single sign-on for mobile
DESCRIPTION
Simplify secure mobile app access to enterprise resources When mobile apps access enterprise data and services, the risk of security being compromised is increased. Layer 7’s solution for mobile Single Sign-On simplifies the process through which apps require users to sign in to the enterprise in order to secure this access. The solution leverages the underlying security in a device’s operating system to effectively create a secure sign-on container for apps. Layer 7 offers a complete end-to-end, standards-based and proven security solution for mobile SSO. This solution uses OAuth 2.0, OpenID Connect and JWT standards. Communication is secured through Layer 7’s SecureSpan Mobile Access Gateway and SSO libraries that abstract out all the complex OAuth and OpenID Connect protocol handshakes between mobile device and Gateway.TRANSCRIPT
Copyright © 2013 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Single Sign‐On for Mobile
Simplify Secure Mobile App Access to Enterprise Resources
Layer 7’s solution for mobile Single Sign‐On (SSO) provides mobile
enterprise applications with a secure method of authenticating and
authorizing users against existing enterprise identity management
infrastructure. The solution includes SDKs for most common platforms,
including Android and iOS.
Learn More About Layer 7’s Mobile Access Solutions Phone
+1‐800‐681‐9377 (toll free within North America) or +1‐604‐681‐9377
Email [email protected]
Web www.layer7.com
Facebook www.facebook.com/layer7
Twitter @layer7
The Challenge: Secure Mobile Access to the Enterprise
Identity and authentication assurance needs to be balanced against the assets in use. When mobile apps leverage enterprise data and services, the risk of security being compromised is increased. The cost goes beyond a tarnished brand name – breaches can put a business at risk.
The Solution: Mobile Single Sign‐On
Layer 7’s solution for mobile SSO simplifies the process through which apps require users to sign in to the enterprise. The solution leverages the underlying security in a device’s operating system to effectively create a secure sign‐on container for apps.
Layer 7 offers a complete end‐to‐end, standards‐based and proven security solution for mobile SSO. This solution uses OAuth 2.0, OpenID Connect and JWT standards. Communication is secured through Layer 7’s SecureSpan Mobile Access Gateway.
The Mobile Access Gateway is lightweight, low‐latency mobile middleware with integrated security and management controls designed to help enterprises safely and reliably expose internal assets to developers and remote apps, as mobile APIs.
While the Gateway solves critical mobile‐specific identity, security, adaptation, optimization and integration challenges, the mobile SSO solution delivers SSO libraries for device developers. By providing a simple API consumption layer on the mobile platform, all the complex OAuth and OpenID Connect protocol handshakes between mobile device and Gateway are abstracted out. The mobile app obtains an access token using OAuth. The user context is shared across a group of applications via OpenID Connect.
The client SDK is available for iOS and Android devices, while support for other platforms is planned for future releases.
Copyright © 2013 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
\
Features & Benefits
Features
Multi‐layered approach to mobile security
Flexible architecture with hooks for optional trust bootstrap via crypto material from external sources (SIM, OTP, CAC)
Multifactor authentication for high assurance level protection Policy configured per app, user or device to tailor use cases
Validation of device and user identity
Continuous device validation through One Time Password (OTP), for device registration Re‐registration procedure triggered by admin or usage patterns PKI provisioning
Lost device tracking and blockage from admin portal
Track device activity (failed/successful) authentications Track device location through GPS data or network services Revoke access to user, device and apps from admin view
Integration with existing backend identity management systems
Integrate into Microsoft‐based security through Active Directory, ADFS and Claims Extend CA SiteMinder directory service to mobile clients Integrate with Oracle Access Management Leverage LDAP directory services for client without custom client
Benefits
Mobile app security
Sign in once for all enterprise apps under the same domain Simplify PKI‐based certificate delivery and provisioning to mobile devices Deploy OTP for a higher assurance level Enable multi‐factor authentication Integrate with HW security modules Enable context‐based authorizations
Mobile developer enablement
Leverage client libraries to hide the complexity of OAuth and OpenID Connect Provide UI elements for user sign‐in Enable cross‐device token sharing with devices in proximity
End user enablement and best‐in‐class user experience
Enhanced user experience (UX) Minimal password typing Consistent UI for all enterprise apps across devices Client‐side tooling skinned to service provider brand Transparent view of authorizations Control Center app to assist in SSO and enhanced features like cross‐device token sharing
Mobile Access optimization
Access grant without browser redirection for authentication Leverage optimized tokens for mobile consumption Ensure seamless flow of sign‐in session as user switches devices Integrate with enterprise identity services
To learn more about Layer 7, call us today at +1‐800‐681‐9377 (toll free within North America) or +1‐604‐681‐9377.
You can also: email us at [email protected]; friend us on Facebook at facebook.com/layer7; visit us at layer7.com;
follow us on Twitter (@layer7).