Modern SAML-based authentication is the standard for ensuring a high level of confidence in a user’s identity. Federated Identity Providers, or IdPs, are used to provide a consistent authentication service across all users needing access to enterprise resources. Unfortunately, there are many legacy applications that do not support or integrate with modern authentication, such as SAML, and are typically stuck using basic authentication which is much less secure and disjointed. The iboss Zero Trust Secure Access Service Edge can fill the gap by extending the reach of any Identity Provider so that users must authenticate via modern authentication before gaining access to the front door of the legacy application. This ensures that all applications are covered by SSO even if the apps do not support it.
Extend SSO to legacy apps that do not support SAML
Extend SSO to legacy apps that do not support SAML
Many applications do not support the ability to integrate with SSO providers such as Azure AD or Okta. This creates extraordinary risk by leaving those applications exposed to basic authentication which is insecure. This also results in a poor end-user experience as disjointed passwords must be used to access legacy applications. Because the iboss Zero Trust Secure Access Service Edge acts as a gateway to protected resources, the iboss platform can force SSO authentication to any Federated Identity Provider before the user gains access to the application. No data will flow to the application unless the connection is authorized by the iboss platform and this will only occur once the user has properly authenticated via SSO against the iboss Security Service Edge.
Protect non-web services such as shells and databases with SSO
Remote Desktop Protocol/RDP, SSH shells, databases and other non-web applications are typically some of the most risky resources within an enterprise. Yet SSO via SAML was not designed for those types of application protocols leaving them exposed to other authentication mechanisms that are less secure. The iboss Zero Trust Secure Access Service Edge can make all non-web services private and ensure only properly authenticated users get connections to those applications, regardless of the type of application. The iboss platform will handle the SSO authentication before a connection is established to the RDP service, for example, ensuring a frictionless end-user experience and the highest level of security possible when it comes to authentication.
Protect OT and IoT with SSO to reduce risk from unauthorized access
Protect OT and IoT with SSO to reduce risk from unauthorized access
OT and IoT typically do not support modern SSO authentication but if compromised could result in substantial damage to an organization. In addition, only high level administrators should have access to this type of technology. The iboss Zero Trust Secure Access Service Edge ensures that OT and IoT resources are completely inaccessible and private while forcing SSO SAML authentication for users that want to gain access to those systems. The iboss platform handles the authentication to the SSO Identity Provider before a single packet reaches the OT or IoT system ensuring only authorized and approved users have access to critical resources while denying all others.