single sign on solutions Archives

Increased security often means reduced efficiency. Here are 4 ways an IAM can boost productivity while staying secure.

Identity Access Management (IAM) is a collective term that covers processes and policies to manage user identities and regulate user access within an organization. It works on the principle of zero trust.

While security is critical, adding too many security measures also hampers productivity. So, as an organization, you need to find that fine balance between security and productivity, while keeping pace with digital transformation.

How does an IAM solution help you with that balance? Here are four important ways that an IAM increases productivity.

1. IAM offers efficient and easy access

IAM eliminates tedious and repetitive tasks, including logging in to multiple applications every day. The single sign-on feature of IAM is an employee’s single-point access to several applications.

Once users create their single sign-on (SSO) credentials, they’ll no longer have to waste time logging in over and over, saving time and ensuring a seamless work experience regardless of device or domain. That means fewer times that you need to log on and off; fewer passwords to recall; most important, stronger passwords that follow company-specific password policies can easily be set.

2. IAM results in simplified admin and IT processes

Single sign-on reduces IT help desk escalations and centralizes admin tasks like password updates and resets, which means there is no longer a need to manage access and authorizations in-house, or scramble to secure new applications that enter the cloud environment.

IAM tools manage all user identities and access permissions across internal systems, employee devices, and cloud-based technologies through one easy-to-use system. This means faster, more efficient provisioning and de-provisioning with fewer errors; automation of managing user identities and related access permissions, which saves time and money otherwise required to manually manage them; and greater compliance with government regulations and prepping audit-ready reports and stats.

Akku also has two additional features which not every IAM offers, which make IT administration much easier: seamless integration with Active Directory and other applications, and easy dissemination of messages and circulars through the SSO login page.

3. IAM offers better security

IAM security features are designed to enhance productivity. The multifactor authentication (MFA) feature, for instance, provides an extra layer of security while allowing employees to seamlessly transition between approved devices.

MFA requires the user to authenticate login with two or more types of identification before gaining access, offering flexibility and secure access anywhere, any time.

The right IAM also makes it easy to blacklist or whitelist access within and outside the firewall, on company-owned devices. The user therefore does not need to worry about whether or not he or she is permitted to visit a particular website. Efficiency is thus almost a guarantee.

4. IAM results in improved focus

Using an IAM means reduced distractions for your users. Employees can leverage the Internet for learning and growth, but the right IAM automates authorizations by setting rules that define user requirements and limit access to unsanctioned applications.

Specifically with Akku, you can go a step further and whitelist appropriate channels and video categories on YouTube. This means that users can still view relevant content on YouTube, without losing focus and being distracted by irrelevant videos.

Akku also allows you to block personal email and only allow professional email, even if they are accessed by the same email client.

Akku delivers a powerful cloud Single Sign-on (SSO) solution that can be integrated easily with almost any cloud or in-house application, making user provisioning, management, access control, and de-provisioning seamless. Opt for a more productive experience with Akku today. Do reach out to us and let’s get started together.

A malicious user gaining access to your apps can be catastrophic. Here’s how a secure SSO could help.

In any enterprise, it is a given that employees will come and go, and many will switch roles within the organization as well. At the same time, the same is true for the applications that the company uses – new apps will be deployed, old ones will be retired, and changes are constant.

What this means is a continuous churn – in identity management for users, and service providers, by means of the SaaS applications in use. Ensuring data and app security across the organization depends heavily on ensuring secure communication between your identity provider and service providers.

Deploying a robust Single Sign-On (SSO) solution represents the best answer to this challenge. An SSO allows an enterprise to manage the identities of employees in one place, and delegate access and privileges from there.

Most SaaS providers support SSO integration as it is the most efficient route to centralized identity and access management. The SSO authentication method also enables users to securely access multiple apps and websites with a single set of credentials, which reduces issues like password fatigue, which boosts security, lowers IT help desk load, and increases organizational efficiency.

