AWS & Azure the new access management silos, says Patrick Parker @ EIC 2015

Posted by Chris Hayes on Wed, May 06, 2015

20150505 171359

“Organizations need to have the tools to manage these new access silos,” he told the opening session of the 2015 European Identity & Cloud (EIC) conference taking place in Munich.

During his Keynote discussion on day 1 Patrick identified the many limitations when managing new access silos in AWS and Azure.  

During day 2 Patrick discussed the role of IAM in hack prevention highlighting the recent Sony Pictures hack.

DSC 0016 resized 600

If you're around on the 7th you can catch his IAM best practices discussion from 12:00-13:00 PM or stop by for a discussion or deep dive demo to see what makes empowerID the best IAM Suite in the market today.  For those unable to attend in person empowerID will be sharing the presentations in the near future.

 

Request a Demo
0 Comments Click here to read/write comments

Tags: Active Directory, IAM, Attestation, Identity and Access Management (IAM), Access Governance

Adaptive 2-Factor Authentication for Citrix Netscaler

Posted by Chris Hayes on Thu, Apr 30, 2015

2-Factor for Citrix via empowerID

What is Adaptive authentication? By definition something adaptive should have a capacity or tendency toward adaptation when faced with different scenarios. empowerID has taken this concept and applied it to our class leading Radius service for Citrix and other "edge devices" like Cisco, Juniper, Palo Alto, F5 and more.

Having managed many Citrix NetScaler strong authentication projects myself I understand the challenges faced when enabling 2-factor authentication with NetScaler products.

Common questions that you should ask yourself when undertaking a project like this are.
  • What methods does the authentication support?
  • Can I migrate users by groups in the back end rather than cut everyone over at the same time?
  • What kind of logging and reporting is available?
  • How scalable is the solution?
  • How are the configurations stored?
So we know some of the questions you need to be aware of, let's walk through an empowerID workflow for Citrix NetScaler below.

 

Adaptive Auth for Citrix

  1. Multiple users go to login to the NetScaler
  2. The NetScaler takes in a username and password
  3. This information is passed to empowerID's Radius endpoint
  4. empowerID looks at the group membership of the user
  5. One user will go through 2-factor authentication
  6. One user will go through Single Factor authentication
  7. Both users will be presented with the same information after authentication
This truly adaptive model means you can migrate some your users to 2-factor authentication while keeping some at single factor authentication.

So let's get back to a few key points:
  1. What methods does the authentication support?
  • Can I migrate users by groups in the back end rather than cut everyone over at the same time?
    • Fully supported, keep everyone going to the SAML login page and empowerID will determine if the user needs 2-factor or single factor authentication.
  • What kind of logging and reporting is available?
    • empowerID's audit and reporting engine leads the pack when it comes to real time reporting and auditing.  While other products can't push reports up to a central audit point empowerID doesn't have the same limitations.  Built from the ground up to scale you can log into one place and review all audit reports.
  • How scalable is the solution?
  • How are the configurations stored?
    • empowerID configurations are stored in a database, the way it should be done.  Not in flat web.config or .conf files, these aren't methods that scale.

    Ready to learn more?

     Request a Demo

    1 Comment Click here to read/write comments

    Tags: Active Directory, IAM, Identity Management, SAML, Citrix, Palo Alto, Identity and Access Management (IAM), Radius, 2-Factor, Cisco

    EmpowerID Named Overall Leader in IAM / IAG Suites

    Posted by Patrick Parker on Thu, Feb 05, 2015

    Rating graph

    EmpowerID has been recognized as a three time leader in a recent KuppingerCole report evaluating Identity and Access Management (IAM) / Identity Access Governance (IAG) Product Suites.

    The IAM/IAG Leadership Compass “focuses on complete IAM/IAG (Identity Access Management/Governance) suites that ideally cover all major areas of IAM/IAG as a fully integrated offering,” Martin Kuppinger wrote in the report.

    KuppingerCole, a respected global analyst focused on Information Security, examined Identity and Access Management / Governance Suites for this report. They specifically evaluated products that are integrated solutions with a broader scope than single-purpose products. Martin Kuppinger concluded in the report, “With their Windows-based product they [EmpowerID] offer one of the best integrated IAM Suites. All components have been built by EmpowerID, allowing for tight integration into a well thought-out architecture. This integrated approach is a clear strength of EmpowerID."

    To request an unabridged copy of the the KuppingerCole report on IAM/IAG Suites, please visit http://info.empowerid.com/download-the-free-kuppingercole-iam-suites-leadership-compass.

    3 Comments Click here to read/write comments

    Tags: Role Based Access Control (RBAC), GRC, authentication, IAG, IAM, Group Management, Governance and Regulatory Compliance, Identity Management, Federation, User provisioning, Attestation, Separation of Duties, Identity and Access Management (IAM), Access Governance

    Worlds First Virtual Directory Built on Node.js®

    Posted by Chris Hayes on Thu, Feb 05, 2015
    nodejs logo
    EmpowerID has cleaned the dust off of the Virtual Directory market with the world's first Virtual Directory Service written in Node.js and integrated it with our world class IAM Suite.

    Virtual Directory Services (VDS) are supposed to aggregate identity and user information stored across data stores into a single point of access.  The dirty little secret of the market is latency when the VDS is returning indentity information.  This compounds itself again and again when making LDAP calls.  Some have tried to move from a "Proxy" view and use a Cached view, but I/O is still slow.

    EmpowerID looked at the current VDS landscape, identified issues and built our VDS from the ground up on Node.js.  Compared to legacy VDS technology that spawns a new thread for each connection or request and takes up RAM, Node.js operates on a single-thread using a different type of I/O call.  This allows it to support tens of thousands of concurrent connections.
    toptal blog 1 BPicture from toptal.com Why use Node.js
    So, why use EmpowerID's VDS?
    • Highly Scalable, a VDS should be able to handle incoming LDAP connection requests and we do it better than anyone in the industry.
    • Data Transformation allows you to easily support legacy apps that require a fixed schema
    • Persistent Metadirectory Cache that automatically refreshes the source data
    • Ties in with full IAM Suite from EmpowerID.
    • Group-based authorization and provisioning for all of your authentication endpoints
    • Application authorization provides a virtual view of all existing groups
    • Easily onboard new organizations' directory stores into a unified view
    • Create a single unified user profile from your disparate user stores

    Ready to learn more?

    Request a Demo
    3 Comments Click here to read/write comments

    Tags: IAM, Federation, Virtual Directory, VDS

    All Posts