Federated Single Sign-On ...

Background


In an end-to-end Identity Management framework, solutions cannot be limited to internally-run corporate resources. The process of extending your enterprise’s user provisioning and user authentication capabilities beyond your corporate domain is the fundamental driver behind federation. NetworkingPS supports a complete federation model through its partnership with Ping Identity Inc.

 

 

 

 

Identity Federation

Traditionally organizations have managed the user identities of their own employees. Increasingly, a number of identities (e.g. employees, partners, suppliers, and customers) do not fundamentally "belong" to the entity tasked with managing them. Take for example an organization’s use of a hosted, on-demand CRM solution such as Salesforce.com. The "identities" that access the application are fundamentally corporate (employee) identities. Individuals should not have access to the application outside of their employment with the company. Separate accounts at Salesforce.com —not connected to an identity management system — represent a security loophole.

Identity federation changes this paradigm, enabling the organization to share its employee identity information with Salesforce.com. This allows the organization to increase their control over who has access to what information and resources, regardless of where those resources reside (e.g. on Salesforce.com’s computers).

"Federated Identity" allows organizations and service providers to securely link and exchange identity information across partner, supplier and customer organizations. Federation takes an open, standards-based approach that eliminates the cost overruns, security loopholes and user inconvenience caused by rigid, proprietary, siloed application architectures. Leading organizations have deployed identity federation to get closer with partners, improve customer service, accelerate execution of business partnerships and alliances, cut cost and complexity of integrating outsourced services, and free themselves from vendor lock-in.

Federation bridges segregated silos of identity systems to provide companies with an ability to secure their cross-boundary interactions—removing friction, improving productivity, efficiency and competitive differentiation.

Identity Federation Enables:

  • A way to more tightly integrate user access to remote resources—across the Internet

  • A method for creating a better end-user experience through Web single sign-on and dynamic new account provisioning

  • A means for reducing cost and time required to integrate new applications

  • A means of removing costly and non-scalable proprietary or home-grown SSO

  • A method for reducing friction in online interactions

  • A method of securing and auditing transactions

NetworkingPS' Federated Identity Offer provides an integrated approach by incorporating Ping Identity's product family into its Multi-Layer IdM architecture.  This enables customers to create a powerful authentication platform for enabling single sign-on, verifying identity, and controlling internal and external access across a broad landscape of web applications as well as loosely-coupled web services.

 


PingFederate 4™

PingFederate™ is the industry-leading federated identity server for enabling single sign-on to online services for employees, customers and business partners. The only standalone federated identity server, PingFederate integrates and coexists with existing Identity Manage­ment deployments. As a result, enterprise-wide identity federation is achievable without extensive upgrades to Identity Management systems.

Advanced Features

Multi-Protocol Configuration Console- By providing a single use case-driven configuration console to support all versions of SAML as well as WS-Federation, PingFederate 4 simplifies configuring environments with multiple protocol connections.

  • Hardware Security Module Support - PingFederate may be integrated with an optional Hardware Security Module for PKI operations to enable compliance with FIPS 140-2 requirements.

  • Off-the-Shelf Integration Kits - To reduce the cost of integration of single sign-on with your applications and identity management systems, only PingFederate provides an entire suite of pre-built integration kits.

  • Enterprise Deployment Architecture - Only PingFederate enables you to federate applications residing in multiple domains and manage all partner connections from a single server. Through PingFederate, identity federation is a centralized service available to your entire organization.

  • Role-Based Administration - Organizations often divide admin­istrative activities across multiple individuals. PingFederate supports role-based access with differing responsibilities: User Admin, Admin, Auditor, and Crypto Admin.

  • Advanced Federation Functionality - As the most advanced federated identity server available, PingFederate provides a number of features not found in many competitive offerings such as support for multiple Identity Providers, Identity Mapping, User Attribute Management (including X.509 Attribute Sharing Profile) and more.

 


For More Information

 

To download information about this and other NetworkingPS Security Management Solutions, please click here.