Architecture walkthrough in Cloud Access Manager
Cloud Access Manager (CAM) is a web-access management solution that offers secure and unified access to all your internal and cloud-based web applications while simultaneously enhancing security and IT efficiency. CAM enables:
Move away from dedicated application-centric directories, and the administrative burden they represent, by connecting multiple user directories and applications into a centralized authentication “hub.” Now a single login event (and password) can create a session spanning multiple web applications, hosted locally or by software-as-a-service (SaaS) vendors, as well as your own custom-built mobile applications through the OpenID Connect protocol. Applications can be integrated through a variety of technologies, including credential injection, HTTP headers and Security Assertion Markup Language (SAML) security tokens, as well as OAuth-compliant social login via Google, Microsoft Live ID, Facebook and Twitter. Using a robust, rules-based engine, Cloud Access Manager can deliver additional data about users to protected applications, for personalization or fine-grained access control.
Cloud Access Manager supports multifactor authentication as both a primary source of login and for step-up authentication as dictated by risk scores generated by the Security Analytics Engine. Options for multifactor authentication include both Defender on-premises and Starling Two-factor Authentication.
Explore the “who, what, when and where” for security events in your environment. The Security Analytics Engine (SAE), included with CAM, gathers information from a number of sources to provide context upon which access decisions can be made and enforced, including
Eliminate inconsistent, ad-hoc security and ensure that users can access only the applications they are authorized to use, based on IT-defined user roles. Roles and role membership can be assigned dynamically based on policies evaluated in real time, using existing identity data. Rules-based access control can be applied down to sub-regions of a web application, for enabling more granular authorization.
Enable access scenarios that span security boundaries (cloud-based applications, multi-forest collaboration, heterogeneous platforms, partner extranets, etc.) without the need for redundant user passwords. With federation support in both Identity Provider (IdP) and Service Provider (SP) roles, Cloud Access Manager easily facilitates user access to web applications, regardless of where the users and/or the apps are located.
Provision user accounts at the cloud application for federated SSO to Salesforce®, Google® Apps™ service or Microsoft® Office 365®. Cloud Access Manger centralizes access provisioning and SSO functions into a single tool, for greater IT efficiency. Just-in-time provisioning saves money by activating licenses only when access is actually used.
Simplify how users find all the applications they need to get work done with Cloud Access Manager’s Application Portal. Users find an easy-to-read, role-based collection of links to the applications to which they are entitled. Through the Cloud Access Manager proxy, users can access any application from any location via a web browser.
Leverage Cloud Access Manager’s role as a centralized authentication and access control solution for auditing and reporting on access events for compliance, repudiation and forensics purposes.
Integration provides access to hosted Windows and Linux virtual desktops and applications through the Cloud Access Manager Application Portal.
Min. 8 multi-core processors
Min. 8 GB
Notes: Proof of Concept deployment option provides a built-in database; database server can be co-located with host machine
Microsoft SQL Server 2008 or above
Min.8 multi-core processors
200 MB + ~2K per user + ~2K per user per day (audit)
1Proxy host servers can run on a Windows Server Core configuration
2Supported for integrated Windows authentication
3Google Chrome version 34.0.1847.131m or above supported for integrated Windows authentication
Learn how to get Identity and Access Management Right in your SAP-centric organization with One Identity
The following ten universal truths of IAM provide common-sense guidance on how to evaluate your need, implement a solid IAM solution and optimize its usage.
Did you know what the GDPR is and that it: Applies to any organization that collects personal data of EU citizens? Goes into effect in May 2018? Stipulates that fines for a data breach can be up to four percent of a company’s revenue?
Get ready for May 2018 | Our eBook explains the what, why and how of the European Union’s General Data Protection Regulation (GDPR)?
This paper covers where to start (focus on your greatest need) and what three fundamental things you should do to simplify and accelerate achieving governance. Governance is a huge and often daunting undertaking. But it is – or should be – the ultimate
Digital transformation is a fast-growing reality in business. Results of a recent global survey reveal that security is often seen as a barrier to digital transformation.
This white paper describes how context-aware security empowers organizations to enforce real-time access decisions based on the SAE risk score.
Streamline user identity management, privilege access and security
Give users the power to reset forgotten passwords securely
Enhance security with two-factor authentication.
Utilize existing Active Directory identities to simplify single sign-on
Self-service tools will help you to install, configure and troubleshoot your product.
Find the right level of support to accommodate the unique needs of your organization.