12.17.2015 - LDAP Migrations Made Easy – Part 2

LDAP iconIn LDAP Migrations Made Easy – Part 1, we discussed several common migration challenges dealing with schema,  paging and Directory System Agents (DSA’s) that can easily be avoided by using a Virtual Identity Server. In this post we will cover several other challenges involving Directory Information Trees (DIT’s), Access Control Lists (ACL’s) and password migration and how to overcome them with the end result being an efficient, seamless and secure migration. ...

12.10.2015 - That Synching Feeling I Get From Cloud SSO

Single Sign-On is all the rage these days.  Organizations are looking to ease the hassles and expenses related to user passwords.  Single sign-on (SSO) is a user authentication process that permits a user to enter one name and password in order to access multiple applications.  This can help reduce the number of calls to a help desk for access issues, thereby reduce the operating cost for the organization.  The latest market trend is to take this a step further and leverage external companies for SSO.  By using products that offer SSO as software as a service (SaaS), an organization can greatly reduce the expense related to the management of these integrations. However, when an organization moves their SSO infrastructure into “the cloud” there are new risks to be considered. sinking feeling definiton ...

11.20.2015 - LDAP Migrations Made Easy

Are you trying to migrate off an expensive directory platform (e.g. Oracle directory Server) to something more economical (e.g. Active Directory or AD LDS)?  Are you finding the LDAP migration process difficult or perhaps even impossible? Do you wish there was one proven solution that would eliminate all of the trials and tribulations you are currently facing? I have three words for you…Virtual Identity Server. Anyone can do an LDAP migration with the Virtual Identity Server…well…almost anyone! ...

11.12.2015 - Stop Data Leakage. Don’t Be the Next High-Profile Hack

Large company data breaches and hacks are becoming common place these days.  It seems like every week there is a new news story where a high-profile company’s data is compromised.  From T-Mobile to Ashley Madison, personal information is being stolen by hackers.  The recent Internal Revenue Service (IRS) hack showed us that even the United States government isn’t safe. As a result, consumer confidence in companies’ ability securely store their data is at an all-time low. ...

11.5.2015 - Cloud Federation & SSO Vendor Comparison

With so many cloud federation and single sign-on vendors in the market today, it can be difficult and extremely time consuming to research, test and ultimately decide on a solution that best meets the identity management needs of your organization. Most enterprise architects immediately think of big name providers like Okta, Ping and OneLogin who appear to be some of the largest competitors in the space. One should not overlook, however, the limited feature set and expensive nature of these solutions. Optimal IdM offers an all in one cloud federation and single sign-on solution that is affordable and fully customizable in order to meet the unique identity management needs of enterprise organizations. The competition simply cannot offer what Optimal IdM offers in The OptimalCloud. Let’s compare: ...

10.30.2015 - Bridging the OAuth2/SAML2 Divide

It’s no secret that OAuth2 and OpenID Connect are gaining in popularity. It seems that all of our customers are in the process of rolling out OAuth2 and OpenID Connect, or are thinking about it. But how can these newer protocols play nicely in your enterprise if you already have a SAML2 or WS-Federation infrastructure? The answer is an identity broker (also known as a federation proxy). ...

10.15.2015 - Benefits of a Cloud Federation Broker

Before diving into the benefits of a cloud federation (SAML or WS-Federation) broker, let me first cover what it is.  You can think of a cloud federation broker as a gateway or proxy server that all federation request go through.  Optimal IdM’s federation broker (The OptimalCloud) is a cloud service that contains one or more trusts to an on premise Identity Provider (IdP) or trust to a customer/business partner, which users authenticate with their local credentials, and a trust for each federated application (both on premise and cloud hosted applications), see picture below.   broker-mode-graphic The main benefit for this federation model, is to limit the administration burden of the corporate IT staff in terms of supporting the future of hundreds and even thousands of federated applications that are currently being deployed or will be deployed.  In this case, the IT staff is constantly having to work with each and every application team to setup and troubleshoot that application roll-out. With the federation broker, all of that administration is done by the cloud broker staff at Optimal IdM.  The central IT staff only has to setup the trust with the broker for their IdP, then provide documentation to each application team with instructions on how to integrate with the cloud broker.  The typical cost of this solution is less than 1 full-time employee, but the benefits are far reaching that include the following: ...

10.8.2015 - Webinar: What’s New, What’s Next at Optimal IdM

What's New, What's Next A lot of exciting things have been going on at Optimal IdM over the past year including new products, new product features, a new website and more! On Thursday, October 22 from 1:00 pm – 1:45 pm EDT we presented a live webinar titled What’s New, What’s Next at Optimal IdM” . The webinar covered: ...

