Security

Cloud Identity Management: Increases Business Agility in the Cloud

20th November 2019

In a fast-paced business world, data integration and joint management tools are the only way to stay competitive. Having an intelligent platform for this is essential, but it is not enough; sooner or later it is necessary to make the decision to have a team of professionals within the organization or to set up and manage a platform for cloud identity management.

The open source tool WSO2 Identity Server is considered a leader in this type of technology. WSO2 Identity Cloud leverages the functionality of WSO2 Identity Server, which is a complete identity and access management (IAM) solution. WSO2 Identity Cloud can meet identity and access management requirements across many platforms, including enterprise applications, services, and APIs.

 

What is Identity Cloud?

WSO2 Identity Cloud provides an enterprise-class identity management solution and works with single sign-on configuration for multiple applications. WSO2 Identity Cloud provides scalable support for easily configuring single sign-on for enterprise and commercial Software-as-a-Service (SaaS) for users in an organization’s internal user store (LDAP).

 

The organization’s local LDAP can be configured as a local user repository and access to the Identity Cloud is provided without sharing LDAP. Identity Cloud provides two separate login portals with separate URLs for each portal. These portals are used by two different types of users:

– The administrators of the organization. The administration manager allows them to configure the security application for authentication standards such as the Security Assertion Markup Language (SAML) or the OIDC authentication protocol.

– Employees of the organization or ‘normal’ users. The administration manager provides them with a central location in the organization for logging in and discovering applications, while they can also access single sign-on applications.

 

Advantages and resolution of common situations

WSO2 Identity Cloud makes it possible to resolve a series of situations that occur very commonly in organizations:

Authentication based on trust index. It allows users to authenticate at different points and in different domains based on a trust index.

– On-premises user storage. Directly connect local users to WSO2’s cloud identity management.

– Adaptive Multifactor Authentication. Provides a secure and flexible form of authentication that validates multiple factors to determine the authenticity of a login attempt before granting access to a resource.

– Single sign-on or SSO. Facilitates single sign-on to all applications in your organization so users can provide their credentials once and gain access to any of the applications they want.

 

Single sign-on (SSO) is one of the key features of the WSO2 Identity Cloud, enabling users to provide their access data only once and gain immediate access to multiple applications. Users are not asked for their credentials when they access each of the applications, but only when they end the session. Additionally, each user can access all of these applications without having to log in to each and every one individually. This means that, for example, a specific user can have access to different applications for the duration of a single session, without having to enter their credentials on a case-by-case basis.

 

The benefits of single sign-on or SSO 

As part of Cloud Identity Management, single sign-on or SSO brings undoubted operational benefits. One of the main ones is that users only need a single username/password to access multiple services. Therefore, they don’t have the problem of having to remember multiple pairs of username and password every so often.

Users are authenticated only once at the identity provider and then automatically registered at all services within that trusted domain. This process is more convenient for users as they do not have to provide their username/password to each service provider. As a result, service providers no longer suffer the overall costs of managing the user identities they have to assume, which is much more agile for them. In addition, user identities are managed from a single central point. This makes management more secure, less complex, and easier to perform.