Multiple sets of credentials that corporate employees use to access external services not only makes it inconvenient to use the services, but also significantly increases the risk of security breaches. Additionally, it is hard to enforce the same strong corporate password and access policies to each service, often because the functionality such as mandatory password expiration and multi-factor authentication are not available. Consistently enforcing the same security policies on the external application access is becoming increasingly a compliance requirement for many organizations across a wide variety of industries.
IDM 360™ Single Sign-On service allows companies quickly and reliably connect with many externally hosted services using standard protocols such as SAML 2.0, thus easily meeting compliance requirements of using a single set of corporate credentials for the access. Using SAML-based SSO also ensures that companies will comply with strict employee termination requirements. One users are de-provisioned in the corporate directory, they will no longer be able to access externally hosted corporate services and internal applications as their login, required by the SSO transaction to complete, will fail.
IDM 360™ IDP Integration platform allows companies to enforce a number of configurable rules and policies to ensure that the employee access is secure and compliant with regulations, such as SOX, HIPPA, PCI, etc. For example, based on a number of conditions, i.e. employee accessing a service dealing with sensitive HR information from the outside of the corporate network, a second authentication factor can be applied. Other examples of security policies that can be applied include
- Maximum invalid logon attempts – the system will not allow login after a given number of invalid login attempts is attempted and may lock the account
- Forced authentication – require the users to enter their credentials regardless of previous successful logins
- Access control – even if user’s credentials are properly validate certain groups of users may still be denied access to a particular service
IDM 360™ Identity Provider Integration Nexus (IDP-x) offers a very powerful and flexible support for adding Multi-Factor Authentication to your users’ login experience. We support integration with all popular MFA/2FA solutions including Duo, Google Authenticator, SafeNet, Entrust, and others. Additionally IDM 360™ IDP-x provides support for a number of out-of-the box MFA solutions:
- One-time Tokens (OTP)
- Security Questions
- Custom pluggable MFA service
User access to external and internal systems is often a subject to audit compliance. Specifically, knowing what service, when, how, and from where an employee accessed is important to track and store for subsequent evidence proof and audit reporting. The IDM 360™ Identity Provider Integration Nexus tracks and audit logs every user interaction including detailed progressive data profile including the target service, type of device, location, number of attempts, result, and many other data points.