How SSO works

To get your SSO in place, you need to find the right identity provider. The identity provider is essentially a service that securely stores and manages digital identities. An SSO works based on a trust relationship between the app and the identity provider.

Organizations establish a trust relationship between an identity provider and their service providers to allow their employees or users to then connect with the resources they need. Such a trust relationship is established by exchanging digital certificates and metadata. The certificate carries secure tokens which contain identity information like email address and password, to authenticate that the request has come from a trusted source and to verify identity.

Although SSO can work with as many apps as the organization wants, each must be configured with a unique trust relationship.

How the Service Provider-Identity Provider relationship works

Once an identity provider is onboarded, every time a user tries to connect to a service provider, the sign-in request is sent to the central server where the identity provider is hosted. The identity provider validates the credentials and sends back a token. If their identity cannot be verified, the user will be prompted to log into the SSO or verify credentials using other methods like a TOTP. Once the identity provider validates the credentials it sends the user a token.

The token confirming the successful authentication is validated by the service provider against the certificate initially configured and shared between service provider and identity provider, after which the user can access the application.

The identity provider verifies the user credentials and sends back an ‘authentication token’ (almost like a temporary ID card) to the service provider. And, of course, all this happens in a fraction of a second.

Advantages of using SSO

Simplifies credentials management for users and admin
Improves speed of app access
Reduces time spent by IT support on recovering passwords
Offers central control of password complexity and MFA
Simplifies provisioning and de-provisioning
Secures the system as information moves encrypted across the network
Completely seamless/transparent to the user
Easy to add on new service providers

Akku is a powerful identity and access management solution that can enhance data security, efficiency, and productivity across your corporate network through its robust SSO feature. If you would like assistance on ensuring secure access for all your users to your organization’s applications, do get in touch with us.

Overcoming the Challenges of the Media Industry With Identity

When the digital revolution started, media companies were among the first ones to embrace it. Today, most media companies create content targeted exclusively at online subscribers on digital platforms, pivoting their efforts to become more user-friendly for a digital audience.

In order to convert free digital users into paid users, it is also important to effectively profile them and target the right ads to the right users. Therefore, it becomes crucial to learn more about the users logging in to view media content – whether on an online magazine or a video streaming platform. At the same time, user information that is collected online needs to be safeguarded and the methods used for data handling must adhere to strict regulations. Continue reading Overcoming the Challenges of the Media Industry With Identity

Akku Vs. Okta – Understand Before you Choose

Akku and Okta are both highly efficient cloud security solutions that strive to help companies manage and secure user authentication on applications in their network, and to transform their customer experiences. Here are a few key differences between the features of Akku and Okta.

Single Sign-on

Akku’s requires only a one-click login for universal login access for all applications. This ensures both high security and productivity.

Okta’s one-click authentication has made user login process 50 times faster. This user-friendly and customizable feature uses OTP to access to 5,500 pre-installed applications, ensuring direct navigation.

Multi-factor Authentication (MFA)

Akku’s MFA is simple, inexpensive, and easy-to-use. It provides multiple layers of security to the sign-in process using Time-based OTP (TOTP) and push notification. The former generates passwords every 30 seconds while the latter generates notifications to authorize login attempts.

Okta’s MFA is secure, simple, and intelligent. It verifies access using user’s knowledge, possession, and biometric factors instead of passwords. It also generates security questions, OTPs, and push notifications for a user’s authentication.

Content Filtering

Akku offers a customizable content filtering feature that ensures high productivity across your organization while improving network security. This functionality prevents employees from accessing and browsing irrelevant websites during office hours and prevents distractions and aids in providing secure network access.

Akku prevents your employees from accessing irrelevant YouTube videos which can affect employee productivity and blacklists their personal email id from being accessed using your network or systems.

Okta, unlike Akku, does not provide any content filtering features.

