Come meet us at Salesforce.com's Cloudforce Tour 2011 in New York this week. You can find us in the Cloudforce Expo on Tuesday — we'd love to show you how you can leverage OneLogin for Salesforce.com to increase utilization and streamline provisioning.

OneLogin already helps hundreds of enterprises protect their sensitive data in the cloud by eliminating passwords, enforcing multi-factor authentication, integrating corporate directories and automating user provisioning and deprovisioning.

Stop by the Cloud Expo and we'll show you how this works for Salesforce.

OneLogin is a Gold Sponsor of Workday's annual user conference in Las Vegas, October 24-27. We welcome all Workday customers and prospects to stop by our booth and see how OneLogin connects Workday with Active Directory and all your other cloud applications.

As employee records are managed by the Human Resource department, Workday will have the most accurate account of who is currently employed with the company. OneLogin can use Workday as user store and receive a live feed of updates, which can be applied against Active Directory and cloud applications like Salesforce, Google Apps, WebEx and Yammer. OneLogin's real-time user provisioning and deprovisioning ensure that employees have instant access to applications when they join the organization and are disconnected immediately when they leave.

If you want to see a live demo, stop by our booth or set up an appointment at sales@onelogin.com. We look forward to seeing you at Workday Rising 2011.

Come meet us at Dreamforce in San Francisco this week. You can find us at booth #35 from Tuesday to Friday where we would love to show you some of the cool stuff we have been working on the past year.

OneLogin already helps hundreds of enterprises protect their sensitive data in the cloud by eliminating passwords, enforcing multi-factor authentication, integrating corporate directories and automating user provisioning and deprovisioning.

Stop by booth #35 and we'll show you how this works for Salesforce.

The other night I received an email from PayPal that made all my alarms go off. Everything about the email made me think it was a phishing attack. The common wisdom is that when a site you normally trust sends you an email prompting you to log in to "verify" something, you should be cautious. Can you spot anything suspicious in the email below?

Try hovering your mouse over the image and it will reveal the URL that the "View mobile" link points to paypal-communication.com. Now, this domain looks like it belongs to PayPal, but anyone can register a domain with paypal i the name and this is a common trick used by attackers to make the recipient believe the email is legitimate.

All the links in the email point to paypal.com we trust, except for the two topmost links that point to paypal-communication.com that we're in doubt about. Fortunately, both sites use SSL so let's take a look at their respective SSL certificates. Both are Class 3 certificates issued by VeriSign.

Based on the certificates, it appears we that should be able to trust paypal-communication.com, but you can't expect the average user to perform this type of investigation and draw the right conclusion. It is strange that PayPal chose to introduce a new domain in their email outreach, especially considering that they their customer base is a regular target for phishing attacks. This just shows that you have to be very aware whenever you enter your credentials online.

Enterprises should be equally worried and we have recently seen several examples of spear-phishing attacks where specific organizations or individuals are being targeted. Solutions like OneLogin can drastically reduce the number of passwords in your organization and thereby minimize the risk of being employees phished.

OneLogin has completed its SAML integration with the Big Three in Content Management Software. Earlier this year we published plugins for WordPress and Joomla, and with today's release of our SAML Module for Drupal, we're able to provide single sign-on the vast majority of CMS's in the market.

The ability to easily provide employees and contractors access to your blog or CMS can save valuable time, drive usage and also give you better control of who has access. For example, you can use OneLogin's Active Directory Connector to let users sign in with their existing network credentials and enforce strong authentication using one of several options, such as Yubico or Symantec VIP Access.

The Drupal module is compatible with Drupal 7 and can be downloaded from our support forums.

The toolkit is very straightforward to use and can be embedded in your application in matter of hours. In addition to being completely free, the toolkit approach has another significant advantage over licensing a commercial, stand-alone SAML gateway. By embedding the SAML toolkit in your code, it will automatically inherit your own application's high-availability and scalability characteristics and you don't have to worry about dealing with a separate application or server.

OneLogin's SAML toolkits are growing in popularity by the day. Some of the most recent vendors to adopt the toolkit are Blue Mango Learning Systems, ShareFile and Transverse.

SAML is a standards-based single sign-on protocol for web applications. Some of the advantages of SAML are:

• Strengthens security - SAML uses digital signatures to establish trust between application and identity provider, which is more secure than passwords.
• Prevents phishing - SAML eliminates passwords and users don't have a password for an application, they can't be tricked into entering it on a fake login page.
• Simplifies directory integration - Identity providers like OneLogin have strong directory integration capabilities, which the application vendor can leverage indirectly via SAML.
• Drives adoption - When an application is just one click away, it will ultimately drive more usage and hence further anchor the application within the customer's organization.

