22

NCSU SSO Case Study

3

NCSU – Project Requirements and Goals

NCSU Operating Environment

Provide support for a number Apps and Programs

Different vendors have their authentication databases

End users must remember 15 different credentials of different types; e.g., user name and password multi-factor authentication PIN numbers

Number of apps in use is increasing at the rate of about 100 year

4

NCSU – Project Requirements and Goals

NCSU Goals for SSO

Requires only one login per user to access all programs and applications

Is easy enough for children as young as 6 years old to use

Integrates with on-premisis active directory and supports parents or other outside users independent of Active Directory simultaneously

Allows users to change passwords

Can interface, at a minimum, with the following programs

Can possibly interface with these other programs and applications

OPALS, Destiny and Others

Easy to implement user friendly interface for admin support

5

NCSU – Project Requirements and Goals

System will use minimal amount of Personal Identifiable Information (PII) Mandatory - End user first name and last name and email address Discretionary - alternate email address, phone number at user Ultimate control of user identity remains with our organization

Work within budget constraints

Identity Management Integrated into SSO backend

• Local control over information provided• No unrestricted access to Student Data

Avoid solutions that were too restrictive; e.g., locked into a corporate Silos

Authentication strategies Goal of no additional username or password required

• SAML• OAuth• Domain Federation

Account auto provisioning Leverage corporate SSO strategies

66

Key Challenges

1 2 3

4 5 6

SHIFT FROM ON-PREMISE TO CLOUD

DECENTRALIZE ADMINISTRATION

EXPLOSIVE GROWTH IN APPLICATIONS

DELIVER SECURE & CONVENIENT ACCESS

NEW DEVICES: ANYTIME, ANYWHERE ACCESS

SUPPORT NATIVE, BROWSER AND MOBILE

77

Pain for IT

Time consuming user Provisioning

88

Pain for End Users

Pain for End Users

99

Identacor @ NCSU

25 application integrations3025 users across 8 districts and 14 schools

10

Firewall

Active Directory

Mobile Workers Parents and Outsisde Users

Students and Faculty

+

11

SSOAny Device, Any App

Identacor - Connecting NCSUVT to Apps

Provisioning and Deprovisioning

Workflow, Audit, Self Service

Robust On Prem Integration

Directories, Identity Management, Apps

Centralized Admin & Reporting

Policy, Compliance, Analytics

12

Port 443SSL Encrypted

Internet

Active Directory

Firewall

RemoteUsers

NCSU Network

Identacor Active Directory

Agent

LocalUsers

Identacor Windows

AuthenticationAgent

4

1

1

2

3

Identacor – Connecting NCSUVT to Apps

1313

Identacor Advantage features

Audit Reporting

Single Sign On

Anytime, anywhere

Mobile Devices

Centralized Management

Active Directory

Integration – NCSU

Custom Integrations

App Integrations

One password access to all applications, eliminating the need for multiple usernames and passwords

importing users and groups from main AD domain. Support one password for all apps.

application access from any browser

Application access from desktops, laptops and all types of mobile devices and Chromebooks.

integrated with out of the box apps like Google Apps

(Provisioning & SSO) using standards based SAML

protocol.

integrated with many custom apps

including AppA, App B, App C leveraging

Identacor Secure Auto-Login

Application Access for Users

including 3025 users,

25 groups, and 41 applications

Providing management with the tools to track company

and employee access to and usage of its

cloud-based resources.

Simple Access

No Software

Install

Rapid De-ployment

Up and running within

minutes

14

Identacor Cloud SSO

Single Sign-on

Multi-factor Authen-tication

User Provisioning

Anywhere, Any Device

Unified Cloud

Directory

15

Identacor Cloud SSO

Unified Cloud

Directory

Multi-factor Authen-tication

User Provisioning

Anywhere, Any Device

Single

Sign-On

16

Identacor Cloud SSO

Unified Cloud

DIrectory

Single Sign-on

User Provisioning

Anywhere, Any Device

Multi-factorAuthentication

17

Identacor Cloud SSO

Unified Cloud

Directory

Single Sign-on

Unified Cloud

DIrectory

Anywhere, Any Device

User Provisioning

18

Identacor Cloud SSO

Unified Cloud

Directory

Single Sign-on

Unified Cloud

DIrectory

User Provisioning

Anywhere, Any Device

19

Benefits: Simple agent install, no network configuration required Automatic De-Activation of Identacor Deleted / Disabled Users Delegate Authentication for Identacor to NCSU AD domain Integration into Windows Desktop Login

Active Directory Integration - Benefits

Firewall

Remote/MobileEmployees

Agent(s)Active

Directory

Employees

GroupSales

Remote users authenticate with AD

username and password

1Local users

transparently authenticate using

Integrated Windows Authentication

2

Access policies driven by AD security groups

3

20

1000’s of Apps – All pre-integrated

21

NCSUVT – Key Benefits Realized

Application Portal Page

One Password

through AD integration

Ability to monitor

application adoption

AD integration –

integrate easily with

any web app

User de provisioning

Security

User IT Department

22

NCSUVT – Key Benefits Realized

Securely add apps at the speed of business

Increase IT team productivity

and enterprise security

Enforce security for apps and devices

Engage employees to enforce policy and work

more productively

Minimize Identity Management spend

2323

Thank You