Time- and Location-based Restriction

While providing access to users anytime from anywhere is necessary, it is important to make sure that this feature does not compromise on security. With Akku’s time- and location-based restriction feature, security will always be on guard to restrict unusual user activities. It also restricts access to your network from specific geo-locations to prevent potential security breaches.

Okta does not offer standard products that provide time- and location-based restriction capabilities.

Password Policy Management

Through this feature, Akku allows you to set a minimum requirement for password standardization. This prevents anyone in your organization from possibly setting weak or easy-to-hack passwords. This also allows for password consistency across your organization.

Okta comes with a password policy standardizer which is similar to Akku’s.

Internal Communications

This feature ensures end-to-end communication between the management and the employees. This feature sends push notifications to the employees for each announcement. These notifications appear as soon as a user logs in, to ensure he does not miss any information. To ensure a response from the employee’s side, it restricts action until he has read and replied to the message. This also helps you in ensuring standards compliance across your organization without any gaps.

Okta does not have a well-structured internal communications system like that of Akku.

Akku, a product by CloudNow Technologies, is a robust identity and access management solution that helps improve data security and productivity and ensures transparency and control in tandem. For the modern organization, it is crucial to maximize security, compliance and productivity across your organization and Akku’s features are specifically built around that purpose. Contact us today to know more about how Akku can help you secure your network.

All the information presented in this article is accurate as of May 5th, 2019.

Meet GCP IAM: The Identity and Access Management Solution from Google

Google Cloud Platform (GCP) IAM comes as a free service that is available by default to all users of the Google Cloud Platform. GCP IAM is Google’s identity management console, enabling administrators of organizations to manage access and permissions provided to employees across the range of applications and resources that come as part of the Google Cloud Platform. The main function of the IAM is to grant specific users/roles with access to specific GCP resources and prevent unwanted access to other resources.

The fundamental building block of GCP IAM is an IAM Policy which answers the question of who (identity) has what access (role) to which data or applications (resource). This IAM Policy is made up of permissions, bundled into roles and matched by identities.

Let’s take a closer look at the concepts of identity, role, and resource as defined by GCP IAM, which make it a useful IAM solution.

Identity

A user’s identity can be accounted for through their Google account (assigned to an individual), Service account (assigned to a service related to the user’s role), a Google group (which can contain more than one Google/Service account), or a G Suite domain name (consisting of all G Suite accounts under a particular domain) or Cloud Identity domain (consisting of all G suite accounts under a particular organization) name.

Role

A role is a combination of permissions assigned to an identity. Traditionally, Google had what are now known as Primitive Roles – which were a standard set of 3 – namely, ‘Owner’, ‘Editor’ and or ‘Viewer’.

However, in GCP IAM, Google has gone not one but two steps further – with Predefined Roles and Custom Roles – in allowing administrators a wider range of options when it comes to assigning roles (and therefore, access to do less or more) to the organization’s resources.

With what are known as Predefined Roles, granular separation of duties, such as Instance Admin and Network Admin to name a few, is made possible. Custom Roles, as the name suggests, are roles which administrators can customize based on the organization’s needs.

Resource

As defined by Google, “resources are the fundamental components that make up all GCP services”, and include Cloud Pub/Sub topics, Compute Engine Virtual Machines, Cloud Storage Buckets, and App Engine Instances.

These resources can then be grouped into projects. Administrators can assign permissions based on different roles to identities in their organization in order to provide them with access to specific resources. On the other hand, they can also provide access to projects, which will then provide users with access to all resources under the project.

In the GCP hierarchy, a group of projects can also be placed under a team, teams can be placed under a department and departments can be placed under the organization. Administrators can decide the level of access they wish to give each user based on this hierarchy.

GCP IAM is great, but….

Despite the extensive control it provides to administrators, and the numerous possibilities in authorizing user access, GCP IAM has one downside.

