the modern web access management platform –from on ...the modern web access management platform...
TRANSCRIPT
The Modern Web Access Management Platform – from on-premises to the CloudSingle Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and in the Cloud
2www.idfconnect.com
Why Web Access Management?Ensure EVERY request is vetted before ever
touching your application(Use a “Zero Trust” Architecture)
Central enforcement and audit of access policies and activity
Single Sign On and Session Management across all apps EVERYWHERE
3www.idfconnect.com
The Situation
50+ applications protected by current SSO/WAM solution
Multiple user directories
Multiple Password policies
Multiple authentication mechanisms including 2FA
A Common Quandary!
Constraints
NO new firewall ports
NO cloud-to-data center VPNs
NO syncing/pushing employee credentials to the cloud
Key Question How do we leverage our existing WAM infrastructure to handle platforms & applications in the public cloud?
SSO
WAM
4www.idfconnect.com
Server-side Application Integration
AJAX / Mobile / Thick Client Application Integration
Applications in the Cloud
WAM-as-a-Service
"Agent-less" Infrastructure
5 SSO/Rest Use Cases
SSO/Rest Solves 5 Major Challenges
5www.idfconnect.com
Authentication Management
Access Control Enforcement
Single Sign On
Idle Session Timeout
Control Session
Duration
Centralized Audit
Web Access Management
06 01
02
0304
05
A Complete Web Access Management Solution
6www.idfconnect.com
Centralized Audit
Centralized Audit
Common Access Management Gaps in the Cloud
Authentication Management
Access Control Enforcement
Single Sign On
Idle Session Timeout
Session Maximum
Time-to-Live
01
03
06
Control Session
Duration
Idle Session Timeout
Access Control Enforcement
02Web Access Management(Gaps in the
Cloud)
04
05
7www.idfconnect.com
The SSO/Rest Solution
A
B
C
D
SSO/Rest combines existing
and emerging technologies to
extend the perimeter of your
IAM solution safely and
securely into your public Cloud
platforms
SSO/Rest!
Rest based- lightweight
No firewall holes - secure
Easy to use, handles latency, transparent….
Engineered to solve this problem
9www.idfconnect.com
SSO/Rest Plugin Architecture
Browser SSO/Rest Plugin SSO/Rest Gateway Policy Decision Point(XACML, CA SSO, etc.)
Lege
nd
Browser HTTP traffic SSO/Rest HTTP traffic PEP-to-PDP traffic
Corporate Network
Cloud Apps
Browser call to cloud application
SSO/Rest session validation request PEP-to-PDP traffic
Response (with updated SESSION cookie[s])
Policy Decision Response
JSON reply from SSO/Rest
Cloud
10www.idfconnect.com
But… is this just Federation?
NO!
Unlike Federation, SSO/Rest supports every access management security feature you have come to trust and depend on, EVEN IN THE CLOUD
In our demonstration you will see that SSO/Rest provides perimeter defense and strong access control to all resources and also enforces those requiring elevated privileges
11www.idfconnect.com
“Look Mom! No VPN!”
SSO/Rest Engine
Login
Update Session
Validate Session
isProtected
Gateway
Enable / Disable
Change Password
isAuthorized
Some of SSO/Rest’s Web Service Endpoints
12www.idfconnect.com
LIVE DEMONSTRATION
• Build sample .Net app• App contains privileged URL• Include SSO/Rest Plugin for .Net in the app• Deploy directly to Microsoft Azure application container• Create CA SSO Policies or XACML policies – business as usual• Plugin self-registration and configuration• App deployment and integration is complete
• The app is in the cloud…• …but is secured just as if it were in your data center!
13www.idfconnect.com
Remember: Federation is NOT the Same as Web Access Management
Federation Web Access Management (WAM)
One-time handoff from partner IDP
Limited logout capabilityPerimeter Defense
Audit
Access control
www.your website.com
future business
Policy Enforcement Point (PEP)
Policy Decision Point (PDP)
www.your website.com
future business
Authentication
Session lifecycle management
14www.idfconnect.com
IIS
HTML5
XML
Cloud
CSS3
Customer Success Stories
Seamless and Secure IntegrationFortune 50 retail company makes an acquisition, and has seamlessly and securely integrated the new web apps with its eCommerce portal, without having to bring the apps in-house or creating a VPN to the new company
Successfully Moving .Net applications to Microsoft AzureFortune 50 finance company successfully moves its .Netapplications to Microsoft Azure while preserving all of its SSO integrations, authentication and access policies, and audit capabilities
js
PHP
Acquired Company Existing Web Apps
.NET
.Net Applications Microsoft Azure
C#
eCommerce Portal
ASP.NET
15www.idfconnect.com
You should be interested in this technology if…
• You have CA SSO and are moving applications to the Cloud • You want or need the assurance that every request is vetted before ever touching
your application• You require fine grained access controls and centralized policy management• You require a complete audit trail of end-user activity within a given session• You need a web access management solution that is modern and leverages today’s
tools and capabilities (e.g. ELK, Docker, Kubernetes)• You are interesting in offering Web Access Management as a managed service• You have an API Gateway and want a modern Policy Decision Point for its auth/az
requirements• You are building rich applications (mobile, AJAX) and require web services for all
manner of seamless access management integrations
16www.idfconnect.com
Platform support
Web Servers:
App Servers:
Web services for all manner of integrationsApp Platforms:
…and other thick clients!
17www.idfconnect.com
SSO/Rest now supports NGINX with an NGINX+ Certified Module
Our native, single library plugin integrates NGINX and NGINX+
into your access management solution, allowing you to use the
full capabilities of SSO/Rest with NGINX
18www.idfconnect.com
Highlights from our latest release, SSO/Rest 3.0:
• Pluggable logic for custom request handling:• Create your own plugin configuration parameters with our
annotation-driven API
• Plugin self-registration• Give app teams the self-service capability to register
plugins, or orchestrate provisioning of new app instances
• Extended Realm Configuration• Apply plugin configuration parameters at the realm level
19www.idfconnect.com
More highlights from our latest release:
• Management console• Metrics measurements with Elastisearch
• Swagger User Interface
• Fine-grain logging and tracing
• Automated testing and Self Diagnostic tool
T H A N K YO U !For More Information, Please Visit
IDF Connect, Inc.2207 Concord Pike #359Wilmington, DE 19803Phone: (888) 765-1611Fax: (888) 765-7284
www.idfconnect.com
www.linkedin.com/in/rsand
@IDFConnect
www.facebook.com/IDFConnect
@rsand2
Turn SSO/Rest into your Enterprise 2-Factor Auth Solution with SSO/MobileKey. For more details visit www.idfconnect.com/products/sso-mobilekey/
Also check out our other products: www.idfconnect.com/products