If your organization is like most, you’ve begun to use Software-as-a-Service (SaaS) applications, such as Salesforce.com, SuccessFactors, Concur, and other externally hosted applications. The use of SaaS has clear benefits: saving time, money and overhead, while providing increased flexibility and numerous other advantages. However, as your organization’s portfolio of SaaS applications grows, the challenge of managing user access to them becomes formidable.
To address the challenge of extending Identity and Access Management (IAM) to external applications (those applications hosted by a 3rd party, such as Salesforce.com), various open-standard protocols have emerged. These protocols, which allow independent parties to securely share identity information, form the basis of what’s known as Federation.
Lighthouse Gateway’s federation services enable you to integrate with your SaaS providers in two primary ways:
Federated Single Sign-On (FSSO)
Like Single Sign-On (SSO) within your own organization, Federated Single Sign-On (FSSO) enables users to login to 3rd party applications without the use of IDs and passwords. FSSO relies on open-standard protocols, like Security Assertion Markup Language (SAML), that are platform and technology agnostic. This means that both parties need-not be concerned with the operating systems, software, or other technologies implemented on either end of a federated relationship. Federation protocols, like SAML, enable existing identity information about a user to be securely transmitted between the two parties.
Lighthouse Gateway will act as your federation broker, translating internal credentials (like an Active Directory NTLM assertion) to an open-standard federation assertion, such as SAML, that is accepted by your SaaS partners. All of the heavy-lifting is done by the Gateway. Simply place a federation link somewhere within your web environment, such as a portal, and let the Gateway do the rest.
Above: Federation with SaaS Providers Made Simple - Single Sign-On to your SaaS applications is a simple 1-2-3 process!
The end result is a very seamless SSO experience for the user. Upon clicking a federation link (a standard HTML hyperlink) that may be posted within your environment (i.e. an enterprise portal), the user is seamlessly logged-in to the SaaS application – no ID or Password required.
Federated User Provisioning
Very similar to internal user provisioning, many SaaS providers are now exposing mechanisms to enable programmatic management of identities within their environment. Where available, Lighthouse Gateway is able to provide user provisioning support to these applications, eliminating the need for manual setup and removal of accounts and associated entitlements on these SaaS applications.