Header Image

Cloud Single Sign-On

The Problem: Cloud Access

Most enterprise began their SaaS adoption as an experiment conducted with a single department or remote office, creating and managing access with whatever controls the SaaS provider offered. As adoption becomes more widespread throughout the enterprise, managing identities in the cloud quickly becomes one of the primary challenges facing the organization.

Most organizations own some kind of Identity and Access Management (IAM) infrastructure based on an LDAP, Microsoft Active Directory (MS AD), or Single Sign-On (SSO) product. They would prefer to leverage this same identity infrastructure for access to internal and external cloud resources in order to eliminate duplication of user ids/passwords, reduce the identity management burden, and ensure passwords never leave the enterprise.

Unfortunately, SaaS applications and cloud services have not yet standardized on a single method for access control: some require SAML; others use OAuth (with different providers having different implementations); others rely on OpenID or even proprietary tokens. Moreover access needs to be managed for both users and applications; across both browser-based usage and programmatic consumption.


The Solution: Standards-based SSO for Users and Apps

Traditional SSO solutions don’t provide native identity adapters for popular SaaS applications like Salesforce.com. Even those SSO systems that have been extended to accommodate SaaS applications provide support only for browser-based control. Increasingly, however, access to cloud is implemented programmatically, application to application, which requires specific access support for programmatic interfaces like REST and SOAP.


The Layer 7 Value: Programmatic and Browser-based SSO for the Cloud

With Layer 7 CloudSpan CloudConnect, organizations can implement a single solution that spans the browser as well as programmatic interfaces for SaaS, PaaS and IaaS. CloudSpan provides out-of-the-box support for common cloud token types like OAuth and SAML, and can accommodate custom token types specific to a cloud provider. CloudConnect also provides support for most leading identity, access, SSO and federation systems including LDAP, Microsoft Active Directory/Federated Services, Oracle Access Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, RSA ClearTrust, Sun Java Access Manager and Novell Access Manager.

Moreover, unlike pure-play identity products, CloudSpan CloudConnect can also address integration and visibility for cloud services, providing organizations with a complete SSO solution for the cloud.