Centrify has long had a solution to tie UNIX, Linux and Mac environments to Active Directory to enable unified identity management. Now that more applications are in the cloud and more people are accessing their apps via mobile devices, Centrify has expanded its identity management capabilities to SaaS applications and it provides device authentication for a variety of mobile devices.
In the 2013 version of the annual Gartner Executive Program survey, more than 2,000 CIOs in 41 countries identified their top 10 technology priorities for the year. The survey showed that analytics and business intelligence ranks No.1, with mobile technologies and cloud computing (SaaS, IaaS, PaaS) coming in at Nos. 2 and 3. CIOs are looking to these digital technologies to help their companies achieve business results.
While the focus of these technologies is on how to use them to boost business, the underlying IT concerns are still there. How will we secure our data on mobile devices and in the cloud? How will we know who is using our resources? How can we manage these diverse technologies effectively and efficiently? They are the same questions companies ask themselves over and over again as they grapple with increasingly complex and disparate infrastructures and a multitude of mobile devices accessing applications on-premise and in the cloud.
Many IT professionals believe that good resource management begins with the identity of the user and the use of consistent policies to allow the appropriate access to resources. This can be a real challenge in a homogeneous environment that is growing more diverse every day. It used to be that companies had to manage identities and access privileges across Windows, UNIX, Linux and Mac environments. To that we now add iOS, Android and other mobile platforms, as well as SaaS applications that are purely in the cloud. It’s a nightmare for end users to remember all of their usernames and passwords, and it’s a nightmare for the IT department to know who is accessing what, from where.
Identity management vendor Centrify has expanded its offerings to bridge the divides across all of these environments: data center, mobile and cloud. Centrify allows an organization to use its Active Directory domain and its associated policies to manage users on heterogeneous systems through one consistent toolset.
Centrify has long offered the ability to bring on-premise UNIX, Linux and Mac users into the Active Directory domain. Now the company is offering a cloud service that acts as an identity broker or an identity gateway that allows companies to tie SaaS applications and mobile devices to their on-premise Active Directory. The solution allows devices to join the Active Directory domain, just like a Windows system can join the domain. Administrators can then provide policy management of those devices and can facilitate what Centrify calls “zero sign-on” for simple user access to applications.
First let’s look at how Centrify helps to manage SaaS applications. For applications that support a single sign-on (SSO) protocol such as SAML or OpenID, Centrify can tie them back to Active Directory. Access to those applications can be controlled through identity and policy. Centrify currently supports about a thousand business applications in this way. Applications that don’t support an SSO protocol but authenticate users via username and password can’t be tied back to Active Directory. However, access to these apps can still be simplified by allowing end users to store their usernames and passwords in the Centrify vault in the cloud in order to effectuate single sign-on. This gives users the convenience of not having to recall a username and passwords for their Web apps and frequented Websites.
End users go through a personalized portal to access their business applications, and personal apps too, if they so choose. An administrator can push business apps such as Office 365 and Box as well as other rich apps to this portal based on user roles and the Active Directory group that the user belongs to. Access to the portal is controlled through AD permissions and group memberships. In this way, the administrator can control who gets access to what.
For mobile devices Centrify believes the form factor of a smartphone isn’t conducive to typing in a username and password to access a business application. So, Centrify provides the means to authenticate the device using PKI certificates. This makes the device a “joined device” inside the domain, which gives the device owner single click access to applications in their user portal. Of course, this assumes the device has met the security and configurations standards of the organization’s mobile device management platform. The company can use a third party MDM tool from vendors like AirWatch or MobileIron or utilize the light MDM capabilities built into the Centrify solution.
Centrify’s zero sign-on experience is a component of the upcoming Samsung Knox container technology. Centrify has a mobile authentication services SDK that independent software developers will use to support this zero sign-on silent authentication to rich mobile apps via the Samsung device. It should create a simplified experience for users to securely access their business apps via their smartphone.
Linda Musthaler is a Principal Analyst with Essential Solutions Corporation. You can write to her at LMusthaler@essential-iws.com.
______________________________________________________________
About Essential Solutions Corp:
Essential Solutions (http://www.essential-iws.com) researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.