If you are interested in getting your application SAML-enabled, contact us a bizdev@onelogin.com or check out the SAML toolkits in our support forums. ]]> http://www.onelogin.com/saml-toolkit-for-python/feed 0 http://www.onelogin.com/radius-and-ldap-server-interfaces http://www.onelogin.com/radius-and-ldap-server-interfaces#comments Tue, 12 Jul 2011 23:45:15 +0000 Thomas Pedersen http://www.onelogin.com/?p=2253 Our new LDAP or RADIUS interfaces allow LDAP and RADIUS clients to authenticate users against OneLogin with minimal configuration.

Many applications that don't yet support SAML have to ability to delegate authentication to an LDAP server. But instead of punching multiple holes in your firewall to your internal directory – if you even have one – you can now point that interface to OneLogin instead, which allows users to sign into those applications with their OneLogin credentials.

The same goes for VPN gateways from vendors like Cisco and Juniper, which can authenticate users against a RADIUS server. Instead of deploying your own RADIUS server, you can now point the gateway to OneLogin's RADIUS server interface which you can set up in a matter of minutes. Authenticate users via password of strong authentication factor, such as Yubikey or Symantec VIP Access.

Read more about today's upgrade, which further strengthens OneLogin as the fastest path to identity management in the cloud.

Sterling Knight, a financial services company based in Singapore, is using the innovative authentication key from Yubico and OneLogin’s single sign-on and identity management service. The convenient key generates a One-Time Password (OTP) used by Sterling Knight remote workers to securely access the OneLogin Application Portal, protecting access to its Web applications without compromising ease-of-use.

“With OneLogin and YubiKey, we are able to login securely to our cloud-based applications such as Google Apps and salesforce.com with one password and the simple click of a button,” said Lawrence Adam, Chief Operating Officer of Sterling Knight. “The implementation of the OneLogin/YubiKey solution was so simple that even our least technical employees were trained to use it in about 15 minutes.”

Leading IT market research and advisory firm IDC recently reviewed the joint solution used by Sterling Knight in a Buyer Case Study and found that companies such as OneLogin and Yubico are demonstrating that cloud-based solutions are indeed viable and secure options in today's computing environment.

“For those that are looking to eliminate multiple passwords and strengthen their access controls without putting too much pressure on their budgets and staff should consider these types of solutions from Yubico and OneLogin,” said Sally Hudson, Research Director, Identity and Access Management Products and Services at IDC.

By using the OneLogin/YubiKey solution, Sterling Knight has improved security while meeting compliance requirements and offering the latest technology to protect customer privacy. The cost savings gained by having more employees work remotely has enabled Sterling Knight to expand operations.

About Sterling Knight

Sterling Knight is a licensed insurance broker in Singapore, regulated and licensed by the Monetary Authority in Singapore to transact general and life insurance. Since its inception in 1973, Sterling Knight has worked with clients to protect their businesses and employees through the provision of general insurance and employee benefits consultancy and according to the principles of trust, integrity and speed.

Sterling Knight is a member of the Worldwide Broker Network, a global network of independent insurance brokers with USD2 billion revenue.

Let’s first explore the responsibilities of senior management. A password-related security breach, seen all too often from leading organizations, generates unflattering media attention that both the CEO and CIO must respond to. Being in a position to publicly admit faulty security measures is never pleasant nor desirable for organizations that aspire to longevity.

Although upper management faces the public when a breach occurs, it’s the IT staff who must provide the answers as to why it took place and, more importantly, how to avoid being in that situation again. But with so many web applications to manage and no centralized administrative tool, cloud computing for IT means continually resetting passwords, integrating several applications with the company’s existing directory, manually giving new employees access to all their web applications, or trying – often in vain – to prevent ex-employees from accessing enterprise data hosted online.

So how can an organization – that wants to leverage all the benefit of cloud computing – avoid enterprise-wide password pain? Enter identity management in the cloud.

In a nutshell, OneLogin offers a secure gateway to an organization’s web-based applications, both in the cloud and behind the firewall. Instead of accessing and managing applications individually, OneLogin provides employees with a secure portal where all the applications are just one click away. As for IT, they gain access to a centralized administrative dashboard where security policies can be set and enforced, users can easily be denied or granted access, and where all applications can be integrated with the existing directory.

The move to the cloud doesn’t have to be problematic. By adoption OneLogin as the organization’s identity and access management solution, employees at every level can enjoy the benefits of cloud computing, pain-free.

“Google Apps is one of many cloud solutions used by our customers,” explains Julia Rivard, Sheepdoginc.ca’s CEO. “By partnering with OneLogin, we enable our customers to take their siloed cloud applications and bring them under one roof to better manage access as well as remove the security issues inherent to user-managed passwords.”

Identity management offers a number of security and productivity-enhancing benefits to Sheepdoginc.ca customers:

• Secure, one-click access to Google Apps and other web-based applications drives-up adoption.
• One directory integration point eliminates the need to integrate with every application's proprietary interface.
• Support for multi-factor authentication provides customers with the option to easily add another level of secuity.
• User provisioning for key applications such as Google Apps, Salesforce, Yammer, Box.net and Zendesk means administrators can save significant time as well as ensures that former employees are effectively prevented access.