10.30.2015 - Bridging the OAuth2/SAML2 Divide
It’s no secret that OAuth2 and OpenID Connect are gaining in popularity. It seems that all of our customers are in the process of rolling out OAuth2 and OpenID Connect, or are thinking about it. But how can these newer protocols play nicely in your enterprise if you already have a SAML2 or WS-Federation infrastructure? The answer is an identity broker (also known as a federation proxy). ...
10.15.2015 - Benefits of a Cloud Federation Broker
Before diving into the benefits of a cloud federation (SAML or WS-Federation) broker, let me first cover what it is. You can think of a cloud federation broker as a gateway or proxy server that all federation request go through. Optimal IdM’s federation broker (The OptimalCloud) is a cloud service that contains one or more trusts to an on premise Identity Provider (IdP) or trust to a customer/business partner, which users authenticate with their local credentials, and a trust for each federated application (both on premise and cloud hosted applications), see picture below. 
The main benefit for this federation model, is to limit the administration burden of the corporate IT staff in terms of supporting the future of hundreds and even thousands of federated applications that are currently being deployed or will be deployed. In this case, the IT staff is constantly having to work with each and every application team to setup and troubleshoot that application roll-out. With the federation broker, all of that administration is done by the cloud broker staff at Optimal IdM. The central IT staff only has to setup the trust with the broker for their IdP, then provide documentation to each application team with instructions on how to integrate with the cloud broker. The typical cost of this solution is less than 1 full-time employee, but the benefits are far reaching that include the following: ...
10.8.2015 - Webinar: What’s New, What’s Next at Optimal IdM
A lot of exciting things have been going on at Optimal IdM over the past year including new products, new product features, a new website and more! On Thursday, October 22 from 1:00 pm – 1:45 pm EDT we presented a live webinar titled “What’s New, What’s Next at Optimal IdM” . The webinar covered: ...
10.8.2015 - A Virtual Directory Server (VDS) Is a Swiss Army Knife That Enterprise Architects Cannot Be Without
Even at the smallest companies, the infrastructure needed to support the business is complex. From data centers to data stores, the technical footprint of a company can span the globe. There are internal applications, intranet applications, external federated applications (SAML, OAuth) and there are internal-corporate users and external-partner users that access these company resources on a daily basis. It is easy to see how securely combining all the pieces required to allow a business to run can be difficult task. This is where a virtual directory server (VDS) can ease the “pain” while still maintaining security. A virtual directory server, like Optimal IdM’s Virtual Identity Server, can present a consolidated view of the data that spans the enterprise. For examples, the VDS can present a view to applications which makes the all the users appear to reside in the same data store, even though internal users may be in the corporate Active Directory store while external users are segregated in a database. This combined view makes a single deployment of an application available to the whole enterprise, thereby simplifying the architecture and maintenance. The virtual directory server’s ability to dynamically present a consolidated view, becomes invaluable in the case of mergers and acquisitions. When two companies merge, their existing corporate users reside in separate data stores (or directories) for some time while the technical details regarding combining the data is designed. This typically makes for a bad user experience, requiring users to use one set of credentials for one application and a different set of credentials for another. By placing a virtual directory server in front of the two directories, the users of both companies can begin to use corporate applications “day one”, as the merger details are worked out behind the scene. The value of a virtual directory server does not end there. It can be used to virtualize data, prevent data leakage by acting as an LDAP proxy firewall, as well as providing detailed reports regarding data access. Typically an organization purchases a virtual directory server to solve one specific problem, but once in place, enterprise architects see its value and are able to utilize its full capabilities in other ways across the company. Sure, a virtual directory server can’t make coffee or donuts, but it can make an enterprise run more efficiently and reduce costs. How are you using a virtual directory server at your organization? What problem(s) does it solve? ...
