In this third article of our four-part series on building a modern access management foundation, we'll dig into single sign-on (SSO). We're not talking about just any SSO, though. Federated SSO provides a stronger level of security and control. It's kind of like adding rebar to concrete. You could skip that step, but it's a short-term fix that probably isn't a good long-term structural choice.
Your employees, customers and partners need simple and secure access to their applications, from anywhere on any device. Many of your applications may still be on-premises, but a growing number of them are moving to the cloud--if they haven't already. As the traditional perimeter becomes obsolete, so does your outdated access management architecture.
Today's access demands call for a modern approach.
Our Federated Access Management (FAM) solution leverages identity to ensure the right people access to the right things, regardless of location or device. It extends your security beyond the firewall and provides a solid foundation to support secure, cross-domain SSO for web and mobile applications. With FAM, you can:
Manage all identities and enforce policies from any directory.
Establish secure one-click access between identity and service providers.
Avoid duplicating user directories and eliminate password sprawl.
Protect web applications and APIs with identity standards.
Why federation? Unlike most cloud-based SSO products, federated SSO is designed to address cross-domain demands. Rather than storing and forwarding usernames and passwords to your applications, federation allows your users' identities and passwords to be stored in a single place controlled by your organization.
Federated SSO creates a trust relationship between your organization and the application vendor. It uses standard encrypted tokens to share your users' authentication statuses and identity attributes to facilitate access to applications. When users access applications, their identities transparently and securely passed to the application vendors.
Federation allows a user to authenticate just once with primary corporate credentials. That single authentication serves as the proverbial "keys" to that user's castle of applications--users enter their unique "keys" just once to gain access to all of their authorized applications.
Secure one-key access is made possible by the PingFederate® server and PingOne® cloud--our identity-as-a-service (IDaaS) solution. Both allow you to provide standards-based federated access to the SaaS, legacy and custom web applications your employees, partners and customers need. You're able to:
Create secure connections with all of your partners while protecting identity information.
Deliver a great customer experience by providing simple and seamless access.
Increase employee productivity while reducing the administrative burden of app sign-ons, password resets and helpdesk calls.
Did we mention that you can accomplish all of this while actually improving security and lowering costs? Try doing that with single-domain SSO, and you'll be sorely disappointed.
Federated SSO is just one building block of your secure access foundation. When it's combined with MFA and access security--as you'll find in our FAM solution--you've built a rock-solid foundation for all of your secure access needs.
To learn more about Federated Access Management, download the white paper.
Missed the first two articles of the series? You can still catch up. The first article uncovered the brittle architecture of legacy WAM systems and built the case for FAM as a better solution for modern access security. The second dug into MFA, the cornerstone of the FAM solution. Our next and last article will address the third piece of a secure foundation: access security.