Organizations today utilize a wide range of applications, not all of them being GCP resources. They may use a combination of resources from Amazon Web Services, IBM or Azure, to name a few, and GCP IAM does not support identity and access management on these resources. Its lack of capability to connect with on-prem identity providers such as Microsoft Active Directory and OpenLDAP is another major roadblock.

Looking for one IAM to manage them all? Try Akku, one of the best identity and access management solutions from CloudNow, that can help you manage identities across your on-premise and cloud-based applications seamlessly!

The What, Why and How of Two-factor Authentication (2FA): Decoded

Whether or not you know what it is called, you have likely used 2FA at least once in your life online.

Remember the time you tried logging into your email account from a new device and your email service provider sent you an SMS with a PIN (OTP), to re-validate that it was actually you attempting to login? You would have been allowed access to your inbox only after you entered the correct OTP.

Or the time you tried to transfer money to someone through internet banking. Even though you already entered your customer ID and password, your bank’s application would want to make sure that someone else hadn’t stolen your credentials. They do this by sending you an email with a PIN or a link to click on, for additional validation.

This is exactly what 2FA or two-factor authentication solution is all about.

Known by many names – two-factor authentication, two-step authentication, two-step verification or dual factor authentication, 2FA refers to a second level of authentication added on in order to enhance security inherent to a login process. This is in addition to the username and password step, which is relatively susceptible to hacking.

When two or more layers are added to the login authentication process, it’s also known as multi-factor authentication or MFA.

Types of MFA security

A two or multi-factor authentication process typically asks you for ‘something you know’ in the first step, such as your email ID/username and password.

In the second step, it may ask you to authenticate your identity with ‘something you have’ or ‘something you are’.

Something you know – the knowledge factor:

This could be your username and password, as in any ordinary login process, or it could be a PIN.

Something you have – the possession factor:

This traditionally referred to hand-held token items, such as smart cards or Yubikeys embedded with a certificate to identify the user. Nowadays, a ‘possession’ could also be your smartphone, containing an app which sends a push notification or a TOTP. This is especially beneficial since tokens like smart cards are relatively more prone to being lost, stolen or misplaced.

Something you are – the inherence factor:

Biometric authentication could involve the scanning of a biological element that is exclusively yours – such as your fingerprint, hand geometry, retina, iris and so on. Voice recognition can also be used.

Two-factor authentication for your business

If your business relies on highly sensitive data or handles personal data of clients, you need to have an information security management system in place. This is especially crucial these days as several governments are imposing stringent regulations to ensure that the privacy of their citizens is not compromised. Some business standard certifications also require security compliances to certify your business and, therefore, it is important for you to protect sensitive data with more than just single-factor authentication (SFA).

By setting up 2FA or MFA security in all your business applications, you are assured of a higher degree of protection. In this manner, even if somebody does steal, guess or hack a password or even a list of passwords, through a brute force attack, they will be stopped at the second level as they attempt to log in to a specific individual’s account.

Multi-factor authentication solutions by Akku

When your business uses multiple applications, it may be both expensive and difficult to set up and streamline multi-factor authentication in each. That is where Akku comes in, with the promise to address all these concerns once and for all.

Once you opt for Akku, it becomes a common identity provider (IdP) across all your enterprise applications and creates a single sign-on (SSO) page through which your users can access them. Having brought all of your applications to a single platform through the SSO, Akku then seamlessly implements the multi-factor authentication functionality across them all.

With Akku, users can decide to use any of the following options as their second factor for re-validating their identity, giving them the power of choice:

- A push notification delivered to their smartphone through the Akku mobile app

- A time-based OTP (TOTP) which expires in 30 seconds through an authentication app (such as Google authenticator)

A PIN sent through an SMS to their registered mobile number

Interested to know more? Visit www.akku.work or get in touch with us through sales@akku.work

Protecting Your Vault: Safeguard your Data Center with an IAM Solution

At most enterprises, data centers are a repository of information contained within a network of servers from where data is transmitted to other touch points for processing. While these data centers could be cloud-based or on-premise, the security of such business-critical data is of paramount importance.

