© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013 www.secureauth.com.

Slides:



Advertisements
Similar presentations
11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.
Advertisements

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.
Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
MyProxy Jim Basney Senior Research Scientist NCSA
Identity Network Ideals – Heterogeneity & Co-existence
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
© Centrify Corporation. All Rights Reserved. Evolving Enterprise Identity: From the Data Center to Cloud and Mobile Centrify Corporation
Govern the Flow of Data: Moving from Chaos to Control
Mobile Devices in the DoD
Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.
McAfee One Time Password
Paul Roberts – Enterprise Mobility Specialist
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Device Evolution Greg Pelton Chief Technology Officer
1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.
Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.
1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.
Agenda AD to Windows Azure AD Sync Options Federation Architecture
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Addition 1’s to 20.
Week 1.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
Bomgar Product Strategy SECURE REMOTE SUPPORT FOR THE MOBILE ENTERPRISE © 2011 Bomgar Corporation | CONFIDENTIAL BOMGAR Solution Overview Stuart McGregor.
Oracle IDM at First National Bank
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
2 Agenda Introductions – Kathleen Wetherell Introduction of the Enterprise Mobility Suite– Kathleen Wetherell Overview of Microsoft’s Intune with Product.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
WSO2 Identity Server Road Map
S ECURITY M ADE S IMPLE Technology leader in modern two-factor authentication via SMS Morten Skovsgaard Sales Manager
Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
© 2013 SecureAuth. All rights reserved. Tutorial: Constructing and Securing Applications for Deployment in the Cloud.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
Adxstudio Portals Training
Identities and Azure AD Premium
Secure Mobile Development with NetIQ Access Manager
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
F5 APM & Security Assertion Markup Language ‘sam-el’
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Total Enterprise Mobility Comprehensive Management and Security
Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.
CLOUDENTIFY.
Azure Active Directory - Business 2 Consumer
Introduction to Windows Azure AppFabric
Federation made simple
Data and Applications Security Developments and Directions
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
ESA Single Sign On (SSO) and Federated Identity Management
Office 365 Identity Management
Office 365 Identity Management
Device Registration and Multi-Factor Authentication
INTEGRATIONS WITH Single Sign-On
Microsoft Virtual Academy
Presentation transcript:

© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5,

2FA & SSO in a Mobile World - Agenda Challenges of Mobile Technology on the Enterprise The Reality of this Challenge Security Implications Mobile Architecture 2-Factor Authentication Mobile Fingerprinting Single Sign-on Self-Service Password Reset One touch Revocation Conclusions © 2012 SecureAuth. All rights reserved. 2

Mobile Challenges Which Mobile Device Management? How do you drive new services? How do you manage the ever growing complexity? What to do when the number of devices goes up exponentially? Are you faced with departments bulk buying devices without an IT process? How do you manage devices that suddenly appear on your network? © 2012 SecureAuth. All rights reserved. 3

The Reality The migration from desktop to mobile has already begun The migration will only gain speed as mobile devices become more capable Business units want to move quickly Creates a piece meal solution -Cloud based -Blackberry -Multiple MDMs Reactive environment managing devices suddenly appearing Speed to market is much greater Need to help employees strategically contribute to bottom line © 2012 SecureAuth. All rights reserved. 4

5 WHY DOES AN ENTERPRISE NEED TO BECOME AN IDENTITY PROVIDER? © 2013 SecureAuth. All rights reserved.

Security Implications in Mobile How do you safely allow devices not owned by corporate onto the network without adding wrappers? How do you separating personal and corporate data? Companies replacing MDM every 2-3 years Playing vanilla is reactive: Long term cost unpredictable Stuck using development tools native to MDM User satisfaction is varied © 2012 SecureAuth. All rights reserved. 6

Mobile Architecture Best Practices All mobile device should connect to and SSID off the corporate network The User/Device should be authenticated Only application level connectivity should be allowed © 2012 SecureAuth. All rights reserved. 7

8 USING IDP TO MANAGE MOBILE Definition: A system that creates, maintains, and manages identity information. Provides principal authentication to other service providers (applications) within a federation or distributed network. The IdP sends an attribute assertion containing trusted information about the user to the Service Provider (SP). Source: MIT Knowledge Base An IdP (Identity Provider) establishes a circle of trust between the User and the Service Provider i.e. applications 1.User directed to IdP 2.IdP authenticates user 3.User redirected to SP with token Scope of Trust Enterprise Identity Provider (IdP) Service Provider (SP) User

2-Factor Authentication 9 X.509 v3 Certificates SMS OTP Telephony OTP OTP Help Desk Prox Cards NFC Yubikey USB Keys CAC/PIV Cards Kerberos / IWA Static PIN Custom X.509 K

THE AUTHENTICATION FUNNEL 10 © 2013 SecureAuth. All rights reserved.

Mobile Device Fingerprinting Pulls unique device characteristics such as: Headers, Fonts, Time Zones, etc. Can set trust period of device From hours to years Can revoke with 1-touch From help desk console Select which device to revoke

IdP for Mobile 12 SecureAuth Delivers: 1.Multi-Factor Authentication 2.IdP (SSO to cloud, web, gateways, mobile) 3.IdM (Identity Management) Single SSO/2F Platform for Web, Network, Cloud and Mobile Resources IdP

© 2012 SecureAuth. All rights reserved. IdP - The (4) Resources 4 Key IdP integrations 1. Web 2. VPN/Gateways 3. SaaS/Cloud 4. Mobile (1) (2) (3) (4)

© 2012 SecureAuth. All rights reserved IdP – SSO (Web) 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps Assert identity 2F/SSO K P KBA Enterprise Web Applications 2-Factor

© 2012 SecureAuth. All rights reserved IdP – SSO (VPN/Gateway) 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps Assert identity 2F/SSO P KBA Gateway / VPNs 2-Factor

© 2012 SecureAuth. All rights reserved IdP – SSO (Cloud/SaaS) 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps Assert identity 2F/SSO P KBA SaaS Apps K 2-Factor

2F/SSO for mobile provides 2-Factor Auth Directory- based Auth SSO to other apps No thick client Assert identity 2F/SSO 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps 4. IdP – Native Mobile Apps

Configurable Authentication: 20 methods SecureAuth IdP 1. SMS OTP 2. Telephony OTP 3. TOP 4. Static PIN 5. KBA/KBQ 6. Yubikey (USB) 7. X.509 Native 8. X.509 Java 9. NFC Prox Card 10. CAC/PIV Card 11. Mobile OATH Token (TOTP) 12. Browser OATH Token 13. Windows Desktop OATH Token 14.3 rd Party OATH Tokens 15.PUSH Notification 16 Help Desk 17.Social IDs (Google, Facebook, Twitter, LinkedIN) 18.Federated IDs (SAML, WS-Fed, OpenId) 19. Device Fingerprinting 20. Password

Conclusion – Mobile Strategy 1.There are alternatives to MDM 2.MDM solutions have a 2-3 year life cycle 3.MDM may limit your ability to service users 4.Keep Mobile devices off corporate networks. WiFi SSID should be separate from Corporate WAN/LAN 5.Take an application centric approach to mobile 6.2-factor/Multifactor Authenticate the User AND the Device 7.Leverage native mobile applications and web applications 8.Allow single sign-on to native, web, and SaaS applications 9.Enable users to strategically contribute to the bottom line 10.Mobile strategies should be enabling 19

© 2012 SecureAuth. All rights reserved. Thank you! WhoTitle Phone Sales Joe Revels Sales Director, Northwest and Asia Pacific SecureAuth Contacts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.