Embed Size (px)
Citation preview
Webinar:Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
David MeyerVice President, Product
@meyerwork
Garrett BekkerSenior Security Analyst
@gabekker
Featured Speakers
The problem.
Your application portfolio is complex, unmanaged and exposed.
Increasing IT complexity
Thousands of employees, partners, customers, and multiple devices...
Working with many, many apps, both in the cloud and on-premise.
Slow Fast
No
Inte
gri
ty
Fu
ll In
teg
rity
Lock down
Out of business Shadow IT
New Model for Enterprise Identity Management
Speed and integrity. No compromise.
Compliance?
Access?
Scale?
How well do you know your apps portfolio?
Usage?
Security?
The need.
A new class of identity management solution that drives speed and integrity
across the entire application portfolio.
Cloud On-premise Mobile
All locationsAll devicesAll users
New class of identity management solution
Application Management
Endpoint Control
EnterpriseInfrastructure
SecurityIntegrationFramework
UserManagement
Mobile
DataCenter
CloudApps
IoT
Mobile
Desktop
MFA
SIEM
Partners
Customers
Employees
Directories
VPN
LegacyIdP
WiFi
On-premapps
CASB
Social Identity
Cloud Directory
HCM
Extend existing infrastructure
Control your endpoints
Connect your apps
Integrate yourcontrols
Embrace your users
Application Management
Endpoint Control
EnterpriseInfrastructureSecurity
IntegrationFramework
UserManagement
Mobile
Data Center
Cloud Apps
IoT
Mobile
Desktop
Partners
Customers
Employees
Directories
VPN
Wi-Fi
On-prem apps
Social Identity
Cloud Directory
HCM
Legacy IdP
SIEM
CASB
MFA
Connect Your AppsApplication Management
LDAP · SAML · RADIUS
FIREWALL
Appliance
4000+PRE-INTEGRATED
WEB APPS
Legacy
Custom
SAMLWS-*
OAuth
Custom AppsLegacy Apps
SAML
WAM
RADIUS LDAP
WAM
LDAP
SAML
PUBLIC CLOUDPRIVATE CLOUD
Secure Hybrid Enterprise
Agile application security framework
Super flexible authentication
OneLogin ready
Secure access controls
URL filtering
Role-based
Extensible rules library
Centralized policy, triggers, logging
Best-of-class ease of administration
Best-of-class web agents
Proven with strong customer base:
Web Access Management
TODAY TOMORROW
Application and HTTP header mapping
Seamless SiteMinder application integration
SAML 2.0 SP/DISCO services
NGINX web agent
IPv6 support
Longer term
Manage policy with OneLogin UI
Move policy decisions to agents
Deploy reverse proxies on prem
RESTful cloud APIs
i18n messages
Agile application security framework
Authenticate and authorize over LDAP
Bind any user w/ virtual OR existingDistinguished Names
Group membership based on OneLogin groups and roles
IP restriction support
Proven integration with third party products:
VLDAP
TODAY TOMORROW
Multi-Factor authentication support (OTP code, push)
Transparent LDAP interface for all external directories
DN mappings for virtually unifying existing directories
Connect existing infrastructure to OneLogin over secure LDAP Single source of LDAP truth in the cloud. Unplug external directories
Connect any user over LDAP to any appliance, app, device.
Control Your EndpointsDevice Management
Next, focus on Mobile Identity & Integrity
IT AdminCan finally manage the
actual risk of mobile access
Sandy, Contractor
working at a cafe
MFA Required
Rob, Sales meetings
from the field
Auto logged-in
Brent, In-person Sales
meetings at the HQ
No access to Billing
MFA Required
Elle, Designer working
at the HQ
Auto logged-in
Device
Trusted
Device
Trusted
OneLogin will protect your Macs, your PCs
+ +
OneLogin credentials unlock machine
Password is hashed locally
When disconnected, last good hash
Whenever connected to internet, policies apply
Perfect for employees not connected to an AD domain
TODAYConnect Macs to OneLogin for better machine security
Desktop
certificate authority
third-party CA
Installs certificate on deviceValidates certificate during authCertificate provides web SSOCan validate with third-party CAs
TOMORROWMac and Windows, certificate installation, identity protection, policy controls; Instant productivity; minimized risk
OneLogin will protect your phones
Activationvia QR code
With simple enrollment
TODAYOneLogin Mobile on iOS, Android, and Windows devices + NAPPS
Mobile
certificate authority
third-party CA
Installs certificate on deviceValidates certificate during authCertificate provides web SSOCertificate auto-SAML native appCan validate with third-party CAs
TOMORROWCertificate installation, identity protection, policy controlsSeamless certificate-based SAML in native apps
So you can manage your devices
Block devices that have been compromised
Understand who has which device in which state
Integrate Your ControlsSecurity Integration Framework
OneLogin DevelopersAPI docs - SAML & NAPPS toolkits - SCIM integration
API Platform
TODAYConnect any system to OneLogin through powerful APIs
username
pwd
TOMORROWIntegrate your customer management and your employee management in one control plane in the cloud
● Pull system data
● Events, users, applicationsNotification Callbacks
Login widget
Deeper administration
Application management
Role management
Make security event actionable
● Deactivate or lock user
● Step up authentication
Embed OneLogin
● Into Sharepoint or Wiki
● Into social systems
Custom app
● Authentication
● Remote Session Management
SIEM Streaming
TODAY TOMORROWPowerful events API and pre-built Splunk integration Stream all events real-time to the SIEM of your choice.
Query and filter on metadata
Cursor-based pagination
Super fast, super easy
All OneLogin events sent to SIEM system in real-time
JSON is pushed to HTTPS endpoint
API for additional events
event bus
Cloud On-premise Mobile
All locationsAll devicesAll users
New class of identity management solution
Application Management
Endpoint Control
EnterpriseInfrastructure
SecurityIntegrationFramework
UserManagement
Mobile
DataCenter
CloudApps
IoT
Mobile
Desktop
MFA
SIEM
Partners
Customers
Employees
Directories
VPN
LegacyIdP
WiFi
On-premapps
CASB
Social Identity
Cloud Directory
HCM
Thank you