There could be several vulnerabilities in your network in the form of entry points that seem like they can be ignored. While there are several measures you can implement to physically secure your data center, it takes a lot more to secure remote or even on-premise servers from virtual attacks. An effective data center security solution will allow you to intuitively monitor all the entry points for possible attacks and ensure that you are protected against any breach.

One major part of the solution is the implementation of an Identity and Access Management (IAM) solution as part of your security system.

Staying Protected Online using an Identity and Access Management Solution

The two biggest focus areas for any security solution are authentication and authorization. Although there are overlaps in the usage of the two terms, there are distinct in the way they allow access of data.

Authentication determines if the user trying to enter a system is in fact who he/she is claiming to be, while authorization determines whether the user has the permission to access the data or application that he/she is attempting to access.

A comprehensive IAM solution should be able to intelligently allow you to do both by acting as the Identity Provider (IdP) for your cloud, on-premise or hybrid network and interact with the servers in the data centers to check for authentication and authorization using advanced, yet easy to implement, system architectures.

The Akku Solution

CloudNow’s Akku is an enterprise-grade IAM solution that plays this role perfectly using its custom SAML to provide a robust Single Sign-on (SSO) solution, or to integrate with an SSO solution already in place for your other applications. As an IdP, Akku communicates with the server at the time of login to carry out authentication and validate authorization.

By using a high-end security solution, you can effectively control access to your network and data center and reduce the number of resources dedicated to data center security.

Akku also removes any need for any middleware which could otherwise complicate or even corrupt the security system.

The implementation of an efficient and cost-effective security solution like Akku can go a long way in allowing you to focus on improving the operational efficiency of your organization instead of being caught up with the security threats to your data.

Secure and Easy User Management: SCIM through the Fundamentals

What is SCIM?

The System for Cross-domain Identity Management (SCIM) is an open standard specification, designed to make user management easy. It essentially allows admins of cloud and on-premise networks to move users in and out of their systems quickly and easily. The system builds on inputs from existing user management schemas and allows the integration of powerful authentication models. It uses a common user schema in coordination with an extension model which allows for seamless migration of user data between different nodes of the system.

SCIM transmits user data between identity providers (like Akku by CloudNow) and service providers (SaaS applications) using a secure protocol. When this is used in conjunction with a robust authorization system, it gives rise to a powerful identity and access management solution. If not for SCIM, the IT departments of every organization would have to dedicate time and resource to managing access control, instead of simply automating the process.

How does SCIM help in Creating a Powerful Identity and Access Management Solution?

Like we mentioned earlier, SCIM enables the communication between the identity provider and an enterprise SaaS application which needs user information to process, create, modify or remove users from accessing a network. SCIM is built using REST and JSON to define and establish the roles of the client and server – in this case, the identity provider acts as the client and the SaaS application acts as the server.

Identity providers like Akku contain a directory of user identities which is normally extracted by the server. In most cases, the server can extract information from directories other than the identity providers as well. But migrating the data to an identity provider can significantly improve the security of the user management system. When the client or identity provider makes changes to any user information, it immediately reflects in the server or SaaS application by using the SCIM protocol. With SCIM, you can create, replace, delete, search and update user information.

The client or identity provider can also view the data present on the server and record any mismatches. If irregularities between the client and server are not immediately noticed and rectified, it could lead to a potential security breach.

How can Akku help you?

With organizations moving their operations to the cloud at breakneck speeds, the need to streamline and implement a Single Sign-on solution is constantly rising. Akku is one of the best Identity and Access Management Solutions available in the market, allowing you to integrate with third party applications as well as our own suite, to take your identity and user management efforts to the next level. This simplifies the work of your organization’s cloud or on-premise network administrators to grant access to several users and applications. For your users, this means remembering only one set of credentials for several applications.

Speak to us to see how Akku’s Single Sign-on can help you manage your users more efficiently.

Tag: single sign on solutions