Over the course of the past decade and a half, I have worked with several different "
Single Sign-On" or at least "Reduced Sign-On" Solutions. All from large reputable companies, like IBM, Oracle, Sun, Quest, Microsoft...
Most of these were limited to one or two authentication types, and relied heavily on infrastructure, placing large
Capex and
Opex constraints squarly on your shoulders. Most relied on a client side app to connect to
Active Directory,
LDAP, or
basic auth web services. They would then store your obsfucated credentials in a "Wallet" or local store for seamless authentication to these target apps. Others were simply "
Authenticating Reverse Proxies" and provided a unified way to aggregate various websites and portals that require authentication.
None provided for a complete holistic end user experience.
Enter Symantec with O3:
Over the past year and a half, Symantec has been quietly cultivating a sleeping giant.
Imagine a scenario where you could manage your user's profiles in such a manner that would only expose applications/portals/sites
or specific views of those, depending on:
- The users' network location (Corporate - Home - Public Internet )
- The device the user is connecting from, (Corporate Laptop or tablet, Personal device, public kiosk)
- The users own credentials. (Username / Password, or add 2 factor RSA for apps requiring additional controls.
Each application exposed would have it's own defined directory store / authentication source including Internal Corporate apps leveraging Active Directory or LDAP, Business Partner applications requiring SAML or true Cloud Services such as
Amazon,
Workday or
SalesForce.
Symantec's O3 Cloud Authentication service has virtualized the function of authenticating an end user into a multitude of systems and services. It provides an
authentication gateway to allow you to securely expose internal corporate services and directory stores, and to assign them to user profiles along with very robust connectivity to most of the major Cloud services players!
In Symantec words:
"Symantec O3 is a cloud information protection platform that provides context-based access control, information security and information management “as a service” for users of cloud applications and services. It supports any endpoint, including mobile. It provides compliance information for access and information events that supports audits and forensics."
With a simple B2B VPN connection between your Corporate Network and Symantec's O3 gateway service you have the ability to authenticate against any application or data store requiring:
Integrating any of these is a straight forward task within the adminstration portal. The Administration portal provides templates and drop downs for an authentication type, and dozens of Cloud Partners are configured "out of the box".
Working with Symantec and their O3 team has been inspiring to say the least.
References:
Single Sign-on for Safe Clouds Adoption:
Symantec O3 Focuses on the Cloud
Great blog...ldap cloud is really a very powerful tool that helps to get the information from the server.As it is protocol it does not define how this work on client or server side.
ReplyDelete