefits
User experienceUser experience SimplifySimplify
AccessAccess
SecureSecure
AccessAccess
FacilitateFacilitate
IntegrationIntegration
simplifier la
navigation de
l'utilisateur
simplifier la
navigation de
l'utilisateur
Un service unique
d’authentification
Un service unique
d’authentification
Plus de mot passe
mais des jetons qui
transitent
Plus de mot passe
mais des jetons qui
transitent
Utilisation du standard
SAML qui traverse les
réseaux
Utilisation du standard
SAML qui traverse les
réseaux
8. Verifying that a user, device, or service
such as an application provided on a
network server is the entity that it
claims to be.
Determining which actions an
authenticated entity is authorized to
perform on the network
WHAT IS FEDERATED IDENTITY MANAGEMENT?
Identity Provider (IdP) – Entity
performing authentication
Service Provider (SP) – Entity allowing
authorized resource access
Service Provider (SP) – Entity allowing
authorized resource access
IDPIDP Service ProviderService Provider
Identity management deals with identifying individuals in
a system and controlling access to the resources in that system
9. AuthorisationAuthorisation
Functionalities
and data
Functionalities
and data
AuthenticationAuthentication
App 2App 2
AuthorisationAuthorisation
Functionalitie
s and data
Functionalitie
s and data
App 2App 2
AuthorisationAuthorisation
Functionalitie
s and data
Functionalitie
s and data
App 1App 1
AuthorisationAuthorisation
Functionalities
and data
Functionalities
and data
AuthenticationAuthentication
App 1App 1
Classic
IDENTIFICATION AND AUTHENTICATION
SAML-Based
9
Active
Directory
AuthenticationAuthentication
Active
Directory
IdPIdP
SPSP
CLAIMS
SAMLv2
11. TRUST ENTRE IDP ET SP
■ Cryptographie asymétrique (paire de clés)
Clé publique (connue de l’émetteur) du récepteur utilisée pour l’encryption
− L’émetteur doit être capable de vérifier l’authenticité de la clé publique!
Clé privée (secret du récepteur) utilisée pour la décryption
La paire de clés (privée et publique) sont générées au même moment
Aussi connu sous le nom de “ cryptographie à clé publique”
L’échange de message est similaire entre un IDP et un SP qui se font confiance
Extract
Signature
Encryption
Algorithm
Encryption
Algorithm
Decryption
Algorithm
Decryption
Algorithm
SP Public KeySP Public Key SP Private KeySP Private KeyIDP SP
12. SAML TOKEN
SAML token carry pieces of information about the user
(can contain more information than a Windows Kerberos Token)
NameName
AgeAge
LocationLocation
Token
15. FEDERATION MODELS – PEER-TO-PEER
SP
SP x
IDP 3IDP 3
IDP 2IDP 2
IDP 1IDP 1
COMPANY LAN
IDP
Trust link
SP y
16. IDENTITY FEDERATION WITH A “HUB” SAML ARCHITECTURE
16
HUBHUB
Data-Center
SP 1
App Z
SP 2
App X
SP 2
App X
SP 3
App Y
SP 3
App Y
IDP : HQIDP : HQ
IDP : WIDP : W
IDP : ZIDP : Z
IDP : YIDP : Y
IDP : XIDP : X
SP 1
App A
SP 1
App A
SP 1
App C
SP 1
App C
SP 1
App B
SP 1
App B
Other
applications:
• SaaS (cloud),
• Partners …
17. PARTNER CATEGORIZATION
- Not mandatory
- Make business easier
- «Low» level of trust
- Essential for business
- Several services used
- «Medium» level of trust
- Essential for strategy
- Advanced SLA
- Sensitive applications
- «High» level of trust
18. ACCOUNT AND ACCESS MANAGEMENT
■ Account provisioning
- Transient (no need to map account to an existing)
- Just-in-time (JIT) provisioning (need a mapping ID)
- Directory synchronization (via CRM or regular export /
import)
■ Access management
- Generic partner account
- Establish roles among the
partner’s users
- Each partner’s user has its
own account partner-gen-user
part-t1-user
part-t2-user
part-t4-user
part-t3-user
19. WHY DO WE NEED A UNIQUE ID
■ Ability to uniquely identify a user (or application, machine,
service,…) in the IT environment for e.g. audit purpose
■ No need to manage matching tables per application between ID
and physical user
■ It is a mandatory prerequisite for internal SSO and external
identity federation
■ The ID needs to be kept and archived even if the employee left
the company. It must never be re-assigned to any other employee
to avoid access rights recovery risk.
