Single Sign-on
Challenges faced while Integrating Cloud/SaaS Applications in your network
In recent years, we have witnessed a dramatic rise in the use of Software as a Service (SaaS) applications within enterprises. This has been coupled with a similar shift of on-premises applications to the cloud. Some of the driving forces behind this explosive adoption are IT cost reduction, software application standardization, scalability, easier administration, automatic updates and patch management.
This is a paradigm shift and it simplifies a variety of issues faced by enterprise IT today. However, cloud and SaaS Applications introduce a new set of challenges, especially in the areas of access and identity management.
Managing Multiple User Directories for Each Applications – IT administrators need to manage multiple user identities across different applications and control who is granted access to which application. For this, IT admins need to create user identities on each cloud service which could mean creating a separate credential directory for every applications. It is a burden for IT admins and users to manage multiple logon identities and passwords.
Security Risks – Users are often expected to create their own logon credentials to these business-related cloud applications. Multiple logon credentials expose businesses to various risks, including the potential use of easy-to-crack passwords by users and the difficulty of cutting off access when users leave the company.
Decrease in Productivity – Businesses can experience productivity decreases if users constantly have to deal with multiple application logins, password resets, and helpdesk calls. This potential increase in administrative overhead can largely offset the benefits of switching to cloud-based applications.
Beating the Identity and Access Management Challenges with Single Sign-On
Single sign-on (SSO) is a process that allows users to authenticate once using their corporate credentials and gain access to multiple applications without having to re-authenticate. The user has to deal with just a single set of credentials, greatly reducing the barriers for cloud adoption. SSO provides an enhanced user experience and helps reduce administrative overhead.
SSO can be achieved by leveraging on-premises user directory services like Active Directory (AD) to manage access to cloud applications that are outside the enterprise domain and have their own native user directories. Integrating these cloud applications with Active Directory can address challenges at two levels. First, IT admins can control user access from a central location. Second, users can use their existing on-premises credentials to log on to all cloud applications.
Administrators can effectively manage user access across all applications from a single point. They can quickly and easily grant access to new employees and revoke access from employees leaving the company. Thus, SSO is an effective tool to enhance security and increase overall productivity.
Single Sign-On Benefits
- Centralized authentication servers that all applications and systems can use for authentication
- Ability to enforce consistent and strong access control policies across on-premises and cloud applications
- Single set of credentials to manage
- Credentials stored on-premises
- Significant cost savings from reduction in password related help desk calls
- Reduces the administrative burden of adding and removing users to/from individual applications
- Enhances security and compliance capabilities
- Provides convenience to the users – don’t need to enter credentials more than once
- Reduces password fatigue for users who just have to remember single set of credentials
- Increases productivity for both users and IT administrators
Establishing Single Sign-On for Office 365
Microsoft Office 365 is the most widely adopted cloud business solution that includes Exchange Server, SharePoint® and Lync®. Office 365 helps users access their applications and files from any device anywhere.
Establishing true SSO for Office 365 requires creating federated user identities. Federated identity enables users to use their existing Active Directory (AD) corporate credentials to get seamless access to the Office 365 cloud productivity suite. The corporate AD stores and controls the password policy. Users are authenticated via on-premises AD services that requires setting up Active Directory Federation Services (AD FS), AD FS Proxies and Directory Synchronization (DirSync).
Installation and configuration of AD FS and DirSync is a complex and time consuming process. To simplify this complex process of deploying AD FS and Directory Sync to establish SSO, Celestix offers the Celestix Federated Appliance.
Celestix Single Sign-On Solution
Celestix Federated Appliance is a plug-and-play solution that provides seamless Active Directory (AD) integration with Office 365 and other applications located either behind the firewall or in the cloud to enable single sign-on (SSO) and access management.
- Purpose-built solution to tightly integrate Office 365 with AD
- Reduces Microsoft ADFS installation and configuration complexity
- ADFS installation for Office 365 in less than 15 minutes
- Preconfigured and wizard process for rapid deployment
- Minimal technical expertise required
- Increased security with on-premises deployment
- Keep your user credentials at one place in Active Directory
- Lowest total cost of ownership