Extend Corporate Active Directory to Your Cloud Apps for Single Sign-On

Given today’s state of technology, authenticating users is primarily through usernames and password. However, passwords are a big and growing problem for both users and IT administrators. A study by Microsoft shows that the average user has 25 password accounts. Remembering that many usernames and passwords and ensuring they are all of adequate complexity is certainly impossible. There are password vaults and apps but they pose their own problems such as potentially compromising an entire username and password list.

So what users usually do is to either resort to a simpler password when they can or reuse the same password again and again. A research by NorSIS reports that 74% of respondents always or some of the time use the same password on different services, and 20% write down their password either on paper or in unencrypted text files on their computer. All of these result in weak security.

Corporate IT administrators are responsible for architecting secure identity management. You can’t fault them for following best practices and implementing a policy that requires complex passwords that must be changed on a regular basis.

One or two of these complex passwords may be manageable for users. However, for an average user, with 25 different set of passwords, a better solution is badly needed. That is where the Holy Grail of authentication – single sign-on – comes to the rescue.

With single sign-on (SSO), the ID service or provider such as Microsoft Active Directory is used to authenticate users across multiple services and applications. The same username and password is used on all the connected services. In fact, when a user is logged into their desktop with their network password, it is possible to seamlessly authenticate them for other applications without even asking for the login credentials again.

However, Active Directory does not automatically extend itself to the web and your web applications. A protocol called SAML is used to bridge the gap.

Security Assertion Markup Language (SAML) 2.0 is an XML-based standard for web browser single sign-on. It allows exchanging authentication and authorization data between an identity provider (IdP) such as Active Directory and a service provider such as Caspio.

Caspio announced integration with SAML earlier this year. With this feature, you can configure your Caspio apps to authenticate users based on your corporate Active Directory services. You can enforce the same company password policy across all your Caspio-powered apps without requiring your users to come up with a new password for each app.

Applying SAML single sign-on to your Caspio web applications promotes an environment where your IT administrators can achieve the following:

• Enforce a centralized security policy on internal and external resources
• Provide quick and scalable provisioning and de-provisioning of users
• Ensure the best user experience without sacrificing best practices

SAML is a widely adopted protocol and many other ID providers are also compatible with it. Caspio’s integration of SAML allows any ID provider using SAML 2.0 to be used for Caspio app authentication.

SAML integration, plus Caspio’s unlimited user policy for apps, makes the platform the best choice for creating enterprise applications. For more information on how to get SAML in your Caspio account, contact us.

Learn more about user authentication in Caspio:

• How to Create an Authentication Object with Caspio
• How to Configure Your Caspio Apps to Use Single Sign-on
• How to Set Up ID Services with Caspio