Cloud Identity Deployed
-
Upload
pablo-valarezo -
Category
Documents
-
view
44 -
download
0
Transcript of Cloud Identity Deployed
CLOUD IDENT ITY , DEPLOYEDPA B LO VA L A R E Z O , C I S S P , C I S A , P M PAC X I O M C OR P
- A BO U T AC X I O M- C H A L L E N G E S- P L A N N I N G- R E S U LT S- Q & A- R E CO M M E N DAT I O N S
AG EN DA
ABOUT ACX IOM
- M A R KE T I N G - H Q L I TT L E R O C K- G LO B A L P R E S E N C E- F O U N D E D 1 9 6 9- ~ 4 0 0 0 E M P LOY EE S- B I G DATA G RA N DA D DY- T E C H N O LO GY WAV E S
TECH ADOPT ION
- AV E R S E T O C H A NG E- D I S C OV ER VA LU E- P H A S E D A D O P T I O N- PA RA D I G M S H I FT
GOVERN ANCE
- E VA LU AT E- I N TE G RATE- M A N AG E- S U P P O RT- D E C O M M I S S I O N
DON’T WALK , RUN !
- PA RTN E R- C O L L A BO RAT E- I N C LU D E- B R OA D C A S T
- O W NE R S- A D M I NS- A U D I E N C E- V E N D O R- S U P P O RT
IN VEN TORY
G E T R E A DY T O AC C E L E RAT E
TE ACH THE M TO F I SH
- U S E R ACC E S S- O TH E R U S E C A S E S- S E L F - S E RV E- I NT E G RAT I O N S
EM POWE R THE HELP DESK- PA RT I C I PA NT S- NE T W O R KE R S- TE AC H E R S
DEMANDMETR ICS
- E A R LY & O FT E N- E A S Y T O D O- C O M M T O O L- D I S COV ERY T O O L
140 Apps
Acxiom On-Network(on-premise or VPN)
ADEmployees
Desktop SSOAgent
AD Agent
ADContractor
Desktop SSOAgent
AD Agent
Datacenter 2
ADClients
Datacenter 1
Off-Network
Browser
Client’sAD
Client
CloudApp
On Premise Apps
App App
443
30sec
CLOUDPLEASERS
• ON THE SAMLFRONT• MIND THE GAP• KEEPING IT CLEAN• THE IT CLOUD• THE WIDGET OF UZ
RESULTS
“ I N T H E M O M E N T S A H E A D F O R I D E N T I T Y T H E R E A R E
O N LY T W O T H I N G S T H AT M AT T E R : M I T I G AT I N G R I S K A N D D E L I G H T I N G C U S T O M E R S . ”
I a n G l a z e rS e n i o r D i r e c t o r , I d e n t i t y @ S a l e s f o r c e
THANK YOU
RECOMMENDAT IONS
G E N E RA L•Deploy one global app that has a support team that knows their application very
well•Create a tech checklist to give to vendors for integrations•Use Delegated Administration at the connector level as much as possible•Leverage the vendor’s user community
M OB I LE•Encourage secure mobile usage with MFA, at least for Admin apps•Deploy ‘easy MFA’ for all - Okta’s Verify with push is great!•Deploy SAML-based reverse proxy
RECOMMENDAT IONS
T EC H N I C A L•Learn the SAML protocol and its nuances•Get SAML tracer add-on for Firefox•“Shut the front door” - Make SAML the only option
•Evaluate web traffic for other possible integrations•Enable Production to preview (sandbox) SAML•Create IdP-only accounts for (problematic) app vendors -for testing purposes only
•Empower developers with standards, strong API, and with development tools (ex. simplesaml.php)
•When possible leverage Okta or AD groups for applications
RECOMMENDAT IONS
A D OP T I ON•Capture logs and create cool graphics•Create a unique logo - Company name + SSO to train employees to differentiate
logins•Provide a FAQ page and link it to the portal
•Create other bookmark apps and make them available via Self-Serve•Create icons for existing portals (bookmark app)•Create a ‘coming soon’ for the apps most requested - avoid unnecessary
calls/tickets from anxious users
•Leverage agents Radius and LDAP when possible