        |
Federated Identity is "a collective term describing agreements, standards, and technologies that make identity and entitlements portable across autonomous domains", according to The Burton Group. In simple terms, that means multiple, different groups –even independent groups within the same organization- that need to have both secure and convenient access to the same data can set up a “federation”.
“If the enterprise is managing access to its internal systems by a large number of external users — and if they belong to another organization or regularly authenticate to a third party — a strong case can be made for federation”. (Gartner Group)
Yesterday’s computer security paradigm was a physical barrier. Computers from different companies could not talk to one another and everyone was fine with that. Computers across corporations could not talk to one another even if they wanted to.
Today, physical isolation is not an option. Everyone needs to be connected to everything all of the time. Suppliers need to talk to warehouses, sales people need to talk to customers, every corner of the enterprise needs to talk to every other corner – and everyone needs to have their conversations kept private.
With employees accessing up to thirty different resources over the Internet to do their daily jobs—often with thirty different usernames and passwords—organizations are struggling to maintain a secure working environment. Due to the complex and fragmented nature of employee identities, the ability to coordinate,
interact and control employee identity information has become more difficult.
For any IT department, it is imperative to understand how your organization can securely manage and control users’ identities, not just your employees but all digital identities (e.g., customers, trading partners, employees of acquisitions, affiliates, subsidiaries and joint ventures) that access corporate resources over the Internet, including software as a service (SaaS) sites, business processing outsourcing (BPO) providers, managed services and third party industry hubs. Having a clear strategy for distributed identity management is fundamental to ensuring a secure workplace. To address that security need, identity federation was created.
In computers (and often in other areas as well) security and convenience (“interoperability” in IT terms) are opposite sides of the same coin. The more secure something is (your company’s HR data, for example), the harder it is to access. And the converse is true: the easier something is to get at, often the less secure it is. You want your billboard ads to be widely viewable but not easily defaced; you want your corporate web site to be seen but not modifiable by everyone.
One approach to making your computer networks secure and convenient is to provide an identity federation. Here at Ping Identity, we have simplified, scaled and standardized the federated identity process and as a consequence we have become the federated identity market leader. We have concrete examples and hundreds of customers who successfully implemented our PingFederate product, leading us to conclude that federation is the easiest, most cost-effective and safest method of providing all of your customers, suppliers and employees access to your critical data.
Identity federation standards identify two operational roles in an Internet SSO transaction: the identity provider (IdP) and the service provider(SP). An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure Internet access to the Web-based applications or services of customers, suppliers, and business partners. An SP might be a Software-as-a-Service (SaaS) or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services. Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP.
Security Assertion Markup Language, or SAML is a XML-based industry standard for communicating identity information between organizations used for enabling the secure transmittal of authentication tokens and other user attributes across Internet domains. When implementing a federation, it is critical to use an accepted standard like SAML, otherwise you will run into compatibility issues with other Identity Management systems.
Click here for more information on SAML
There are four common methods to achieve identity federation.
1) Proprietary: Many attempt to write their own solution, only to find out there is a huge learning curve and a very high risk it is incompatible with the external applications and partners they're seeking to connect to. Proprietary solutions rarely scale to connect with multiple partners.
2) Open Source: A second common method is to use an open source library, but open source libraries are often missing key abilities, like partner enablement and integration, rarely support the communication standard, SAML 2.0, and they take a significant, continuous effort to adapt and maintain.
3) Stack Vendor: A third common approach is to contract an Identity Management Stack Vendor. In most cases, the Federation component of a Stack Vendor's suite is the newest and least mature module, and it's connection capabilities are very limited in scope. They can connect with almost nothing beyond the suite.
4) Standards-Based Federation Server: The fourth option, and the most successful way to achieve identity federation is to choose a Standalone Federation Vendor, whose sole focus is on providing secure Internet single sign-on through identity federation to numerous applications and partners. These vendors, like Ping Identity, provide best-of-breed functionality, and stand alone federation servers, like PingFederate, will work with the Identity Management system you already have in place.
Security is an imperative to protect the enterprise, its users and service providers. PingFederate helps organizations extend their security policy umbrella to incorporate inbound and outbound SSO while reducing sharing and impersonation of usernames by:
The pressure is on. CISOs do not want to be on the front page of the newspaper for another compromised password. Business owners want to provide direct access to their external applications. Users are tired of remembering (and forgetting) twenty different usernames and passwords. If the enterprise continues to do nothing about it, a single stolen password can expose an organization’s critical information.
Internet single sign-on (SSO) solves these challenges. But there are several issues with SSO:
In order to achieve rapidly deployable SSO, you need a standalone application specifically designed for secure Internet SSO, like Ping Identity’s PingFederate. PingFederate, the world’s first rapidly deployable identity federation software, enables secure Internet SSO by providing an organization’s users safe access to Internet applications without the need to re-login. Identity federation deployments that used to take six months or more now take weeks with PingFederate’s easy-to-use, comprehensive software. Through standards-based identity federation, PingFederate reduces repeated user provisioning and time-consuming proprietary SSO implementations—tasks that have burdened IT departments in supporting external applications.
PingFederate was designed from the ground up to make identity federation deployments easy. By providing a centralized system for secure Internet SSO, it eliminates custom code for each external partner connection. A single PingFederate server can support all of the organization’s partner connections and varying SSO methods including:
By implementing PingFederate with PingEnable—Ping Identity’s expert methodologies, implementation services and support for each step of the identity federation process—many enterprises often implement secure Internet SSO in thirty days or less and turn around subsequent connections in less than a week.
IT organizations that take advantage of PingFederate and PingEnable achieve a quick and visible end-user win through:
Ping Identity’s dedication to delivering secure Internet single sign-on software and services for over 200 customers worldwide has earned us recognition as the market leader in federated identity management. Read the Case Studies below to learn specifics on how other organizations are successfully using PingFederate to acheive their federated identity goals.
Allscripts Case Study
Reardon Travel Case Study
Leading Aerospace & Aircraft Manufacturer Case Study
  |
