SAML. ADFS. Shibboleth. Your network team may be bringing up these terms as they relate to your organization’s security initiatives and all you may know is that PeopleSoft doesn’t support them natively. Even if your organization isn’t bringing up these terms, you should start thinking about them, because they enable your organization to do 3 important things:
- Securely control access to all your corporate systems
- Widely adopt fluid and mobile solutions
- Adopt cloud technologies
SAML / ADFS / Shibboleth Primer
Before getting to the meat of the matter, let’s provide a quick overview on what we’re talking about. SAML is a protocol for safely sharing a token of a person’s identity between systems. This protocol has a number of safeguards against hacking and spoofing and is used as the communication mechanism for identity providers to share that information.
ADFS and Shibboleth are identity management solutions that leverage SAML in this manner (and instances of ADFS and Shibboleth that store user information are called Identity Providers – or IDPs). ADFS (and/or Azure Active Directory) is Microsoft’s implementation of this, whereas Shibboleth is an open source Identity Management solution.
Controlling access to all your corporate systems
The first benefit of utilizing this technology is to provide a single control point for authentication in your organization. Gone will be the days where your end-users will have 17 different passwords that expire at different times and have different password controls (which causes significant help desk calls, causes your employees to write down passwords because they can’t remember them, and makes it difficult to provision and terminate accounts appropriately).
Two years ago, I wrote a blog post that goes into more detail on these topics http://www.greyheller.com/blog/idm-for-peoplesoft-security/
Adopting Fluid and Mobility widely
Another challenge facing PeopleSoft customers is deploying Fluid and Mobility, and facilitating the authentication process. Because deploying PeopleSoft in this manner often requires providing access to PeopleSoft outside the organization’s network, on-premise Identity Providers are generally not available, which means that authenticating a user to PeopleSoft becomes a big challenge.
Single Signon via SAML allows organizations to properly authenticate regardless of the location or device from which they’re accessing PeopleSoft content.
Adopting cloud technologies
Finally, as organizations begin to adopt cloud technologies, they are being driven to SAML to provide a safe means of authenticating to systems that they don’t directly control or have running inside their network. Implementing a single singon solution utilizing SAML allows all of these disparate systems to play together nicely giving your end-users a safe and cohesive solution that give you flexibility in your cloud deployment.
GreyHeller’s SAML Single Signon for PeopleSoft
To address these needs, GreyHeller has extended its security suite to provide native SAML support to PeopleSoft. Single Signon customers need only install our plug-in, register the identity provider(s), and the solution will automatically accept SAML tokens – from ADFS or Shibboleth – to get end-users seamlessly into PeopleSoft.