21. LEGAL AND CONTRACTUAL CONSTRAINTS
■ Identity authenticity
- Depends on the partner trust level
- Defines constraints on which service is accessed
■ Confidentiality vs. auditability
Audit
Track user activity
Confidentiality
Hide user identity
CONSTRAINTS
vs.
NEED
22. FEDERATED SSO EXAMPLE
Multi-organization
collaboration common
Accounts generally
maintained by one
organization
Grant access for
externally authenticated
users
Business
Agreement
Authenticate
User
Access
Resources
Customer Business
Partner
We don’t need to maintain or create external account for those users as Customer
trust the partner !
We don’t need to maintain or create external account for those users as Customer
trust the partner !
23. FEDERATED IDENTITY MANAGEMENT : EXAMPLE
23.
Central
Directory
Synchronization
Application
Authentication
Services
User
SAML
tokens
Session
Access
Applications Exchange
Base RH
SAP
Databases
Federated
IAM
Federated
partners
Trust
CRM or
contacts
24. AGENDA
Contexte / Besoins / Challenges clients – 5 min
Vision Fédération (concepts, benefices, besoins) – 15 min
Architecture sécurité ELCA – 15 min
Stratégie Projet – 5 min
Lessons Learned / Services Sécurité ELCA / Questions /
Réponses – 15 min
26. Secure CDNSecure CDN
DC3DC3 DC4DC4 DC 1 & 2DC 1 & 2
B2B appIAM & Security B2B appIAM & Security
ADFS
AD
Ext
.
2FA
ADFS
AD
Ext
.
2FA
IAM & Security
ADFS
AD Int.
2FA
Use case 2:
employee
from Internet
Use case 1:
employee
from LAN
Use case 3:
Federated
partner from
LAN
Use case 5:
Federated
partner from
Internet
Use case 4:
Not-federated
partner from
Internet
F5 Big-IP F5 Big-IP F5 Big-IP
IdP SAML
TestTest ProdProd
Internet
27. DEFENSE IN DEPTH APPROACH
Security mechanism
•HTML/HTTP inspection
•Input/Validation checks
•Secured Custom code
•Sanitization
Security mechanism
•HTML/HTTP inspection
•Input/Validation checks
•Secured Custom code
•Sanitization
Security mechanism
•OS Hardening with BPA /
Security Templates
•IIS Hardening
•HIDS
Security mechanism
•OS Hardening with BPA /
Security Templates
•IIS Hardening
•HIDS
Security mechanism
•Strong Authentication
•RBAC model
•Security Policy
•Encryption at rest/transit
•Audit
•Access control
Security mechanism
•Strong Authentication
•RBAC model
•Security Policy
•Encryption at rest/transit
•Audit
•Access control
Security mechanism
•Secured equipment rack
•Physical controlled
access
•Secure facilities
•RFI/EMI shielding
•Geographical site locaton
Security mechanism
•Secured equipment rack
•Physical controlled
access
•Secure facilities
•RFI/EMI shielding
•Geographical site locaton
Security mechanism
•Network device access control
lists
•IPSec Encryption
•NIDS
•Firewall
Security mechanism
•Network device access control
lists
•IPSec Encryption
•NIDS
•Firewall
• Secure CDN
• F5-ASM • 2FA
• Web Password
• F5-APM
• SIEM - Splunk
• CheckPoint
• IPS – ISS
• VPN IPSec
• Best Practice
Analyzer
• WSUS
• Symantec / McAfee
• DataCenter1 –
ISO27002
• DataCenter2 –
ISO20000/ITIL
Source : Microsoft defense in depth approach
28. App 1: prod
NETWORK DEFENSE: NETWORK SEGMENTATION
28
App 2: test
Front End
Middle
End
App 2: prod
Back End
29. TRACK USER ACTIVITY : UNIQUE ID
29
Employees
Contacts
Active
Directory and
others …
The unique ID will be independent of
the first name and last name of the
user
The unique ID will be generated
according to specific algorithm
Internal and external users will use
their email address to login on the
B2B applications, but the logs will
track them using their unique ID
35. AGENDA
Contexte / Besoins / Challenges clients – 5 min
Vision Fédération (concepts, benefices, besoins) – 15 min
Architecture sécurité ELCA – 15 min
Stratégie Projet – 5 min
Lessons Learned / Services Sécurité ELCA / Questions /
Réponses – 15 min
36. BENEFITS OF FEDERATED SSO
Access to the platform available worldwide with best technology
providing high performance, strong security and high quality user-
experience .