10.8.2015 - A Virtual Directory Server (VDS) Is a Swiss Army Knife That Enterprise Architects Cannot Be Without

Even at the smallest companies, the infrastructure needed to support the business is complex.  From data centers to data stores, the technical footprint of a company can span the globe.  There are internal applications, intranet applications, external federated applications (SAML, OAuth) and there are internal-corporate users and external-partner users that access these company resources on a daily basis.  It is easy to see how securely combining all the pieces required to allow a business to run can be difficult task. This is where a virtual directory server (VDS) can ease the “pain” while still maintaining security.  A virtual directory server, like Optimal IdM’s Virtual Identity Server, can present a consolidated view of the data that spans the enterprise.  For examples, the VDS can present a view to applications which makes the all the users appear to reside in the same data store, even though internal users may be in the corporate Active Directory store while external users are segregated in a database. This combined view makes a single deployment of an application available to the whole enterprise, thereby simplifying the architecture and maintenance.  The virtual directory server’s ability to dynamically present a consolidated view, becomes invaluable in the case of mergers and acquisitions.  When two companies merge, their existing corporate users reside in separate data stores (or directories) for some time while the technical details regarding combining the data is designed.  This typically makes for a bad user experience, requiring users to use one set of credentials for one application and a different set of credentials for another.  By placing a virtual directory server in front of the two directories, the users of both companies can begin to use corporate applications “day one”, as the merger details are worked out behind the scene. The value of a virtual directory server does not end there.  It can be used to virtualize data, prevent data leakage by acting as an LDAP proxy firewall, as well as providing detailed reports regarding data access. Typically an organization purchases a virtual directory server to solve one specific problem, but once in place, enterprise architects see its value and are able to utilize its full capabilities in other ways across the company. Sure, a virtual directory server can’t make coffee or donuts, but it can make an enterprise run more efficiently and reduce costs. How are you using a virtual directory server at your organization?  What problem(s) does it solve? ...

09.23.2015 - Optimal IdM to Release TOTP in The OptimalCloud

TAMPA, Fla., Sept. 23, 2015 — Optimal IdM will be showcasing their cloud federation and single sign-on solution, The OptimalCloud and talking about their upcoming release of Time-based One-time Password (TOTP) support in front of more than a thousand identity management representatives as a sponsor at the Global Identity Summit this week in Tampa, Florida.  In addition to its cloud Identity as a Service (IDaaS) solution, Optimal IdM representatives will be highlighting the use cases for its on premise solutions such as its flagship product the Virtual Identity Server which is an LDAP Virtual Directory. TOTP is an algorithm that generates a one-time password based on a shared secret key and current time stamp that is the foundation of OATH and commonly used for two-factor authentication systems and cloud applications. Time-based one-time passwords are appealing because they provide a higher level of security, requiring a traditional static password and a TOTP which changes every 30 to 60 seconds, making it extremely resistant to attacks and security breaches. Optimal IdM, is currently in the process of building support for TOTP into its cloud federation and single sign-on solution, The OptimalCloud which has recently won several large contracts over competitors such as Okta, Ping and OneLogin. There are several key factors that consistently keep The OptimalCloud ahead of the competition. First, whereas most of the competition offers little beyond single sign-on, The OptimalCloud is a complete identity management solution with delegated administration and workflow capabilities that can be customized to meet the specific needs of its clients via Optimal IdM’s concierge, “zero-config” service. Secondly, The OptimalCloud offers a private, secure and dedicated cloud which is essential for meeting government and corporate security and compliance restrictions. Further to that, The OptimalCloud’s built-in cloud reporting system provides real time historical audit record of all activity including detailed granular reporting which is stored in a dedicated private database. Lastly, The OptimalCloud is billed as an affordable, flat monthly fee which is a perfect fit with government budgetary and approval requirements. About Optimal IdM Optimal IdM, LLC. is a leading global provider of innovative and affordable identity management software. Headquartered in the Tampa Bay area of Florida, Optimal IdM provides sales and services through regional offices across the United States and a growing network of resellers and distributors. Optimal IdM’s customers include Fortune 1000 companies, as well as Federal, State and Local Government agencies all over the world. Founded in 2005, Optimal IdM is privately held and has been profitable in every quarter since inception. Media Contact: Mike Brengs, Optimal IdM, (813) 425-6351, sales@optimalidm.com ...

Tags

  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.