Date: Mon, 18 Mar 2024 21:24:46 -0400 (EDT) Message-ID: <442234788.2420.1710811486574@confluence-01.evolveip.net> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_2419_272693155.1710811486574" ------=_Part_2419_272693155.1710811486574 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
In This Article
Clearlogin is a highly available & scalable Sa= aS platform providing identity and access management (IAM) services fo= r web-based applications. Clearlogin allows an IT team to easily secu= re access to cloud applications, and gives users a streamlined, single loca= tion to access web applications they use every day, from anywhere.
Clearlogin acts as a proxy service hosted between your = identity source (Active Directory, Azure AD, LDAP, Okta, etc.) and one or m= ore target applications.
When Clearlogin has a trust relationship (federation) with an applicatio=
n using SAML (Security Assertion Markup Language) or
From an end-user perspective, they login to Clearlogin, and when they la= unch a federated application from their dashboard, Clearlogin provides the = application the user's identity and access permissions directly =E2=80=93 t= he user is not prompted by the application to sign in.
If an application does not support SAML/JWT, Clearlogin's browser-integr= ated Password Manager can be used to secure the user's cre= dentials, and then provide those credentials to the application when the si= te is visited by the user.
Clearlogin also supports bookmarking (linking to) websites that don't re= quire authentication. For example, you can give users easy access you= r company website, vendor sites, news sites, or other frequently visited we= bsites.
Cloud Application Dashboard
The Cloud Application Dashboard is the single gateway to your cloud-based t=
ools and resources. Securely log in once to access the apps you lever=
age every day, enable multi-factor authentication, manage groups, and monit=
or user access.
Password Management
Implement strong password policies that also streamline acces=
s for your users. Clearlogin offers zero-knowledge password managemen=
t that increases security while minimizing login issues.
Multi-Factor Authentication
Requiring strong passwords isn=E2=80=99t always enough to kee=
p your sensitive data secure. Configure multi-factor authentication f=
or an additional layer of security that will plug up any leaks in your peri=
meter and halt spoofing attacks.
Access Management=
Access Rules allow you to define rules and policies to allow or deny your u=
sers access to Clearlogin. Access Rules also leverage a tagging syste=
m to further fine-tune your access rules.
Multi-Domain Support
If your organization uses multiple directories or authentication met=
hods, Clearlogin lets you configure separate settings to authenticate users=
based on their domain.
Clearlogin Anywhere
Clearlogin Anywhere is a simple, secure JavaScript login form that can be e=
mbedded into any site or application. Users only have to log in one t=
ime to gain access to your company=E2=80=99s cloud applications and intrane=
t portals.
Custom Branding
Add your company logo and custom styles to the Sign In, Sign Out, and Cha=
nge Password pages for a more seamless integration for your end users.
Detailed Reporting
Gain insight into all aspects of user access, including unsuccessful login =
attempts, password changes, geography, and browser data.
Clearlogin uses multiple technologies to provide a seamless integration = into your application environment. Here's some information about thes= e technologies to get you started and comfortable with the features and ter= minology.
Identity and Access Management (IAM) is a general, umbrella-type term us= ed to describe solutions that help you manage identities and their access t= o resources & data under your control. Features in an IAM solutio= n generally include identity integration & provisioning, application fe= deration, access management (conditional access), single sign-on, and self-= service processes like password reset & account recovery.
Application Federation is a configuration where an Application and an Id= entity Provider (IdP) have a trust relationship, which allows the applicati= on to accept an identity & authentication claim created by the IdP.&nbs= p; For example, after an end-user successfully authenticates with the IdP, = the IdP generates a digitally signed token (using SAML or JWT protocols) th= at gets presented when the user connects to the application, and since the = application is configured to trust the IdP, the user does not need to sign = in.
Single Sign-On (SSO) is a term that describes the proce= ss of authenticating once, and having that single authentication used with = any federated application that supports SSO. However, not all applica= tions support SSO, and therefore, Clearlogin has the Password Manager (cred= ential vault) feature, which allows end-users to safely secure their userna= me and password for non-SSO applications.
SAML is an SSO framework for authentication and authorization, and consi= sts of the following:
Clearlogin supports both SAML 1.1 and 2.0 standards.
SAML Sign In Process
The sign in process can be init=
iated using one of two methods, and an SSO application can support one or b=
oth. Clearlogin supports both.
JWT is a fairly new standard that utilizes the JSON data format, an= d is possibly the most simple type of SSO integration. While being po= tentially slightly less flexible than SAML, it is definitely the easie= st to set up and is more self-contained than SAML. Authentication is = done via a token that is signed with a "secret" that is generated with the = HMAC algorithm.
Not to be confused with OpenID, which is for authentication only, OpenID= Connect is a decentralized authentication protocol for both authentication= via JSON (JWT) and authorization via OAuth 2.0. OpenID Connect funct= ions both as an Identity Provider (IdP), or OpenID Provider (OP), and an au= thorization method for a Service Provider (SP).
OAuth, which is based on JSON, is a newer authorization standard for SSO= , which was developed by Google and Twitter. They developed OAuth bec= ause SAML didn't work well on mobile platforms. OAuth provides author= ization services, and OpenID Connect provides authentication services. = ; Both OAuth & OpenID Connect are normally used together.
LTI is a standard developed by IMS Global Learning Consortium f= or Learning Management Systems (LMS) and is primarily utilized by education= -focused organizations. LTI is built on OAuth 2.0, OpenID, and JWT.&n= bsp; It's primary function is to automatically serve a student with the too= ls and courses that they require contextually based on metadata containing = education-centric information.