Authentication Management Solutions

Authentication Management

Though end users might not notice a difference between systems and applications hosted on-site or in the cloud at their organization, administrators who manage them often have to do so quite differently. Each solution has different requirements pertaining to security, and access and authentication management. System admins want to be able to easily manage user rights, as well as authentication, but it can often be difficult with different types of applications. Because of the different requirements amongst on-premise and cloud applications, solutions that work with them often must be different.

So how are they the same, how do they differ and how can system admins easily manage on-site and cloud applications? Let’s take a look.

IGA for Account and Access Management

When it comes to access management, whether it be in the cloud or self-hosted, managing user accounts and access manually can be a burden. Think of how time consuming this task can be for an organization of a few hundred then add in the fact that large organization often hire outside temps, who need quick access put in place, as well as revoked. Additionally, it is important that access rights are correct so that each employee only has access to resources they need to perform their jobs. When it comes to cloud and in-house systems, an identity governance and administration (IGA) solution can be used to easily handle the access management task. Both types of applications can easily be managed by a single IGA solution.

How is this done? An IGA solution allows for automated user provisioning to synchronize user account information between the HR system (for example, SAP or PeopleSoft, and the network). A change in the HR system is detected by the IGA solution and is then automatically implemented in the network and any connected systems.

Authentication Management

(RBCA Matrix Image Source: itsecurityideas.blogspot.com)

Additionally, the source system can be utilized in conjunction with a role-based access control (RBAC) matrix to determine employment status along with the employee’s title, department and location. The RBAC matrix can then determines what applications and data they should be granted rights to, so that it can be ensured that employee access is correct when their account is created. In the case of a terminated status, an admin simply disables the employee in the source system and all access will be revoked. So, when an employee joins an organization it is ensured that they received the correct access from the start.

Even further, a workflow management module can be utilized to administer all requested changes to the network and cloud applications. A self-service portal is established where all users are directed to make requests for new and enhanced requests. Once the end user processes the request, it is routed to the appropriate manager and systems owner for approval. Only after the user gets correct approval will the change then be made.

Authentication Management

When it comes to authentication management, solutions such as single sign-on (SSO) have to be treated differently for on-site and cloud applications. Often, many companies use a SSO solution to allow end users to be more productive and not need to remember eight, or more, sets of credentials. While this type of solution can be beneficial, SSO for in house compared to cloud solutions is different.

sso-cloud

For cloud applications, a web SSO solution should be used. A web portal is created that contains icons or shortcuts to all of the organization’s authorized web applications. Users log into this portal with their standard network credentials and are easily and securely validated for all of these applications. Web SSO solutions provide the greatest benefit for an organization where the majority of applications are cloud based and the user’s access data from personal devices.

Downsides Of Web SSO

One of the downsides to web SSO, however, is that it is typically limited in functionality, since it only works with cloud-based applications and those that comply with one of the industry standards, such as SAML, OAuth or OpenID. Communicating with legacy apps, or those that have not adopted one of these standards, requires a more traditional or enterprise-level solution. For these situations, an enterprise SSO would generally be utilized. Enterprise SSO products typically require a plugin to authenticate back to a directory service, such as Active Directory, to capture the credentials of a user in a secure database rather than using an identity provider. These types of solutions have been available for many years and are widely implemented in locations where the vast majority of user’s access On-Premises applications from a computer attached to the company network.

Overall, both on-site and cloud applications can easily be managed with identity and access governance solutions. Though some require different methods or add-ons, access and authentication can both be automated and managed in each with simple solutions.

By Dean Wiech

Kayla Matthews

What You Need to Know – IoT and Real-Time Operating Systems

Real-Time Operating Systems A real-time operating system, or real-time OS, appears to execute tasks while using a single processing core simultaneously.  However, what's really happening is that the tasks' response time is so fast that ...
Automate Order Fallout Resolution Using Self-healing Framework

Automate Order Fallout Resolution Using Self-healing Framework

Automate Order Fallout Resolution Using Self-healing Framework to Accelerate Resolution Time by 98% Most Digital Service Providers (DSPs) face a common challenge of meeting due dates for their customer orders. The instability and delay in ...
Darach Beirne

Take Control of Telecom by Being Your Own Carrier

Being Your Own Carrier Departments and organizations of all sizes and across all industries are transitioning away from traditional hardware IT systems and embracing SaaS-based cloud offerings. The global pandemic has spurred greater cloud adoption, ...
Ronald van Loon

Operationalizing AI at Scale with ModelOps

Scaling with ModelOps Putting artificial intelligence (AI) into production can be a frustrating experience for organizations, one often destined for failure. In fact, only 53% of AI projects actually move past POC and into production ...
Juan Pablo Perez Etchegoyen

7 Security and Compliance Considerations for Cloud-Based Business Applications  

Security and Compliance Considerations There’s no doubt on-premises deployments of mission-critical business applications provide more control over data as it resides within the four walls of an organization’s network infrastructure. However, businesses can no longer ...
Martin Mendelsohn

Of Rogues, Fear and Chicanery: The Colonial Pipeline Dilemma and CISO/CSO Priorities

The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...