Published on March 10, 2014
Technical Note Sign-On Express Security – A technical note Sign-On Express is a next generation Web Single Sign On solution that provides users with seamless and secured access to any web based onpremise or cloud application from any device, anytime and anywhere. With Sign-On Express, users have to sign-in once and they don’t have to type their userid/password again and again. Security in Sign-On Express Sign On Express beneﬁts Increase user convenience and productivity SSO to any web based on-premise or cloud application. Secured cloud applications with standard SSO protocols Reduce password related help-desk calls Achieve compliance with extensive auditing and reporting Over 1500 SSO connectors out-of-the-box and Do-It-Yourself wizards to onboard other web based applications for SSO without any technical skill-set SIMPLE With ILANTUS’s deep domain experience in IAM and security since year 2000, Sign-On Express has been architected ground up considering security best practices to meet industry standard compliance norms. Sign-On Express deals with lot of sensitive data that makes it imperative to secure data either at rest or in motion. Sign-On Express Development Right from the development of the tool, the engineering team follows strict security development lifecycle program based on AGILE SCRUM methodologies. Before any version release is done, there are dedicated SPRINTS on peer code review, vulnerability and penetration testing. Security while data is in motion Communication between all Sign-On Express components is over a secured channel as depicted in the diagram. SECURE SWIFT
The following are the interactions between various components as indicated in the diagram: 1. User’s browser to Sign-On Express Server – This communication is over secured HTTP(S) channel and is encrypted. Depending on Sign-On Express deployment architecture, firewall, intrusion detection system, proxy or reverse proxy could be some of the components that may be involved as well. 2. Sign-On Express Server to LDAP – This communication is over secured LDAP(S) channel and is encrypted. 3. Sign-On Express Server to Database – This communication is over secured channel and is encrypted. Security while data is at rest Static data resides in Database. All tables that have sensitive information are encrypted using industry standard AES 256-bit block cipher encryption with unique key per customer. Below table highlights the various additional security parameters of Sign-On Express Security Parameter Remarks Multi-Factor Authentication Password Vault Security Integrated Windows Authentication (IWA) advanced security policies In addition to regular userid/password based authentication, Sign-On Express also supports multi-factor authentication built on HMAC-SHA1 algorithm. The second level of authentication adds additional layer of security for user authentication. For SSO to non-federated web-applications, Sign-On Express replays userid/password to give users SSO experience. Sign-On Express leverages a secured Password Vault designed within the database to securely store userid/password of the user. Passwords are encrypted with industry standard AES 256-bit block cipher encryption with unique key per customer. Passwords are not cached on the users workstation or browser at any point of time. Only at run-time the userid/password is retrieved from the database and is injected to an application on the browser. Sign On Express supports IWA Authentication. With advanced security policy, IWA can be restricted to multiple IP ranges. The feature adds additional check for systems accessing the Sign On Express. Vulnerability and Penetration Testing Every Sign-On Express release undergoes thorough vulnerability and penetration testing to ensure strict security standard is followed. Extensive Auditing & Logging All events on Sign-On Express are audited and log levels can be conﬁgured. SIEM integration for co-relations and analytics SIEM solutions could be integrated with Sign-On Express audit tables for co-relations to detect anomalies at the enterprise level. ILANTUS is a pioneer in identity and access management for more than a decade in industry delivering the most comprehensive identity solution through its unique Hosting Express (HXP). The HXP is built on a unique framework that enables components from multiple vendors of your choice to be integrated into a uniﬁed solution, delivered in cloud or on-premise, and managed by you or ILANTUS. All major Identity & Access Management components - Identity & Access Governance, User Administration & Provisioning and Identity & Access intelligence are incorporated in the HXP framework. HOSTING
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
Sign On Express, from ILANTUS Technologies, delivers secure single sign on (SSO) for all enterprise, web applications--- On-Premise and cloud based
SIGN-XPRESS, Centuria. Home; Products; References; Markets; Lettering; Banners, Point of purchase(P.O.P) & Temporary
Remember my Username Powered by
Sign-On Express integrates with most enterprise directories available in the market - • Microsoft Active Directory -multi-domain is also supported
Two of our products are Password Express(PXP) and Sign On Express(SXP), ... Password Express is a self-service solution that provides an exceptional ...
Sign In; What is LinkedIn? Nadiya A profiles Name Search. First name; Last name; Cancel. 11 of 11 profiles View Full Profile; Nadiya A Title Senior Advisor ...
View Giriraj Tiwari’s professional profile on LinkedIn. LinkedIn is the world's largest business network, ... Express Sign On (SXP) Starting August 2013.
Me and my Friend on the private range having some fun with our Shotguns :) 12/89 Remington 870 Super Express Magnum 12/89 Winchester SXP Black ...