2. 2
2
AGENDA
I. PTC’s IAM / SSO Current State
II. Market Analysis
III. Why is this Important?
IV. Partner Opportunities and Considerations
V. Next Steps
3. 3
• Do you know that most cloud attacks and data breaches take place at the application
and web interface levels, not at the physical storage level?
4. 4
IDENTITY & ACCESS MANAGEMENT (IAM)
Authorization
Manage how actors prove access to
one another
Authentication
Manage how actors prove their identity
to one another
Auto User
Provisioning
Workflow
Management
Self-Service
Password
Management
Role Based Access
Control
Audit &
Compliance
Identity Management
Manage identity metadata for actors (people, things,
applications)
7. 7
SSO DEMAND ANALYSIS AT PTC – JAN 2018 – JUNE 2019
ALM
3%
AR
1%
CAD
12%
IOT
7%
LM
10%
PLM
60%
SLM
7%
BY PRODUCT SEGMENT
AP
13%
CH
8%
EU
31%
JP
4%
NA
44%
BY COUNTRY SEGMENT
Based on 3,000+ cases
9. 9
DATA FOR SSO & IAM
https://www.marketsandmarkets.com/Market-Reports/consumer-iam-market-87038588.html
$845.6 Million
2016
$1.6 Billion
2021
Compound Annual Growth
Rate (CAGR) of 13.6%
The projected growth of the SSO industry underpins the increasing need for efficiency and security when
it comes to accessing digital applications for businesses.
10. 10
GENERAL CHALLENGES WITH SSO
Customers Resources Support
• Customers have no or
little experience with
IAM / SSO
• Customers do not
have the right
resources with the
skillset to configure
SSO
• SSO has instructions in
multiple parts with each
part being independent of
each other
(different companies)
• There are 50+ ways to
configure SSO
• If you need help, each
company can usually help
with their product only
11. 11
Drivers
•Increasing cloud and SaaS
adoption
•Rise in awareness about
compliance management
•Increase in security concerns
among organizations
Restraints
•Lack of knowledge about
identity & access
management solutions
•Challenges around
implementation including
cost, control, standardization.
Opportunities
•Growing market via hybrid
cloud model
•Get in the game and offer
SSO implementation services
Challenges
•Complex integrations due to
diversified IT system
environment
•Inconvenience in managing
distributed workforce
•Steep learning curve
MARKET DYNAMICS FOR IAM/SSO
15. 15
Questionnaire and minimum requirements must be
completed/identified by customers for the above
options
CUSTOMER'S DESIRED SSO HELP OPTIONS
Full-Paid Service
• Paid by customer (RO?)
• End to end support
Self-Service +
Mentoring RO
• Attempt to Self-Service but
cannot continue due to technical
challenges / knowledge
• Purchase RO or Success Plans
Self-Service
• Free
• Customer’s responsibility to
review documentations and
instructions on PTC web
• Limited tech support help
3rd Party Service
• Paid by customers
• Direct customers to 3rd party
partners or companies that are out of
scope for PTC products
• Customer and 3rd party decide and
agree on level of service
• Limited PTC tech support help
1. Service Provider (SP)
2. Identify Provider (IdP)
• AzureAD, PingFederate, Active Directory Federation Services (ADFS), CAC/PKI, Okta
3. Central Authentication Service (CAS)
4. Resource Provider (RP)
Service by PTC
TBD
16. 16
PTC’S VISION FOR IAM/SSO
• Build SSO capabilities (SAML 2.0) in all PTC Products
• Allow seamless SSO Integration into existing setup // or // build a new one SSO
Federation and expand it
PTC PRODUCTS BRING YOUR OWN IDENTITY
PROVIDER
Example
18. 18
• Customer retention
• Additional business/revenue opportunities
• As the data showed, the demand is increasing
• Be prepared for future business opportunities
PARTNER OPPORTUNITIES
20. 20
• Interested in learning more, we have resources
• Assess your own business and portfolio
• Ask PTC for a SSO configuration / implementation demo
NEXT STEPS
22. 22
• How big is the business opportunity vs the investment
– We stated some evidence that there is a growing market, but this is global big numbers
– How much is in it for me as a services provider per customer
– Do I have such customers and do they care?
