Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution – Conclusion

Centrify LogoAn IDaaS solution can prove to be a tremendous time saver,  improve user satisfaction and IT productivity and addresses many of the shortcomings associated with password sprawl. When considering an IDaaS solution, partner with a vendor that can deliver on all of the top IDaaS considerations discussed in this paper and select an IDaaS solution that can centrally authenticate users with their Active Directory identity without replicating to the cloud, that unifies mobile and app access management, is ready for your enterprise globally and one which gives IT valuable insight into which applications and how devices are used and when — restoring lost visibility and control. In doing so you will reap many important benefits including:

Centrify uniquely unifies cloud app and mobile engagement.

  • Improved user productivity and satisfaction:  Make users productive day one without extensive manual checklists and time consuming helpdesk calls. Reduce the number of times a user has to remember and self-manage passwords, and make it easier to self-service access to all of their apps, devices and identity.
  • Reduced helpdesk costs:  Return value in improved productivity and as much as a 95% reduction in app account and password reset calls.
  • Lower app lifecycle costs:  Through turnkey provisioning for apps and by tightly integrating with Active Directory the delivery of app single sign-on and mobile security is more cost efficient because IT uses existing technology, skillsets and processes that are already in place.
  • Improved security:  IT can remove users’ access to all business-owned cloud and on-premises applications by simply disabling their Active Directory account, which is already a common practice at the time an employee leaves the company. And unlike other solutions, it does not duplicate your existing identity data into the cloud and out of your control — it remains secure inside your corporation.
  • Reduced compliance costs:  IT can remove users’ access to all  business-owned cloud and on-premises applications by simply disabling their Active Directory account, which is already a common practice at the time an employee leaves the company. And unlike other solutions, it does not duplicate your existing identity data into the cloud and out of your control — it remains secure inside your corporation.

 

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution – Blog 6 of 6

6. Built for Global Enterprises

When it comes to Identity and Access Management as a Service (IDaaS), enterprises and government organizations should look at young start-ups with a healthy dose of skepticism. Whether your corporate identity is in the cloud, on-premises, or a hybrid of both, you want assurance that you can trust the provider as a stable, long-term partner. As key metrics, you should look for a company that has been around for at least 10 years, has an established base of customers among major enterprises, such as the Fortune 50 and is proven to support global
enterprises and major government entities.

You should also look for other signs of an enterprise-class provider, such as a worldwide network of redundant and secure datacenters. This is particularly important when doing business in places such as some European countries that have tough and unique privacy laws. Also look for global capabilities, such as localization into major languages and 24×7 global support. Finally, an enterprise-class partner should provide only solutions that comply with SSAE 16 SOC 2, TRUSTe, and EU Safe Harbor.

Centrify’s zero-downtime architecture delivers
regional datacenter preference and automatic
support for 15+ local languages.

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution – Blog 5 of 6

5. Robust Access Policies and Multi-factor Authentication (MFA)

 

Centrify LogoToday you live with the risks of users accessing many more services outside the corporate network perimeter as well as users carrying many more devices to access these services. Users have too many passwords and the passwords are inherently weak. In fact passwords have become more of an impediment to users than they are protection from hackers and other malevolent individuals and organizations. In short, in many cases, passwords alone cannot be trusted to properly and securely identify users.

Consequently, you need a better solution that incorporates strong authentication and one that delivers a common multi-factor experience across all your apps — SaaS, cloud, mobile, and onpremises. The solution also needs to have access policies that take into account the complete context of the access request and helps to overcome these new security risks. In addition, you need the capability to establish flexible access policies for each app for more granular and adaptive control. For example, if a user is accessing a common app from a trusted device on the corporate network from his home country during business hours ,then simply allow him silent SSO access to the apps. But if that same user is accessing an app outside the corporate network from a device that is not trusted, outside of business hours, and from a foreign country then deny them access — or at least require additional factors of authentication.

Specifically, you need an IDaaS solution that ensures security authentication by combining multi-factor authentication (MFA) and rich, flexible per-app authentication policies.

Multifactor authentication methods should include at least:

• Soft token with one-button authentication to simplify the experience
• One Time Passcode (OTP) over SMS text or email
• Interactive Phone Call to the user’s mobile device and requirement for a confirmation before authentication can proceed
• User configurable security question to act as a second password

Per-app authentication policies should allow, deny or step up authentication based on a rich understanding of the context of the request based on any combination of:

• Time of day, work hours
• Inside/Outside corporate network
• User role or attributes
• Device attributes (type, management status)
• Location of request or location of user’s other devices
• App client attributes
• Custom logic based on specific organizational needs