- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points -...
-
Upload
oscar-sanders -
Category
Documents
-
view
216 -
download
0
Transcript of - NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points -...
22
NCSU SSO Case Study
3
NCSU – Project Requirements and Goals
NCSU Operating Environment
Provide support for a number Apps and Programs
Different vendors have their authentication databases
End users must remember 15 different credentials of different types; e.g., user name and password multi-factor authentication PIN numbers
Number of apps in use is increasing at the rate of about 100 year
4
NCSU – Project Requirements and Goals
NCSU Goals for SSO
Requires only one login per user to access all programs and applications
Is easy enough for children as young as 6 years old to use
Integrates with on-premisis active directory and supports parents or other outside users independent of Active Directory simultaneously
Allows users to change passwords
Can interface, at a minimum, with the following programs
Can possibly interface with these other programs and applications
OPALS, Destiny and Others
Easy to implement user friendly interface for admin support
5
NCSU – Project Requirements and Goals
System will use minimal amount of Personal Identifiable Information (PII) Mandatory - End user first name and last name and email address Discretionary - alternate email address, phone number at user Ultimate control of user identity remains with our organization
Work within budget constraints
Identity Management Integrated into SSO backend
• Local control over information provided• No unrestricted access to Student Data
Avoid solutions that were too restrictive; e.g., locked into a corporate Silos
Authentication strategies Goal of no additional username or password required
• SAML• OAuth• Domain Federation
Account auto provisioning Leverage corporate SSO strategies
66
Key Challenges
1 2 3
4 5 6
SHIFT FROM ON-PREMISE TO CLOUD
DECENTRALIZE ADMINISTRATION
EXPLOSIVE GROWTH IN APPLICATIONS
DELIVER SECURE & CONVENIENT ACCESS
NEW DEVICES: ANYTIME, ANYWHERE ACCESS
SUPPORT NATIVE, BROWSER AND MOBILE
77
Pain for IT
Time consuming user Provisioning
88
Pain for End Users
Pain for End Users
99
Identacor @ NCSU
25 application integrations3025 users across 8 districts and 14 schools
10
Firewall
Active Directory
Mobile Workers Parents and Outsisde Users
Students and Faculty
+
11
SSOAny Device, Any App
Identacor - Connecting NCSUVT to Apps
Provisioning and Deprovisioning
Workflow, Audit, Self Service
Robust On Prem Integration
Directories, Identity Management, Apps
Centralized Admin & Reporting
Policy, Compliance, Analytics
12
Port 443SSL Encrypted
Internet
Active Directory
Firewall
RemoteUsers
NCSU Network
Identacor Active Directory
Agent
LocalUsers
Identacor Windows
AuthenticationAgent
4
1
1
2
3
Identacor – Connecting NCSUVT to Apps
1313
Identacor Advantage features
Audit Reporting
Single Sign On
Anytime, anywhere
Mobile Devices
Centralized Management
Active Directory
Integration – NCSU
Custom Integrations
App Integrations
One password access to all applications, eliminating the need for multiple usernames and passwords
importing users and groups from main AD domain. Support one password for all apps.
application access from any browser
Application access from desktops, laptops and all types of mobile devices and Chromebooks.
integrated with out of the box apps like Google Apps
(Provisioning & SSO) using standards based SAML
protocol.
integrated with many custom apps
including AppA, App B, App C leveraging
Identacor Secure Auto-Login
Application Access for Users
including 3025 users,
25 groups, and 41 applications
Providing management with the tools to track company
and employee access to and usage of its
cloud-based resources.
Simple Access
No Software
Install
Rapid De-ployment
Up and running within
minutes
14
Identacor Cloud SSO
Single Sign-on
Multi-factor Authen-tication
User Provisioning
Anywhere, Any Device
Unified Cloud
Directory
15
Identacor Cloud SSO
Unified Cloud
Directory
Multi-factor Authen-tication
User Provisioning
Anywhere, Any Device
Single
Sign-On
16
Identacor Cloud SSO
Unified Cloud
DIrectory
Single Sign-on
User Provisioning
Anywhere, Any Device
Multi-factorAuthentication
17
Identacor Cloud SSO
Unified Cloud
Directory
Single Sign-on
Unified Cloud
DIrectory
Anywhere, Any Device
User Provisioning
18
Identacor Cloud SSO
Unified Cloud
Directory
Single Sign-on
Unified Cloud
DIrectory
User Provisioning
Anywhere, Any Device
19
Benefits: Simple agent install, no network configuration required Automatic De-Activation of Identacor Deleted / Disabled Users Delegate Authentication for Identacor to NCSU AD domain Integration into Windows Desktop Login
Active Directory Integration - Benefits
Firewall
Remote/MobileEmployees
Agent(s)Active
Directory
Employees
GroupSales
Remote users authenticate with AD
username and password
1Local users
transparently authenticate using
Integrated Windows Authentication
2
Access policies driven by AD security groups
3
20
1000’s of Apps – All pre-integrated
21
NCSUVT – Key Benefits Realized
Application Portal Page
One Password
through AD integration
Ability to monitor
application adoption
AD integration –
integrate easily with
any web app
User de provisioning
Security
User IT Department
22
NCSUVT – Key Benefits Realized
Securely add apps at the speed of business
Increase IT team productivity
and enterprise security
Enforce security for apps and devices
Engage employees to enforce policy and work
more productively
Minimize Identity Management spend
2323
Thank You