Whether it be on premises, cloud-based, software as a service (SaaS), or mobile, the number and variety of apps being adopted by organisations is rapidly increasing. While IT continues to deliver new and varying apps, departments, and even individuals, are now also adopting apps independently of IT at an astonishing rate.
As a result, employees typically need to authenticate to a dizzying array of apps, from a variety of desktop, laptop and mobile devices, with each app representing another silo of identity for IT to manage.
Identity-as-a-Service (IDaaS) is an emerging solution category for managing and simplifying access to apps, but there are a number of feature, architecture and maturity considerations when selecting an IDaaS solution.
Below, Centrify outlines the top six considerations when selecting an IDaaS solution.
Single Sign-On
Single Sign-On (SSO) is the ability to log into an app using a single or federated identity. For consumers this identity can be their social media identity, such as Facebook or Google, while an enterprise identity is typically the user’s Active Directory ID.
Without SSO, users need to remember complex passwords for each app, or worse, they use common or easily remembered, weak passwords. Either way, this results in a frustratingly fragmented workflow, signing in separately to dozens of different apps during the workday.
A suitable solution should enable you to improve end-user satisfaction and streamline workflows by providing a single identity to access all business apps. It should also unify and deliver access to apps from all end-user platforms — desktops, laptops and mobile devices.
In addition, by eliminating the use of passwords and their transmission across networks, organisations can reduce the likelihood of users locking their accounts and calling the helpdesk, eliminate password risks such as non-compliant and user-managed passwords, and make it possible to instantly revoke or change a user’s access to apps without an admin having to reach out to each and every app.
Identity Where you Want it
An IDaaS solution also needs to be flexible. To enable this "identity where you want it," a well-engineered IDaaS solution should deliver robust Active Directory integration, and should support cloud-only deployments consisting of non-Active Directory based user identities, as well as a hybrid of Active Directory, cloud and perhaps other corporate directories such as LDAP.
Active Directory support should offer built-in integrated windows authentication (IWA) without separate infrastructure, and should automatically load balance and failover without any additional infrastructure or configuration. Most importantly, the IDaaS solution should not replicate Active Directory data to the cloud where it will be out of the organisation’s control.
Complete App Access Lifecycle Management
When a user is new to the organisation or takes on a different role within the company, an IDaaS solution should make it easy – and automatic – for you to provision users to SaaS apps with automated account creation, role-based license and authorisation management, single sign-on, mobile app client management and automated account deprovisioning. This automation frees up IT resources and empowers the user to be productive more quickly.
Full app access lifecycle management offers key benefits, enabling IT organisations to save time and money by automatically creating user accounts across cloud apps for new employees.
Organisations can also offboard users automatically, ensuring security and compliance by removing access immediately, removing mobile client apps and their data, instantly deactivating app accounts and freeing up app licenses.
Mobile Access Management
Mobile has become the de facto way to access SaaS apps requiring you to ensure security of user devices. This includes deploying appropriate client apps to the right device and ensuring an appropriately streamlined mobile experience. Organisations should look for an IDaaS solution that allows users to enrol their mobile devices and deliver strong authentication mechanisms (using PKI certificates). The solution should let users apply mobile device-specific group policies to ensure the underlying device is secure (e.g., ensure that a PIN is required to unlock the phone, etc.), detect jail broken or rooted devices and allow you to remotely lock, un-enrol or wipe a lost or stolen device.
The solution should also provide unified app management for both web-based and mobile client apps. This unification of mobile and app access management reduces redundant tools, processes and skillsets.
Robust Access Policies and Multi-factor Authentication (MFA)
With increased risks of users accessing services outside the corporate network perimeter, as well as users carrying many more devices to access these services, passwords alone cannot be trusted to properly and securely identify users.
Organisations need a better solution that incorporates strong authentication and one that delivers a common multi-factor experience across all apps — SaaS, cloud, mobile, and on premises. The solution also needs to have access policies that take into account the complete context of the access request and helps to overcome these security risks.
In addition, organisations need the capability to establish flexible access policies for each app giving more granular and adaptive control. Specifically, businesses need an IDaaS solution that ensures secure authentication by combining multi-factor authentication (MFA) and rich, flexible per-app authentication policies.
Built for Global Enterprises
Whether corporate identity is in the cloud, on premise or a hybrid of both, organisations need assurance that they can trust the provider as a stable, long-term partner. Businesses should look for a company that has been around for at least 10 years, has an established base of customers among major enterprises, such as the Fortune 50, and is proven to support global enterprises and major government entities. Businesses should also consider whether they have a worldwide network of redundant and secure datacentres. This is particularly important when doing business in European countries that have tough and unique privacy laws.
An IDaaS solution can save time, improve user satisfaction and IT productivity, and address many of the shortcomings associated with password sprawl. A strong solution can give valuable insight into how, when and which applications and devices are being used, provide visibility and control, and increase security.