– How much can I make
– How much time and training will this take
– What do I have to invest
– Route to money
• How fast
• How hard
PARTNER CONSIDERATIONS
23. 23
AVERAGE SERVICE/CASE DURATION AT PTC
AP
22.2
CH
18.4
EU
40.5
JP
22.6
NA
34.2
(blank)
28.7
BY COUNTRY SEGMENT (DAYS)
ALM
42.8
AR
29.7
CAD
27.7
IOT
45.4
LM
2.5
PLM
35.9
SLM
34.5
BY PRODUCT SEGMENT (DAYS)
24. 24
Identity Access Management
Identity management, also known as identity and access management (IAM) is, in computer
security, the security and business discipline that "enables the right individuals to access
the right resources at the right times and for the right reasons".
Single Sign On
Single sign-on (SSO) is an authentication process that allows a user to access multiple
applications with one set of login credentials.
IAM VS SSO
26. 26
SINGLE SIGN ON (GOOGLE - ANALOGY)
User Session Cookie
Central Authentication Service
27. 27
• Allows the user to authenticate to
ThingWorx
• Leverages modern sign on
techniques that conform to
enterprise needs for risk and
compliance
• Delegated to the customers
enterprise SSO where available.
Not your fathers LDAP!
IAM COMPONENTS – PTC THINGWORX
• Allows a user to authorize
ThingWorx to interact with other
enterprise systems on their behalf
• May require an up front
authentication workflow to
authorize the app to connect to
that system of record
• Identities are now distributable
over trusted parties such as
Google and Facebook which can
extend the traditional enterprise
directory scope.
• Querying using modern
REST/Odata interfaces to the IDP
vs historical LDAP interactions
Authentication Authorization Identity
Editor's Notes
=There is demand from customers that want SSO configuration support with our products.
We need to fulfil those demands.
PTC is focusing on core and strategic customers; other options must be available for other customers.
We want to share our experience and how Partners can get involved
Business portfolio managers and IT/systems managers should attend.
= Brief overview of what is IAM and SSO
Identity and Access Management (IAM) is an umbrella term for processes within an organization that focus on administering and managing users and resources in the network including the access of users to applications and systems.
Identity and Access Management includes functionality to manage the identity of a user in the network. These are primarily for authenticating the user in the network and accessing the rights that this user in the network, the so-called authorization
Based on more than 3000+ cases for SSO
=PTC has been experiencing an increasing demand for SSO configuration support.
Although PLM has the largest share, there are increasing demand for other products as well
= The demand PTC is experiencing is no surprise based on market analysis from several marketing companies. Customers want seamless integrations with their multiple technology platforms.
https://www.grandviewresearch.com/industry-analysis/identity-and-access-management-iam
https://www.marketsandmarkets.com/PressReleases/identity-access-management-iam.asp
https://www.businesswire.com/news/home/20160818005431/en/Global-Single-Sign-on-Market-Worth-USD-1599.8
https://www.marketsandmarkets.com/Market-Reports/consumer-iam-market-87038588.html
https://www.businessnewsdaily.com/9766-single-sign-on-solutions-best-identity-access-management.html
"The global single sign-on (SSO) market size is estimated to grow from USD 845.6 million in 2016 to USD 1.6 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 13.6%”
= Growing demand mixed with SSO’s natural complexity makes it a challenge for organizations
Customers have never heard of or experienced IAM/SSO
Customers have heard of IAM/SSO, but have never configured or implemented one
Customers do not have the right resources with the skillset to configure SSO
There are 50+ ways to configure SSO
SSO has instructions, but they are in multiple parts with each part being independent of each other (different companies)
If you need help, each company can usually help with their product only
= Additional reasons why SSO is so complex.
= This is important because of the shift in the market dynamics. Emphasize the lack of awareness. This creates an opportunity for PTC and Partners to become experts leading to paid services.
North America is expected to contribute the largest market share, whereas APAC is projected to show the highest growth rate during the forecast period.
CLOUD CUSOMTER will almost always use Full Paid or Self-Service/RO
2.)
Customers can bring their own IdP that is SAML 2.0 compliant and with PingFed
Open IdP situations can also be considered with a higher price point
= This is PTC’s ultimate long-term vision
I call it PingFederate SSO Union
The 3rd party IdP that you see at the bottom are just references.. and we say, customer can bring in any IdP that talks SAML 2.0 protocol
= Based on more than 3000+ cases for SSO
On an Average 30 days * 8 Hours = 240 Hours of Paid Service
We are not trying to clone what Google did
A Typical Example is Google
So how does google do it.
………………………..
…..
…………………
As long as the User Session is active, User can navigate to any apps of Google with seemless login.
If you would notice the circle, this is the core of the SSO implementation. This is the only entity in the Architecture, which handles the user credentials directly and manages the user session.
And as you are seeing, you are not passing credentials to all the app, rather SAML Tokens are used to provide seamless login experience to the applications and this hence enhances the security.