Simple (Single) Sign-On
We solve problems. In designing IAM Cloud SSO, we have been guided by the idea that most of the world’s best solutions are simple. Simple means reliable, fast, affordable, and easy to use.
IAM Cloud is a simple low-cost IAM solution with all the core essentials you’d want – like SSO, MFA and password self-service – without the price-bloating peripherals.
Does it have jaw-dropping interfaces? No. In fact, we try to make IAM Cloud as invisible as possible to minimise disruption. Is it secure? Yes, very. Is it affordable? Yes, much cheaper than the alternatives. Does it have great support? Yes, and the support is all included in the list price. Will IAM Cloud make a significant positive difference to IT within my organisation? Yes, very much so.
While IAM Cloud is a lightweight product in terms of its peripheral features and price, it’s a heavyweight product in terms of its core performance and resilience. You can check how it’s doing any time here: www.iamcloudstatus.com
Single Sign-On (SSO)
By eliminating multiple passwords and the need to log-in separately to each application, single sign-on (SSO) increases IT security and user productivity.
Enterprise SSO from the Desktop
IAM Cloud is one of the few SSO solutions that doesn’t require users to login through a portal or dashboard. IAM Cloud’s ingenious use of network technology means that we can activate SSO at the workstation level. In other words, when a user logs into their work computer – they will be able to access all their federated applications without having to log into anything else. A user would simply click on a desktop shortcut or browser favourite and they’d be launched straight into their application. Simple and convenient.
Competitive solutions like Okta and OneLogin can do this too, but they require the deployment of a local server running IIS. That’s an extra thing for you to manage and a single point of failure. IAM Cloud doesn’t need any extra infrastructure and has no single points of failure.
Smart Links SSO
IAM Cloud Smart Links are application links that are CNAME’d from your organisation’s domain e.g. outlook.example.com. Organisations can use these links several ways, including embedding them in desktop shortcuts, browser favourites, and on existing Intranet portals and websites.
Custom Login Screen
When users attempt to log-in from a non-federated environment, outside of your Domain, then they will be prompted to login. Users will be diverted through a branded login page with your organisations choice of colours, background, logos and text.
Multi-Factor Authentication (MFA)
In response to the growing threat of hacking, phishing and identity theft, multi-factor authentication has become an essential technology in enterprise IT. IAM Cloud MFA can be applied to any of your federated applications – even if they don’t natively support MFA! You can choose to protect all your applications by MFA, or just one. And of course, you can activate MFA for some users but not others. It’s simple but very powerful.
MFA via SMS
When a user goes to sign in: they enter their password, their phone will then receive an SMS message with a code. They enter the code and can then access their applications. SMS MFA provides a flexible and powerful way to protect your IT accounts from hacking and phishing. Even if the hacker manages to acquire your credentials, they would still need your physical phone to receive the code. This significantly protects against the majority of cyber threats, and all-but eliminates the threat of cyber attacks from overseas. No security in the world can ever be perfect or 100% effective, but this is a very strong option.
MFA via Security Questions
Security questions don’t provide quite the same level of added security as MFA via SMS or app, but it’s still a significant step-up in security than a password alone. It can also work well for users because unlike passwords and codes, it’s unlikely personalised security questions would ever be forgotten by the user. As such, they’re a simple and user-friendly option for adding some extra security to your IT systems.
MFA via Shortcode
A shortcode is effectively a second password, perhaps a 4-digit number or a memorable code word. Technically if you can phish a password, then you can phish a security question or shortcode too. However, while these options are not as secure as MFA via SMS, smartphone app or physical security fob, it is still more secure than a password alone. The reason for this is that most phishing attempts are automated: A user gets sent an email, they click a link, and they are taken to a page asking for their username and password. It is unlikely, unless it was a highly-targeted manual phishing attack (and these are very rare), that the phishing system would ask for a shortcode too.
A user could be tricked into giving their username and password, but without knowing the shortcode too their account would still be protected. This is not bank-grade security, but it is very easy and convenient to implement. It doesn’t require a smartphone, so it works great in education and other professions where the possession of personal smartphones are prohibited/discouraged for most users, like healthcare, hospitality or retail.
MFA via Smartphone App
We don’t support this yet, but we plan to by the end of 2019.
The MFA features above all work on a continuous basis. From the point you switch them on, they will stay in place indefinitely or until you make a change. However, there are occasionally needs to reset passwords, MFA details or other credentials on a case-by-case basis. If a user has forgotten their password and the security questions that would normally be used for resetting it, for example. In this case, an admin can quickly set-up a temporary code for the user through our MFA system in order to allow them to reset their forgotten credentials.
Self-Service Password Reset & Write-Back
Forgotten passwords can be a real pain. Providing your users with the autonomy to securely reset their own passwords is more convenient for users, and it reduces the burden on your IT support team.
We provide a known password reset and a forgotten password reset feature. If a user already knows their password, but they just want to update it voluntarily then users can self-manage their passwords through our system. If on the other hand a user has forgotten their password, they can securely reset their password via:
- SMS message
- Security questions
- Back-up email address
When you first activate one of the options above, for example the SMS option, and you did not have all your users’ mobile phone numbers, our service will collect the information from your user(s) when they next log-in.
Password Policy System
When you allow your users to reset their own password, you’ll likely want to stipulate password length, complexity, and whether there are any blocked words. Setting up password policies in IAM Cloud is easy.
Unlike some SSO systems, which make you pay a large premium just to write-back your password back to Active Directory, we do not. It doesn’t make sense to us to implement a password reset system without properly syncing the newly reset/updated password to your source system – e.g. AD. IAM Cloud does it all, and it can work alongside existing password reset systems you may have too.
Identity Management & Account Provisioning
Identity is the foundation of all sign-in systems. You need to know who someone is, in order to determine what they do and don’t have permission to access. IAM Cloud synchronises identity data from Active Directory, Azure AD, and other systems.
Automated Provisioning & De-provisioning
Account creation and de-provisioning can be a significant time burden to IT teams, particularly in large organisations. IAM Cloud can automate account provisioning processes based on rules. IAM Cloud can be used to replace Dirsync/AAD Sync for Office 365, but beyond that IAM Cloud can provision accounts for a range of applications. Automating provisioning and de-provisioning doesn’t just reduce cost, it strengthens security around leavers too.
Simple identity management
Each identity can be made up of any number of attributes from a variety of systems. IAM Cloud allows IT Administrators to group users based on common attributes – e.g. Department name = Marketing. All users that meet the rules of the Classification are grouped together – which then allows the IT Administrator to bulk apply processes to these users, e.g. set a certain security feature for them like MFA, or enable access to a specific application, e.g. Salesforce. Furthermore, because IAM Cloud is automated, any new user who meets the given criteria will automatically receive these same features. Classifications allow organisations to undertake intelligent automated user lifecycle management at scale with minimal effort.
Automated Office 365 Licensing
IAM Cloud can handle the full end-to-end Office 365provisioning process. From the account creation to the account licensing. IAM Cloud can automatically apply different Microsoft Cloud (e.g. Office 365) licenses different groups of your users.