3 building blocks for managing cloud applications webinar
DESCRIPTION
Cost savings and the promise of greater business agility are driving larger numbers of companies to consider moving their business applications to the Cloud. But getting there can be a daunting task. In this Webinar Identity and Access Management experts from CoreBlox, Ping Identity and Radiant Logic will share successful approaches streamlining user provisioning, password management and centralized administration across all of your Cloud-based applications – to help ...TRANSCRIPT
3 Building Blocks for Managing Cloud Applications
March 25th, 2010
Today’s Speakers
Todd Clayton President and CEOCoreBlox
Dieter Schuller VP Sales and Business DevelopmentRadiant Logic
Mike Donaldson VP Marketing and Product ManagementPing Identity
3
Agenda
“MyCompany” Cloud Computing Case Study Todd
Solution Walkthrough Todd
Role of Virtual Directory Dieter
Role of Internet Identity Security Platform Mike
Questions & Answers All
CoreBlox
5
• MyCompany has moved their CRM to Salesforce• Management of user provisioning/de-provisioning
time consuming and manual process• Users are not consistently de-provisioned• High number of Salesforce password management
issues• Internal sales portal needs to display both internal
and Salesforce information
MyCompany Challenges
6
• Automate Salesforce provisioning and de-provisioning based upon Enterprise Directory group membership
• Centralized portal view of user information with attributes coming from Enterprise Directory and Salesforce
• Centralized view of accounts owned by Sales Reps• Single sign-on from portal to Salesforce with no
passwords maintained on Salesforce
Desired Use Case
Infrastructure Components
SalesforceSales RegionList of Accounts
Enterprise DirectoryAuthoritative Identity Repository
RadiantOneIdentity HubCommon Data Access Point
PingFederateSingle Sign-onSaaS Provisioning
Company PortalAccess Sales Data
Salesforce Provisioning and Single Sign-on
1. User Added to Enterprise Directory2. User Granted Salesforce Access3. Virtual Directory Proxies User
4. User Provisioned into Salesforce
5. User Accesses Portal
6. User Gets SSO into Salesforce
Complete User Profile
Centralized Identity Hub
Attribute Reads and Updates
Demo Step 1: Add User to Enterprise Directory
Demo Step 2: Add User to Salesforce Group
Demo Step 3: User Provisioned Into Salesforce
Demo Step 4: User Accesses Portal
No region and account details
Demo Step 5: User Sets Details In Salesforce
Demo Step 6: Portal Shows Salesforce Info
Region and account detailspopulated
17
• Simplified identity management environment• Greater flexibility to expand into other Cloud services• Reduced trouble tickets for Salesforce password
resets• Improved internal access to information both inside
and outside the firewall• No application changes required
Results
Radiant Logic
The Out is Now In
• Borders between employees, contractors, vendors, partners, customers getting blurry
• Applications outsourced to SaaS and Cloud
• Mergers, Acquisitions, Divestitures
Linking Identity and Contexts… One Identity, Many Application Contexts
21
Identity and Context Virtualization
“Virtualization is occurring at all layers across the IT "stack" — hardware, operating systems, applications, services, processes, presentation layer — even identities. At its core, virtualization is simply a layer of abstraction between a layer of consumers and an underlying layer of providers. However, this simple notion causes powerful shifts in the way that security must be managed and will accelerate the move to externalized identity services”
– Neil MacDonald – Gartner Fellow – “Everything You Know About Identity Management Is Wrong”
Abstract Protocols and Access Methods
Example: Integrating Data Across Silos
• Build a complete, unique profile from information in all data sources
cn = Laura Callahan [email protected] phone=415.209.6800 employeeID=8
FullName = Laura Callahan Title=Account Manager Department=Sales UserID=8
First_Name = Laura Last_Name = Callahan Territory= West Account=Acme
FullName = Laura Callahan [email protected] title=Account Manager employeeID=8 Territory=West Account=Acme Department=Sales phone=415.209.6800
Example: Multi-Tenant Services
tenant1 tenant2 tenant3
CRM
Virtualized Identity Service
Virtualization layer: Model, Mapping, Transaction, Persistence, Caching
Order Entry
Directory
Managed Service Provider
The Real Cost of Integration:Customization vs. Identity & Context Virtualization
• Zero Impact on Existing Systems• Get up and running without breaking your current
infrastructure.
• Invest Once, Evolve As Needed• Build a system that grows and adapts with your business.
• Integrate As You Go• Add new sources any time, without costly custom coding.
• Centralized Accountability• Gain a central access point for an “accountability” audit.
• Ongoing ROI• Create a platform for new initiatives, add value beyond
security.
The Business Value: Identity and Context Virtualization
Ping Identity
• Reduce User/Application Friction• Users Love (and Expect) Single Sign-On• Maximize Application Usage and Adoption
• Cost Containment• User Account Management• Support / Help Desk Overhead
• Strengthen Security• Eliminate Passwords• Address Zombie Accounts
• More than SAML Required• Multiple Access Devices• Useful (but Proprietary) APIs• Traditional Enterprise IdM Products Not Designed to
Work with Salesforce
Salesforce Identity Challenges
28
Ping’s Internet Identity Security Products
29
On-Premise InternetIdentity Security Software
Platform
On-Demand SaaS Single Sign-On and User Account
Management
Salesforce Single Sign-On Anytime, Anywhere
30
• Any Device• Desktop Browsers• Mobile Devices• Outlook Plug-In• Emailed Report
URLs
• Any Location• In the Office
• On the Road
Automated SalesforceUser Account Management
31
• Close Security Loopholes
• Improve Compliance Controls
• Reduce Administrative Overhead
• Out-of-the-Box Active Directory Support
Comprehensive Salesforce Single Sign-On
32
• Salesforce CRM• Customer Portal• Partner Portal• Ideas Portal• Force.com
SSO-Enabled Customer Portal
33
Ping Identity vs. Alternate Solutions
Ping Identity IdM Suite Vendors Do-it-Yourself
Deployment Time Days Months Months
Dependencies Works with existing authentication and directory
Upgrade production IdM infrastructure to latest release
Programmers with Internet security expertise
Functionality Every module, every device, every use case
IdP-Initiated Browser SSO for employees
How much custom code to you want to write and maintain?
Form Factor Lightweight standalone on premise software or on-demand service
Extensive, complex, expensive enterprise infrastructure software
Depends on what kind of custom code you decide to write and maintain
Ping Identity Makes Your Salesforce Investment Go Farther
• Increase User Adoption • Automate User Account
Management Tasks• Strengthen Security • Save Money
35
Contact Us:
Radiant Logic CoreBloxPing Identity
415-209-6800 877-879-2569877-898-2905
[email protected] [email protected]
www.radiantlogic.com www.coreblox.com@PingNewsFlash
@coreblox or @ssohelp
Questions