Our Blog Library

Quick Tips

Identity Management should be a part of Business Compliance

We are living in a world where multi-tenant application providers understand the value of identity and challenges to manage it.

SAML solves it
Applications like Salesforce, SAP etc. are SAAS based applications and their focal point has always been into product advancement. Managing multiple databases of usernames and passwords of all the tenants is just not needed and it’s sad that they still manage it. we understand that they didn’t have a choice in the pre-SAML phase, however, SAML solves it now and I am glad about the fact that these multi-tenant applications are now SAML based applications

SSO and Password Management should be a part of organization compliance to my personal capacity
Imagine, your organization is using Salesforce and the user size is falling in the bracket of 150-250. we all are living with this business pain but we don’t realize it. Trust me, it should not be a part of the game. organizations should be spending more time and money on generating sales revenue and not in managing this basic hygiene.

Manual access request & approval, severe audit issue, zero governance of shared access, multiple passwords logins, passwords resets, machines getting locked, applications getting locked etc. are some for the major business areas encompassing the identity management.

Out-of-the- box support for MFA, both on a global and an application level, to secure access to critical applications. Support for both Soft-Token and SMS. Risk Elimination related to Shared IDs: SSO also eliminates all risks related to shared IDs. At the time of onboarding, the login credentials are pre- configured into the system for applications which have shared IDs. The end user has access to these applications through the SSO dashboard without the need of logging into these applications. Multiple Password Logins: Single Sign-on limits the hassle of multiple password login to zero. The user enters the password on its SSO Launchpad and unlocks all its assigned application registered on the pad and with that said, you get the following benefits: –

  • Automated user provisioning and De-provisioning of applications.
  • Increase in employee productivity as employees directly log in to end point applications.
  • Auto launch applications when users log into workstations with SSO.
  • Increased Help Desk efficiency by reducing password resets call to Zero.
  • Enhanced security to Sensitive applications via multi factor authentication along with the convenience of SSO.
  • Hide Shared ID credentials from end users and still provide access to the application via SSO.

Confused? Let me explain this to you one more time…..

Your IT department is managing the username and passwords of each Salesforce user in the database and Salesforce is mirroring the exact same process at their end. Trust me, no one should be doing all this.

SAML based applications allow its tenants to enable ISP (Identity service provider) at their end and curb these situations very easily.

  1. Integrate your organizations active directory with an IDP (Identity Service Provider – SSO and password management) application
  2. Now, access your target applications like Salesforce from the IDP application.
  3. IDP will check with the AD and initiate a soft token to the service provider (Sales force). This token contains UID, group, department, roles and permissions etc.).
  4. The login happens automatically and the users don’t really need to login to Salesforce as it MFAed.

In case, users go directly to the target application to access the application: –

  1. This is called SP initiated authentication
  2. The application sends you back to the IDP launchpad, then the IDP does a silent authentication and the same life cycle continues

It is highly possible in either ways
So, in a nutshell, with SSO enablement, you just need to login to your windows machine, go to your IDP-SSO launchpad (thick client-web based) and start opening your target applications. The applications won’t ask for the username and password

As far as the password change, sync and management are concerned, the IDP server will communicate with the AD server and ensure that the password policies of all the target applications are satisfied seamlessly.

Watch me more on identity management services, user life cycle management and access governance here

So long!!!!!


Leave a Reply

Your email address will not be published. Required fields are marked *