Identity Federation and SSO for SaaS Applications

Support Secure, Cross-company, Cross-domain Access with One Set of Credentials

Challenge

IT is pressured to provide easy access to an exploding number of cloud applications as quickly as possible to meet business needs while keeping company data secure. But rolling out app access securely, especially when having to deal with older assets such as LDAP servers or Active Directory forests behind a corporate firewall, is slow, costly, and frustrating.

Solution

Industry analyst Gartner reports that a growing number of companies are choosing to use identity and access management as a service (IDaaS) to provide federation capabilities rather than on-premises federation solutions, and the use of federation IDaaS is becoming more common especially for single sign-on (SSO) to SaaS application use cases.

Federated Identity Management

OneLogin supports a federated identity management architecture that creates an additional tier connecting between SaaS applications to existing corporate directories such as Active Directory or LDAP. This federation tier logs in users into SaaS applications by passing the application a secure token such that user credentials are never passed directly in case one gatekeeper gets compromised.

Large App Catalog

This solution works well for the vast majority of popular applications such as Salesforce and Marketo, as well as custom or third-party application that supports a standard protocol like SAML or OpenID. In addition, OneLogin offers free open source SAML extensions for applications which do not yet support identity federation.

Benefits

With OneLogin, the federation of identity seamlessly enables the portability of identity information across otherwise autonomous security domains so employees can easily get into internal or external applications, while both partners and customers can securely access company data or systems, without the need for redundant user administration.

OneLogin comes with additional benefits such as an app catalog with pre-integrated applications for faster integration, Single Sign-On with Multi-Factor Authentication, and role-based access control policies.

Key benefits of identity federation include:

  • Identity federation leverages standard, secure protocols as SAML, OpenID and OAuth, such that only active users in the corporate directory are allowed access to apps based on policy, while unnecessary per-app passwords are eliminated.
  • Requesting identity assertions from a partner domain rather than maintaining directories of the partner's employees reduces the risk of inappropriate access.
  • Single Sign-On (SSO) to authenticate the user once, and then use that identity information across multiple systems including external websites significantly reduces risk.
  • Multi-Factor Authentication (MFA) adds additional security, especially for remote application access.
  • Modern identity solutions were designed specifically for adding and removing applications - with no more than a few minutes rather than a few hours to configure an app. Access control is granted to employees automatically and instantly based on roles or other attributes.
  • Implementing real-time provisioning of user information from your corporate directory to SaaS applications as part of an identity federation solutions greatly increases business flexibility.
  • With identity federation there is no longer any need to implement costly one-off or proprietary solutions to connect internal or third party apps, achieving great cost savings
  • Keep your existing investments such Active Directory forests with a lightweight solution on top of them, and with time you will discover additional benefits of modern identity solutions, such as unified directory management.
  • Identify Federation not only supports existing investments such as external directories, but it supports federating identities from several different directories such Active Directory, OpenLDAP and Workday - all with the same solution.
  • Gaining centralized visibility across all of your identities gives you complete control over where your users reside and what they can access as well as full visibility into which applications they’re using

Secure All Your Apps, Users, and Devices

Background Information

With OneLogin, the federation of identity seamlessly enables the portability of identity information across otherwise autonomous security domains so employees can easily get into external applications, while both partners and customers can securely access company data or systems, without the need for redundant user administration.

OneLogin supports a federated identity management architecture that creates an authentication tier in the middle of multiple authorization infrastructures, where user credentials are never passed around directly in case one gatekeeper gets compromised. The federated tier lets developers write apps that communicate by using a common set of APIs rather than having to master the APIs of the services behind them, significantly streamlining authentication and authorization in a highly secure fashion.

OneLogin’s cloud-based Identity and Access Management (IAM) solution enables you to connect multiple external directories with up to hundreds of thousands of users to thousands of cloud and on-premise applications. You can set up a new account, connect multiple corporate directories and add several key applications within as little an hour.