SSO in the Age of Shadow IT

SSO in the Age of Shadow IT

February 1, 2018
Edward Killeen
Partner Marketing Manager

Single sign-on and shadow IT are inversely linked. How can you provide single sign-on if you don't know what applications your users are accessing? Every time a user or department purchases a SaaS solution on their own, they are inadvertently making their life more difficult and your organization less secure. Not only is remembering a lot of passwords annoying, most users' password management skills leave a lot to be desired.

Ping and Netskope shine a security light on shadow IT

Netskope and Ping Identity partner to solve this problem. The first and simplest use case is that Netskope's cloud security platform discovers shadow IT applications, allowing IT to grant single sign-on access through Ping Identity. This decreases the number of passwords and access points to these cloud apps, greatly reducing the attack surface for the bad guys. Users find life more convenient; IT finds life more secure.


Ping's platform is built on the concept of identity defined security--as the methods of access and the distribution of applications has grown, if you protect the identity then you are protecting your assets. Ping's array of identity solutions adds contextual authentication, multi-factor authentication (MFA) and modern web access management (WAM) to IT's security abilities. Adding in Netskope's cloud security allows you to enforce granular access rights to SaaS applications. For example, you can trigger MFA during high-value transactions or if a user downloads customer data. This integration builds a secure wall around activities to ensure that you know it's your actual user performing these sensitive transactions.


Netskope's cloud security tools track compromised credentials, providing that information to Ping during an authentication event. At that point, Ping will send an MFA request to that user's mobile phone, check to see where they are located and only let them authenticate if they verify that they are the actual user. Once they've proven their identity, Ping can also trigger an API call to the identity governance solution to force a password change.


Because uncovering shadow IT and providing secure SSO are linked so tightly, it's important that your cloud access security broker (CASB) and access management solutions are as well. Learn more about Netskope and Ping's combined solutions in our solution brief or, even better, schedule a demo to see them in action!