This document discusses enabling single sign-on (SSO) for mobile business users. It describes the needs of users who want easy access and IT who needs security and manageability. The challenges of mobility are outlined as enabling productivity while addressing security and making management easy. Solutions presented include SSO using iOS WebViews, Samsung Knox with Centrify for containerization separating work and personal activities, and integrated mobile and application administration.
4. 4
User
Wants
IT
Needs
ü Easy
to
use
ü Accessible
anywhere
ü Social
CollaboraLon
ü Enterprise
grade
security
ü Simple
to
deploy
and
maintain
ü Lower
TCO
The Challenge
5. 5
GePng
Mobility
Right
Enable
Employee
ProducLvity
Address
security
and
compliance
requirements
Make
it
easy
for
IT
to
manage
mobility
1
2
3
14. 14
Benefits
of
Samsung
Knox
+
Centrify
Mobilize
app
and
service
access
ContainerizaLon
to
separate
work
from
personal
Integrate
mobile
and
applicaLon
administraLon
1
2
3
15. 15
• Leveraging
your
exisLng
centralized
idenLty
infrastructure
–
typically
AD
• Use
PKI
authenLcaLon
for
SSO
to
Exchange,
Wi-‐Fi
and
VPN
• Enable
SSO
for
Web
apps
leveraging
federaLon
where
possible
• Integrate
Mobile
AuthenLcaLon
SDK
to
enables
SSO
for
custom
applicaLons
Mobilize
App
and
Service
Access
16. 16
Mobilize
Apps
with
Zero
Sign-‐On
Cloud
Proxy
Server
IDP as a Service
Firewall
Move
to
federated
app
authenLcaLon
Ensure
Device
Security
Integrate
Mobile
App
AuthenLcaLon
Works
great
for
one
mobile
app,
but
what
about
mul8ple
apps
on
the
device?
Web
Application
Mobile OS
Mobile App
Mobile Auth
SDK
MDM
Step 2
One time user
authentication
& device registration
Step 1
Web
Application
Registration
Step 4
Token based
Authentication
Step 3
Token Generation
ID
17. 17
• Secure
Container
built
on
a
Secure
OS
for
both
security
and
usability
• Provides
dual
persona
usage
of
popular
mobile
applicaLons
• SSO
for
all
apps
in
container
-‐
enabling
the
laptop
experience
on
a
mobile
device
ContainerizaLon
Separates
Work
From
Personal
18. 18
• MulL-‐applicaLon
SSO
is
built
into
the
Knox
Container
• The
container
idenLfies
the
user
to
the
apps
• The
container
can
get
AD
abributes
for
the
apps
• Apps
can
request
security
tokens
for
their
web
app/
service
ContainerizaLon
with
MulL-‐App
SSO
Cloud
Proxy
Server
IDP as a Service
Firewall
Web
Application
SE Android
Step 2
One time user
authentication
& Container registration
Step 1
Web
Application
Registration
Step 4
Token based
Authentication
ID
Knox Container
Mobile App 2
Mobile
Auth SDK
Enterprise SSO
Mobile App 1
Mobile
Auth SDKPersonal
App Step 3
Token
Generation
19. 19
• Dual
persona
enables
usage
of
the
same
app
with
different
personaliLes
– Personal
Mail
on
the
device,
Business
Mail
in
the
container
– Personal
Box
account
on
the
device,
Business
Box
account
in
the
container
ContainerizaLon
for
Personal
and
Work
Use
Office 365: david.mcneely@centrify.com
Box: david.mcneely@centrify.com
Mail: david@mcneely.com
Gmail: dfmcneely@gmail.com
Box: david@mcneely.com
20. 20
• Enabling
IT
to
manage
security
policies
for
Mobile,
WorkstaLons
and
Servers
• Unifying
ApplicaLon
management
into
one
interface
for
Mobile,
Web
and
SaaS
ApplicaLons
• Leveraging
automated
lifecycle
management
through
AD
Integrated
Mobile
and
App
AdministraLon
21. 21
• Mobile
device
security
policies
follow
the
user’s
account
lifecycle
automaLcally
• Policy
changes
automaLcally
apply
to
devices
the
user
enrolled:
Integrated
AdministraLon
Follows
User
Lifecycle
User enrolls their
own devices
Update device
security settings
or new group
de-provision
device
Lock account
and full device
wipe
Delete or disable account
and de-provision device
Active
Directory
22. 22
GePng
Mobility
Right
Enable
Employee
ProducLvity
Address
security
and
compliance
requirements
Make
it
easy
for
IT
to
manage
mobility
1
2
3