Support for standard authentication methods (SAML2) and
simplification of on-boarding process for trusted partners.
Reduce the overall management cost of registration and
troubleshooting user access since it is completely an automated
process (based on CRM synch).
Ability to control access to sensitive asset using 2FA authentication
coupled with SAML2 SSO (Step-Up authentication possible).
Track and audit user activity using a secure unique identifier linked to a
single person while respecting privacy.
.
37. RECOMMANDATIONS #1
37
■ Document the identity and access management (IAM) plan.
Understand what the business want in terms of requirement,
How it will be operated (insourced or outsourced ?),
Who is responsible for which pieces and how they function.
■ Produce fast results – achieve some quick, low cost results
■ Address high risk areas early – security issues are often the primary
business concerns (start with SSO and strong authentication)
Allow easier security auditing
■ Increase integration between directory and security and application
services with SAML Identity Provider.
■ Improve capabilities that promote the ease and efficiency of finding
organisational data
■ Precise management of identity entitlements and modification or
termination of system access rights through provisioning and de-
provisioning mechanisms
38. RECOMMANDATIONS #2
38
■ Assess existing systems for accreditation and adherence to industry
standards to smooth the SAML migration
■ Use a standard set of security protocols (SAML, OAUTH)
■ Rationalise, synchronise and where appropriate reduce numbers of
directory services and identity information repositories
■ Reduce identity duplication and combine capabilities
To simplify overall infrastructure
Choice of a unique identifier for internal and external users
Reduce management/administration efforts
Enable a greater degree of single sign-on capabilities across the business
systems
Allow easier security auditing
■ Manage identity entitlements of system access rights through
provisioning and de-provisioning mechanisms
39. ELCA has a proven expertise to be your IAM partner
WHY CHOOSE OUR SOLUTION
39
■ Proven IAM expertise
■ Ability to deliver on time
■ Quality of deliverables
■ Business focus first
■ Knowledge of customer
needs
■ Team working with customer
representative
■ Innovation and cutting edge
solution
■ Security focus in mind
■ Efficiency
■ Neutral integrator
■ Customization
■ You local IAM partner
40. employee
Federating partners
with SAML
contractors
stakeholder
Approver User ID
Admin
Autoritative
Source(s)
HR
External
Metadirectory
Access
Mgt
Dashboard
Reports
AD +
Exchange
Enterprise
Platform
Others
apps
Synch
Self-Service
Auditor Application Auditor
SAML
claims
IAM
connectors
Log collection
for Access
Intelligence
ELCA ARCHITECTURE
41. ELCA IAM SUCCESS STORY
For a large humanitarian worlwide organization (9’000 users, 20’000 partners)
42. ELCA IAM SUCCESS STORY
For a large humanitarian worlwide organization (9’000 users, 20’000 partners)
43. For an insurance company (2’000 users, 20’000 broker)
ELCA IAM SUCCESS STORY
| 16.01.15 | 43Presentation Title
44. For an international sports organization 500 users, 100’000 partners worlwide)
ELCA IAM SUCCESS STORY
45. Lausanne I Zürich I Bern I Genf I London I Paris I Ho Chi Minh City
Nagib Aouini
Head of division
Identity & Access
nagib.aouini@elca.ch
Thank you for your attention
For further information
please contact:
Editor's Notes
Par forcément en taille, mais en importance business