As the enterprise migrates services towards the cloud, end users and administrators face hurdles that compete with IT security policy and requirements. For example, users may have multiple accounts in which they have to manage and maintain in order to access these cloud-based and internally hosted services. Administrators face challenges with IT helpdesk support and security threats due to outdated passwords, easily guessed passwords, attrition, and a number of services to support.
Single sign-on or SSO for short gets the enterprise back on track with minimal effort to implement and use. Single sign-on interconnects with the enterprise’s identity store such as Microsoft Active Directory. A single set of credentials allows users and administrators to access and manage internal resources such as email, wireless and or wired access, and applications just to name a few. SSO also allows that same set of credentials to gain access to cloud-hosted applications provided by services that support SSO.
Single sign-on supports multiple different configuration types, however the most common one we see, configure, and support includes SAML 2.0 or “security assertion markup language”. SAML 2.0 consists of three moving parts, the user or “principal”, the cloud application or “service provider”, and the user database or “identity provider”. SAML 2.0 is an open standard for exchanging authentication and authorization data between two autonomous groups. It consists of XML based protocol messages, bindings, and profiles. This allows a single website or portal to enable and allow “single sign-on” for users and all of their web or network-based applications and services.
Cloud-based solutions exist to integrate your identity store with your SAML 2.0 enabled applications. At first glance, it sounds like the perfect solution, however, common themes are apparent in reviews of said services. The most popular complaints found on the web include poor customer support, set up costs, and monthly and yearly reoccurring costs.
Most enterprise own and operate Microsoft Windows Server in either virtualized or bare metal implementations. If that’s the case, the enterprise may easily extend Microsoft Windows Server to support a service called Microsoft Active Directory Federation Servers or ADFS for short. Chances are, by using the software and hardware you already own, you can easily deploy ADFS and implement single-sign yourself eliminating poor technical support experiences and reducing total operational costs.
HarborTech Mobility provides access to senior systems engineers to architect, configure, implement, troubleshoot, and support your Microsoft ADFS solution as a turnkey professional service or a menu of la carte options to meet your business needs. Skip the hassle of those 6-12 month SSO implementations and team up with HarborTech Mobility to get your SSO service online and operational in as little as a week.