Authentication Management Solutions

Dean Weich

Authentication Management

Though end users might not notice a difference between systems and applications hosted on-site or in the cloud at their organization, administrators who manage them often have to do so quite differently. Each solution has different requirements pertaining to security, and access and authentication management. System admins want to be able to easily manage user rights, as well as authentication, but it can often be difficult with different types of applications. Because of the different requirements amongst on-premise and cloud applications, solutions that work with them often must be different.

So how are they the same, how do they differ and how can system admins easily manage on-site and cloud applications? Let’s take a look.

IGA for Account and Access Management

When it comes to access management, whether it be in the cloud or self-hosted, managing user accounts and access manually can be a burden. Think of how time consuming this task can be for an organization of a few hundred then add in the fact that large organization often hire outside temps, who need quick access put in place, as well as revoked. Additionally, it is important that access rights are correct so that each employee only has access to resources they need to perform their jobs. When it comes to cloud and in-house systems, an identity governance and administration (IGA) solution can be used to easily handle the access management task. Both types of applications can easily be managed by a single IGA solution.

How is this done? An IGA solution allows for automated user provisioning to synchronize user account information between the HR system (for example, SAP or PeopleSoft, and the network). A change in the HR system is detected by the IGA solution and is then automatically implemented in the network and any connected systems.

Authentication Management

(RBCA Matrix Image Source: itsecurityideas.blogspot.com)

Additionally, the source system can be utilized in conjunction with a role-based access control (RBAC) matrix to determine employment status along with the employee’s title, department and location. The RBAC matrix can then determines what applications and data they should be granted rights to, so that it can be ensured that employee access is correct when their account is created. In the case of a terminated status, an admin simply disables the employee in the source system and all access will be revoked. So, when an employee joins an organization it is ensured that they received the correct access from the start.

Even further, a workflow management module can be utilized to administer all requested changes to the network and cloud applications. A self-service portal is established where all users are directed to make requests for new and enhanced requests. Once the end user processes the request, it is routed to the appropriate manager and systems owner for approval. Only after the user gets correct approval will the change then be made.

Authentication Management

When it comes to authentication management, solutions such as single sign-on (SSO) have to be treated differently for on-site and cloud applications. Often, many companies use a SSO solution to allow end users to be more productive and not need to remember eight, or more, sets of credentials. While this type of solution can be beneficial, SSO for in house compared to cloud solutions is different.

sso-cloud

For cloud applications, a web SSO solution should be used. A web portal is created that contains icons or shortcuts to all of the organization’s authorized web applications. Users log into this portal with their standard network credentials and are easily and securely validated for all of these applications. Web SSO solutions provide the greatest benefit for an organization where the majority of applications are cloud based and the user’s access data from personal devices.

Downsides Of Web SSO

One of the downsides to web SSO, however, is that it is typically limited in functionality, since it only works with cloud-based applications and those that comply with one of the industry standards, such as SAML, OAuth or OpenID. Communicating with legacy apps, or those that have not adopted one of these standards, requires a more traditional or enterprise-level solution. For these situations, an enterprise SSO would generally be utilized. Enterprise SSO products typically require a plugin to authenticate back to a directory service, such as Active Directory, to capture the credentials of a user in a secure database rather than using an identity provider. These types of solutions have been available for many years and are widely implemented in locations where the vast majority of user’s access On-Premises applications from a computer attached to the company network.

Overall, both on-site and cloud applications can easily be managed with identity and access governance solutions. Though some require different methods or add-ons, access and authentication can both be automated and managed in each with simple solutions.

By Dean Wiech

Bittitan

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for many companies, but with millions of employees working from home, ...
Staeadfast

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist ...
Anita Raj

Can the cloud handle the streaming explosion caused by the pandemic?

The Streaming Digital Explosion From the time the coronavirus forced the global community to stay at home, a whopping 16 million people have newly subscribed ...
Bruce Guptill

As The Digital Workplace Strengthens, Traditional Business Thinking Must Die

The Digital Workplace The cloud-driven, digital workplace is enabling better ways of working, new ways of doing business, and entirely new business opportunities. It is ...
Kaylamatthews

What Amazon’s Kendra Means for the AI and Machine Learning Future

Amazon's Kendra Learning Future Most people feel a bit astounded when they type a query into Google and get relevant results in milliseconds. They're probably ...
Dental Teeth Iot

The Revolutionary Transformation In Digital Dentistry

Transformation In Digital Dentistry 3D printing has taken the field of Dentistry by storm. This additive manufacturing technology has gained enormous popularity due to its ...
The Sticky Note.png