If you have compliance needs you want control over who gets access to your enterprise resources. It's not just about single sign-on to an application. It's about controlling who has access to what and from where. Symplified's unique proxy-based architecture prevents "side-door access" to protected applications. Users access applications through the company ribbon or portal, preventing unauthorized (and more dangerously, unmonitored) connections from rogue users. By design, all user access behaviors can then be audited and strictly controlled by company administrators.
Symplified not only accesses an application at the macro level, it also parses it as a series of URLs, all with different access rights. Our proxy-based technology routes user access through our high, throughput Identity Router that stores your protected URLs.
For example, you might want all of your users to have access to a main URL, such as www.google.com but you might only want to give a specific workgroup access to a document in docs.google.com. In Symplified's administrative interface, you can assign user access to specific sub-URLs as well as enable an even deeper level of granularity with the option to control access to specific web-based documents as well.
Symplified implements standards-based access control with XACML as the foundation our access control rules engine. You can combine the real-time access to your user stores where you have created user groups and roles with less rigid access control parameters. For those changing user attributes, XACML-based rules or policies can be applied to those users for accessing applications and application areas. Some examples of attributes that could be applied to access control are a user's IP address range, the device from which they are attempting to access applications, or the time of day they are accessing a given application.
Symplified supports SAML 1.1 and 2.0 federation to cloud, web and mobile applications.
The key benefit to SAML is that no credentials are passed to the application. With Symplified the application never stores user credentials since Symplified has a valid authentication from the end-user and a trust relationship with the service provider. As an OASIS standard, it is interoperable between access-management providers, thus preventing vendor lock in.
Only a small percentage of SaaS applications support SAML and most are enterprise SaaS applications. Another option is necessary to enable and control access to consumer SaaS applications. To that end, Symplified created HTTP-Federation (HTTP-Fed).
Symplified seamlessly supports strong authentication for high-trust and sensitive applications that require more robust security than username and password logins by offering native authentication support, multiple authentication level policies, 'step-up authentication' and mobile strong authentication.
Strong authentication can be implemented across all web and cloud applications or on an application-by-application basis. Symplified integrates with leading solutions such as RSA SecurID, CryptoCard and Symantec VIP, all of which deliver cloud-based strong authentication that combines something you know (e.g. a username and password) with something you have (e.g. a credential such as a card, token, or mobile phone).
Combined with Symplified's access policy engine, you can assign strong authentication to specific users, specific applications, specific parts of an application, or specific IP address ranges.
SAML's lack of ubiquity led Symplified to create HTTP-Fed, a SAML-alternative that allows you to add an enormous amount of web applications to your ecosystem. HTTP-Fed doesn't require either party to change their infrastructure or apps so that organizations are not restricted to the handful of SaaS apps that support SAML.
Symplified acts as an integration aggregator unifying the trust connections as a SAML trust broker. It establishes and maintains the trust relationships, dramatically accelerating federation implementations across the cloud without needing any code-level customization. Symplified does this by discovering, through our Trust Connector, the access structure of the targeted application. It inserts credentials into the log-in form and passes those to the web application. Credentials are only passed once.
HTTP-Fed can be adapted to different types of proprietary log-in processes used by many web apps. Many of these proprietary log-in processes have already been integrated into the Symplified user profile and the supported apps.
User credentials are passed to the application (encrypted in flight with SSL) using the existing web log-in forms. HTTP-Fed does not require any code change by the relying party nor do you have to store credentials on the browser providing you a more secure solution.
Symplified supports authentication against all common on-premises user stores such as Active Directory, LDAP, RDBMS (Oracle) as well as cloud-based user stores such as Salesforce.com, Google and Amazon RDS.
Symplified does not replicate or copy your existing user store for user credentials. It connects with your current user store to validate access attempts by your users. Through this connection it is able to seamlessly propagate identity changes such as permissions, roles, deletions or policies across all Symplified-protected applications.
By not replicating the user store you remove one vector of security attack while removing the complexity of additional syncing.
The Symplified "ribbon" is our out-of-the-box solution for end-user access to applications. It's a centralized string of permissioned applications represented in icon form that organizes end user applications in a customer's existing portal.
For those users wanting a deeper level of integration that aligns the end user interface with a customer's existing website look and feel, Symplified provides APIs.
Symplified supports every language that can parse HTTP headers: Java, PHP/Python/.Net to enable customers to build rich web portals that can display your login and web-application interface however you'd like.
Symplified provided the industry's first IAM to support application access from mobile devices such as iOS, Android and Blackberry (RIM's HTML 5).
Symplified creates a portal page that maximizes space for these small-screen devices so that users can easily navigate on touch screens. For HTML 5 browsers (i.e., Blackberry devices and Amazon's new Kindle Fire) we can also display a screen-optimized version of the portal allowing users to navigate through their log-in needs easily.
Since no plug-in or extension is required, browser version updating isn't dependent upon your vendor providing an updated version of the extension.
End-users’ access to apps from a mobile device is seamless and consistent with that of their desktop or laptop experience.
Unless you are deploying a complex enterprise solution for user management, many vendors will replicate your user data in a system that they manage. There are several problems with this approach.
With a multi-tenant replication model, your critical user credentials will be stored in the cloud and managed by a company outside your security umbrella. There is a large burden on the vendor to make sure that the credentials of one customer are partitioned away from another, so that if one of the companies in a multi-tenant environment becomes a risk target, others don't as well.
Symplified doesn't replicate any user store information regardless of whether you deploy on-premises or in the cloud. Rather than managing provisioning in its own proprietary user store, and then replicating those changes across to the primary user store, Symplified syncs information near real-time between the primary user store and the web-based applications.
In the administrative console, you can define the rules you wish to implement for syncing between a source and a target. Once you have your user store set up as a sync source, the configuration is sent to the Identity Router where it monitors changes in your user store through a 'heartbeat' that checks your user store for any changes. When the Identity Router detects a change it sends the new information to the synchronization engine. It compares those changes with information in the user store about the user, using the policy engine to find user attributes, running through the various rules to ascertain access privileges.
In situations where a company doesn't already have user store, Symplified can provide rich APIs and a very flat, user data structure so that users can stand up their own custom user store compliant with the Symplified API. (REST 1.0, REST 2.0 and SOAP 1.0).
Symplified also includes delegated administration that allows for department administrators or others to manage access for specific groups. This is particularly beneficial for large enterprises looking to unburden the central IT department by reducing help desk calls and resource constraints. It also includes automated, self-service capabilities that enable end users to perform limited tasks such as password resets, updates to basic profile information, requests for access to specific applications, etc. IT administrators have complete control over which management capabilities can be exposed in the delegated administration and self-service user interface.
Symplified has created a rich set of REST-based APIs that allow users to create their own user interfaces while pulling all the information that they need from the Symplified system.
APIs are built to support using a custom portal rather than the Symplified portal. In this way, you can have an entirely customized environment for your applications yet get the functionality of Symplified's Single Sign-On, access control and user management capabilities.
Symplified has defined a series of protocols to access user stores so that users can be authenticated, authorized and managed through a web service interface that utilizes either XML or JSON for the structuring of the payload.
If a company has multiple data stores containing user information, Symplified can put its web service APIs in front of those user stores to allow the Identity Router access. From those user stores, Symplified APIs support passing information to the Identity Router such as the user type schema, credentials for access, user properties, etc. Note that there are specific attributes for each of the user stores because each has its own structure and data types.
Once accessed, API users can:
