SecureAuth Blog

You are in: : SecureAuth Blog > Blog > Synchronizing is so 90′s – It’s 2010, Let’s Federate
Garret

Synchronizing is so 90′s – It’s 2010, Let’s Federate

Written on January 13, 2010 at 8:20 am, by Garret

Since the introduction of the MultiFactor’s 2-Factor SSO offering for Google Apps, I’ve been in several discussion with enterprises trying to get their minds around SaaS offerings and authentication.

The main issue, seems to be, trying to understand the integration between application hosting and user identification.

In old school application deployments, these (2) concepts are tightly couple   That is a developer, has to:

  • Writes the application
  • Deploys the service
  • Attaches it to a local datastore
  • Creates an authentication page, usually some forms-based page

Well, companies like Google  (and Salesforce.com) have greatly simplified this process, by “abstracting” the authentication.    This is done through federating the authentication.   (Here is the Google Apps model, a extremely well crafted SSO system, based on SAML.)

What Google, Salesforce and other realize is that enterprises have needs to authenticate multiple applications, and forcing a tight coupling between authentication and the application directly, is well cumbersome at best – and technically speaking:

Tying the authentication directly to the application:

  • Forces users to re-sign in to every application
  • Creates multiple points of enforcement
  • Creates multiple points of logging
  • Forces user data synchronization between applications

Remember, it’s all but impossible to synchronize passwords, especially once stored, because they are most commonly 1-way hashed.  (Even the very powerful Google Apps directory synchronization tool, can not synchronize Active Directory and Lotus Notes passwords.)

Thus, what enterprises need is a way to take advantage of these new federated models.    Most enterprises already have directory.   What is needed is:

  • A system that can authenticate from this directory
  • Have a configurable authentication that can meet relevant regulatory standards
    • PCI DSS, FFIEC, NCUA, HIPPA, etc
  • Then federate the identity to the relevant target
    • SaaS Services  (Google Apps, Salesforce CRM, Force.com, etc)
    • Hosted applications

    Image #1: SecureAuth Federates the user utilizing the native directory (AD, etc)

    Image #1: SecureAuth Federates the user utilizing the native directory (AD, etc)

Contact us at MultiFactor, and we’ll talk more.

Categories

Blog

Tags

Author

Garret

1 Comment to Synchronizing is so 90′s – It’s 2010, Let’s Federate

  1. by Aprilia Händler

    On March 2, 2011 at 1:25 am

    Thank you for your review!

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

By submitting a comment here you grant SecureAuth Blog a perpetual license to reproduce your words and name/web site in attribution. Inappropriate or irrelevant comments will be removed at an admin's discretion.

Blog Categories:

Archives:

Blogging Team:

click on an author to read their posts

Recent Posts