Cloud Identity Connectors - Presentation by Ranjan Jain @ Cisco Live 2013

Cloud Intelligent Networks– Cloud Connectors

Rony Gotesdyner, Product Line Manager Ranjan Jain, Cisco IT Architect

© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public

Identity Example – Cisco IT

3

Cisco IT Identity Architecture

Identity Challenges

Use cases & Deployment plan

ROI impact


Power of Network and Federation finally brings the synergy to solve the business critical Identity problems and provides

enhanced user experience

Why Cisco IT plans to use Cloud Identity Connector?

4


Cisco IT - Identity Services Architecture~ 5 Million (Internal+External)

~2200 Web Applications

~10 million transactions/

Day

300+ attributes per user identity

66K+ Mobile Devices

500 web services / 10 million SOAP

calls / day

5


Cisco IT ‘s External Relationships with SaaS providers

IT has 110 SaaS Integrations today

~6 weeks per SaaS Integration

Cisco is Identity Provider

Today IT Supports only

1-to-1 connection

Cisco Enterprise IT

6


Outbound Federation View of Cisco ITCisco users accessing services in the cloud

Many more…

SAML

RESTAPIs

Cisco as Identity Provider Service Providers

Travel

Cloud Identity Broker

Cisco QUAD

1-to-Many connections

1-to-1 connection

7


Single Sign On / Authentication View of Cisco IT

Engineering Finance Apps And so on..J2EE Apps Portal Apps

User

Access Platform

HTTP

Cookie

HTTP

Cookie

HTTP

Cookie

HTTP

Cookie

HTTP

Cookie

HTTP

Cookie

- Cookie based SSO solution- Time-sensitive Cookies

- Idle session timeout- Total session timeout

8


Identity Problem Statement for Cisco IT

Situation Complication Implication

• Identity Fraud / Security

• User Experience

• Changing Landscape

• Mobility• Video / Collaboration• Cloud• Threat sophistication

• Continued loss of revenue

• Fragmented user experience

• Not future-proof (Cloud capable)

Changing IT landscape, and the challenges around Identity

9


Challenges around Cisco IT Business problems

I can still access my previous company’s applications using my previous company’s credentials

Solution

Inbound Federation

10


The First Use Case for Identity Connector for Cisco IT

Inbound Federation- Incoming federated identity into the enterprise

- Reduces legal risk by trusting the federated identities owned by our channel partners/resellers/distributors instead of creating those identities internally

- Inbound federation has two parts –

• Authentication (Cloud Connector solves this)Authorization (Requires changes to Internal Provisioning)

11


Inbound Federation :: Protecting internal resources

Suppliers, Partners, Distributors (Identity Provider) Cisco asService Provider

eBusinessApps

SAML

Cloud Identity Broker(OPTIONAL)

12


Inbound Federation :: User Experience in Current State (No Inbound Federation)

1. Supplier user trying to access Cisco manufacturing

application

13



2. Supplier user needs to provide the Cisco credentials to

Login

14



3. Supplier user can now see the

manufacturing application

15


Inbound Federation :: User Experience in Target State with Identity Connector enabled

1. Supplier user tries to access the Cisco

application. The connector internally redirects the user to the Supplier Login

page

16


2. Supplier user can now see the manufacturing application using the

Supplier Identity

Inbound Federation :: User Experience in Target State with Identity Connector enabled

17


ROI Use cases for Inbound Federation

1. A supplier employee leaving the supplier but still able to access Cisco Apps

2. Creation of fake profile to match to a real company to take advantage of the company's Cisco.com access

3. Partner employee sharing the password. Unable to track a transaction to a user

18


Challenge around Cisco IT User Experience

I wish I did not have to enter the

user id and password at

all

Solution

Zero Sign On(ZSO)

Why do I have to login to

every Cisco app on my

mobile device?

19


The Second Use Case for Identity Connector for Cisco IT

Zero-Sign-On (ZSO)Provides enhanced user experience in the Intranet for :

- Any Device

- Any Browser

- ZSO enables “auto-magic” or Silent Authentication

20


Zero-Sign-On :: User Experience in Current State (No ZSO)

1. User types cisco.webex.com to host a meeting

2. User then clicks on “Host

Log In”

21



3. User enters the credentials

and login

22



4. User is now “logged-in” to

host the meeting

23


Zero-Sign-On :: User Experience with Identity Connector enabled

2. Connector logs the user using

ZSO

1. User types ciscolivedemo.webex.com

24


Zero-Sign-On ROI for Cisco IT

1. Enhanced user experience:

From multiple logins, multiple HTTP redirects and several clicks to Zero Login and One Click

2. Savings of $250K* per year:(*based on the number of users, devices, number of logins per day and other factors)

3. Increased User Productivity:

One-click experience would increase the user productivity

25


Many more…

SAML

RESTAPIs

Cisco Premise Identity / Service Providers

Travel

Cloud Identity Broker

CiscoQUAD

In / Outbound Federation -- IT Deployment with Cisco Cloud Connector (Target State)

Cloud Connector

Cloud Connector

Cloud Connector

Cloud Connector

26


Identity solution to provide – Inbound Federation capability Enhanced user experience with ZSO

Network and Federation combined together provides the synergy to solve the business critical Identity problems

and provides enhanced user experience

Recap of How Cloud Identity Connector will help Cisco IT

27


Learn more about Cisco Cloud Connectors

http://www.cisco.com/go/cloudconnector

Become Cisco Cloud Connector partner

https://developer.cisco.com/web/c3/home

Learn about Cisco UCS E-Series

http://www.cisco.com/go/ucse

Learn about Cisco onePK

http://www.cisco.com/go/one

Questions related to Cisco Cloud Connectors

Email: [email protected]

28

For More Information

28

http://www.cisco.com/go/cloudconnector

https://developer.cisco.com/web/c3/home

http://www.cisco.com/go/ucse

http://www.cisco.com/go/one

mailto:[email protected]

Cloud Identity Connectors - Presentation by Ranjan Jain @ Cisco Live 2013

Technology

Transcript of Cloud Identity Connectors - Presentation by Ranjan Jain @ Cisco Live 2013