Access Manager

Single Sign-on made simple

Using a variety of technologies, Access Manager has multiple ways to deliver single sign-on (SSO) for any intranet or cloud-based service. This means that regardless of the interface that your applications may or may not have, your users (employees, customers, et.) get quick, convenient access to them while you maintain your access control using the same processes that you've been using. Beyond enjoying the advantages of SSO, you have a choice on offering one click access to web apps through easy to setup icons contained in the mini portal, also easy to setup. Access Manager's built-in mini portal isn't designed to replace anything that you may already have in place, but rather to be an option for those that don't have one or to use as an option for however many apps you want. The portal is designed to be lightweight for administrators to turn on, configure, and maintain as well as intuitive to use by any type of user. Access Manager's quick access interface is a nice enhancement to the single sign-on experience.

Access Manager provides your organization three options to implementing single sign-on (SSO) across all your cloud and intranet based applications:

• Access Gateway—the ultimate in access management for both access control and rendering single sign-on, Access Manager's gateway is the best way to deliver a seamless user experience across multiple services and complex environments – internal, cloud based, both.
• Standards based federation—SAML, OAuth, OpenID Connect, WS-Trust, and WS-Federation; Access Manager supports these types of applications through pre-configured connector catalog or a toolkit from which you can configure your own trust between an authentication provider and a service provider.
• Single sign-on assistant—for the wide ocean of small or specialty apps that don't support any type of federation, the SSO assistant single sign-on users.

Single Sign-on through the Assistant

For cloud based services that are too old, small or primitive to support federation, the Single Sign-on Assistant delivers an SSO experience. With minimal effort, users are prompted to download the browser plug-in that securely retrieves credentials once they've been recorded. Once the assistant is setup, whenever the user accesses the application, users experience SSO. The first place to look for ready built assistant connecters is the Access Manager Connector Catalog. If you're not able to find the connector you need there, you can record your own. Access Manager automatically prompts the user to install the connector the first time after which it retrieves and submits the user's credentials from Access Manager for an automatic login.

For example, a user Maria has an account for Evernote. Maria uses Evernote to take notes for her job in marketing. Instead of logging into Evernote with separate credentials each time she wants to use it, she would log into Evernote once and the Single Sign-on Assistant will save and replay her saved credential every time she accesses Evernote.

Both the Single Sign-on Assistant as well as the Access Gateway's Form Fill policies both automatically populate HTML forms. Form Fill policies scan each login page, accelerated through the Access Gateway, to see if the Form Fill policy can populate the credential information. Basic SSO provides connectors for the different applications. You configure the connector for the specific site. Basic SSO captures the users' credentials through a browser plugin or extension. It securely stores the users' credentials on the Identity Server, never using the Access Gateway.