Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013 www.secureauth.com.

Similar presentations


Presentation on theme: "© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013 www.secureauth.com."— Presentation transcript:

1 © 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013

2 2FA & SSO in a Mobile World - Agenda Challenges of Mobile Technology on the Enterprise The Reality of this Challenge Security Implications Mobile Architecture 2-Factor Authentication Mobile Fingerprinting Single Sign-on Self-Service Password Reset One touch Revocation Conclusions © 2012 SecureAuth. All rights reserved. 2

3 Mobile Challenges Which Mobile Device Management? How do you drive new services? How do you manage the ever growing complexity? What to do when the number of devices goes up exponentially? Are you faced with departments bulk buying devices without an IT process? How do you manage devices that suddenly appear on your network? © 2012 SecureAuth. All rights reserved. 3

4 The Reality The migration from desktop to mobile has already begun The migration will only gain speed as mobile devices become more capable Business units want to move quickly Creates a piece meal solution -Cloud based -Blackberry -Multiple MDMs Reactive environment managing devices suddenly appearing Speed to market is much greater Need to help employees strategically contribute to bottom line © 2012 SecureAuth. All rights reserved. 4

5 5 WHY DOES AN ENTERPRISE NEED TO BECOME AN IDENTITY PROVIDER? © 2013 SecureAuth. All rights reserved.

6 Security Implications in Mobile How do you safely allow devices not owned by corporate onto the network without adding wrappers? How do you separating personal and corporate data? Companies replacing MDM every 2-3 years Playing vanilla is reactive: Long term cost unpredictable Stuck using development tools native to MDM User satisfaction is varied © 2012 SecureAuth. All rights reserved. 6

7 Mobile Architecture Best Practices All mobile device should connect to and SSID off the corporate network The User/Device should be authenticated Only application level connectivity should be allowed © 2012 SecureAuth. All rights reserved. 7

8 8 USING IDP TO MANAGE MOBILE Definition: A system that creates, maintains, and manages identity information. Provides principal authentication to other service providers (applications) within a federation or distributed network. The IdP sends an attribute assertion containing trusted information about the user to the Service Provider (SP). Source: MIT Knowledge Base An IdP (Identity Provider) establishes a circle of trust between the User and the Service Provider i.e. applications 1.User directed to IdP 2.IdP authenticates user 3.User redirected to SP with token Scope of Trust Enterprise Identity Provider (IdP) Service Provider (SP) User

9 2-Factor Authentication 9 X.509 v3 Certificates SMS OTP Telephony OTP OTP Help Desk Prox Cards NFC Yubikey USB Keys CAC/PIV Cards Kerberos / IWA Static PIN Custom X.509 K

10 THE AUTHENTICATION FUNNEL 10 © 2013 SecureAuth. All rights reserved.

11 Mobile Device Fingerprinting Pulls unique device characteristics such as: Headers, Fonts, Time Zones, etc. Can set trust period of device From hours to years Can revoke with 1-touch From help desk console Select which device to revoke

12 IdP for Mobile 12 SecureAuth Delivers: 1.Multi-Factor Authentication 2.IdP (SSO to cloud, web, gateways, mobile) 3.IdM (Identity Management) Single SSO/2F Platform for Web, Network, Cloud and Mobile Resources IdP

13 © 2012 SecureAuth. All rights reserved. IdP - The (4) Resources 4 Key IdP integrations 1. Web 2. VPN/Gateways 3. SaaS/Cloud 4. Mobile (1) (2) (3) (4)

14 © 2012 SecureAuth. All rights reserved IdP – SSO (Web) 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps Assert identity 2F/SSO K P KBA Enterprise Web Applications 2-Factor

15 © 2012 SecureAuth. All rights reserved IdP – SSO (VPN/Gateway) 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps Assert identity 2F/SSO P KBA Gateway / VPNs 2-Factor

16 © 2012 SecureAuth. All rights reserved IdP – SSO (Cloud/SaaS) 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps Assert identity 2F/SSO P KBA SaaS Apps K 2-Factor

17 2F/SSO for mobile provides 2-Factor Auth Directory- based Auth SSO to other apps No thick client Assert identity 2F/SSO 1.Web 2.Gateway / VPN 3.SaaS / Cloud 4.Mobile Apps 4. IdP – Native Mobile Apps

18 Configurable Authentication: 20 methods SecureAuth IdP 1. SMS OTP 2. Telephony OTP 3. TOP 4. Static PIN 5. KBA/KBQ 6. Yubikey (USB) 7. X.509 Native 8. X.509 Java 9. NFC Prox Card 10. CAC/PIV Card 11. Mobile OATH Token (TOTP) 12. Browser OATH Token 13. Windows Desktop OATH Token 14.3 rd Party OATH Tokens 15.PUSH Notification 16 Help Desk 17.Social IDs (Google, Facebook, Twitter, LinkedIN) 18.Federated IDs (SAML, WS-Fed, OpenId) 19. Device Fingerprinting 20. Password

19 Conclusion – Mobile Strategy 1.There are alternatives to MDM 2.MDM solutions have a 2-3 year life cycle 3.MDM may limit your ability to service users 4.Keep Mobile devices off corporate networks. WiFi SSID should be separate from Corporate WAN/LAN 5.Take an application centric approach to mobile 6.2-factor/Multifactor Authenticate the User AND the Device 7.Leverage native mobile applications and web applications 8.Allow single sign-on to native, web, and SaaS applications 9.Enable users to strategically contribute to the bottom line 10.Mobile strategies should be enabling 19

20 © 2012 SecureAuth. All rights reserved. Thank you! WhoTitle Phone Sales Joe Revels Sales Director, Northwest and Asia Pacific SecureAuth Contacts


Download ppt "© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013 www.secureauth.com."

Similar presentations


Ads by Google