Graphic Airlock Secure Acces Hub

Single sign-On (SSO) and identity federation

A gift for your users

Single Sign-On (SSO) means that the user gets access to all desired services with a single login. While SSO may look simple from the outside, it is often based on multifaceted processes. This may result from different applications with many internally or externally managed user bases or from a high heterogeneity of the supported technologies. The great advantage of the Secure Access Hub is that Airlock always has these requirements under control and leaves the user unaware of the internal complexity.

Decoupling authentication from identity propagation

Airlock ’s flexible SSO solution consistently decouples user authentication from identity propagation (see figure). The authentication technology is therefore independent of the standards with which users are represented to applications (identity propagation). It makes no difference whether a service understands OpenID Connect 1.0 or SAML 2.0, requires a Kerberos ticket or can only handle a BasicAuth header.

This consistent decoupling allows for many possible access scenarios. An authenticated user can be represented to each application in a compatible way without the need of a new login for the technology of the target application – a genuine ‘single sign-on’. Since Airlock adapts to the application, and not the other way around, rolling out a new authentication medium for legacy applications is like child's play.

Cross-domain SSO and identity federation

SSO is not limited to the internal IT infrastructure. Airlock supports cross-domain SSO with the common federation standards SAML 2.0, OAuth 2.0 and OpenID Connect 1.0. Thanks to these standards, popular cloud applications, such as Salesforce, Office 365 or Google Docs, can be seamlessly integrated into a company’s in-house SSO architecture.

A distinction is generally drawn between an identity provider and a service provider or relying party. The identity provider authenticates users and provides them with a ‘ticket’ for access to the services of the service provider. The Secure Access Hub can adopt both roles in these protocols. It is important for the role of the identity provider that various means of user authentication are available, since not every user should be authenticated in the same way for every application. With Airlock you can draw on the full range of authentication methods.

Airlock application portal

There is a lot of technology and complexity under the hood of a company-wide SSO. However, this should not affect the user. Once successfully signed in, the Airlock application portal presents users with an attractive overview of the applications available. The portal can be adapted to CI/CD templates and users enjoy direct access to self-service options that they can use to manage their user data and authentication options.

Single sign-On highlights

  • Cross-domain SSO and identity federation
     

  • Cloud SSO (e.g. Salesforce, Office 365, Google Docs)
     
  • SAML 2.0 as identity and service provider
     
  • OAuth 2.0 and OpenID Connect 1.0 as authorisation server and relying party
     

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge