Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

iPad App Allows Single Sign-On For Enterprise Apps

OneLogin's iPad app also lets enterprise users tab between multiple SaaS apps using one interface. Netflix is an early customer.

Want to provide single sign-on (SSO) to business applications hosted in the cloud, via an iPad? There's an app for that now.

Cloud-based identity and access management vendor OneLogin Wednesday released what it calls the "first-ever iPad app for enterprise single sign-on." Available via Apple's App Store, OneLogin for iPad is designed to work with OneLogin's cloud-based identity management service, which provides SSO for Web applications. OneLogin for iPad also gives users a single interface--built using native iPad browser functionality--through which they can tab between all of the SaaS applications they're entitled to use.

Netflix has been beta-testing the new iPad app, which is "really an application browser," said Mike Kail, vice president of IT operations for Netflix, in a phone interview. "You fire up the OneLogin app, and it gives you a list of all the apps you can toggle between." Beyond simplifying the password management picture for users, he said it also offers an iPad productivity boost. "You don't have to switch between apps; you can switch between tabs in the OneLogin application. So I can be in Workday doing an expense report, and pulling data from a spreadsheet in Google," he said. Previously, users would have had to log in to each application using Safari and manually switch between them.

[ For more on BYOD in the enterprise, see Avaya Bets On BYOD With Unified Communications Update. ]

Netflix is a heavy user of SaaS applications, including Box for cloud storage, Google Apps for collaboration, Workday for human capital management and expenses, AppDynamics for cloud performance tracking, and JIRA for bug tracking. Given the widespread use of different SaaS applications, Kail explained, "We want a way to tie back into one authentication mechanism or account versus all of our users having user IDs and passwords for every SaaS app."

Many businesses are pursuing similar SaaS application access management strategies. "A big dilemma is, how do we protect these? And even before we get there, how do we establish access controls?" said Eric Ahlm, a research director at Gartner. Traditionally, IT departments could require remote users to always log on to enterprise applications via a VPN connection. But with more businesses now adopting SaaS applications, they stand to lose some of the accompanying benefits--such as remote users being able to log onto a local SaaS vendor's website--by forcing them to always use VPN connections.

According to Gartner, Apple iOS is the dominant mobile operating system inside businesses, and it predicts that in 2012, nearly two-thirds of all tablets sold will be iPads. Still, how many businesses today require an iPad app to facilitate SSO for the SaaS applications? "From my vantage point, I'm not having users bang down my door saying, 'where is this single log-on app for my iPad?' today, but I anticipate it coming," said Ahlm. "The iPad onboarding and the iPad security challenge is not going away."

Ahlm said that businesses are extremely concerned with how to manage smartphones, as well as mobile security. "The problem is huge, and onboarding with the iPad is not solved by an MDM solution," he said, referring to mobile device management software. "That's a big part of it, and it's certainly a huge step [toward] trying to lock this stuff down and do due diligence." But MDM goes only so far. "When they want to do more, and lock down devices like they've been doing with laptops for 15 years, they're going to need more controls."

Of course, locking down devices gets more difficult when businesses don't own those devices. In the bring your own device (BYOD) trend, employees purchase their own cutting-edge mobile devices and bring them to work--saving businesses money but complicating attempts to keep such devices secure. Netflix is no exception to this trend. "Maybe 30% of the company has iPads," said Kail. "[At] Netflix, we support a bunch of different devices for our apps, so people have different devices. We won't push any one device; we really operate in a BYOD atmosphere."

To handle access rights, Netflix has OneLogin connect to its Microsoft Active Directory service. "We run the OneLogin SSL connector, so they connect securely to our domain controller, and we've had no issues," Kail said. Removing a user from Active Directory immediately revokes all of their OneLogin-handled cloud access rights.

To date, Kail said that OneLogin has performed as advertised--including simplifying SaaS application provisioning and de-provisioning, by offering him a single, centralized access control management interface. Meanwhile, Netflix doesn't need to secure employee-owned iPads. Instead, it can just offer the OneLogin app for when iOS users want to get work done.

Kail is also a fan of OneLogin's handling of cloud integration by using XML-based standard for exchanging authentication and authorization data. Furthermore, any Web app that's SAML-compliant can be served via the OneLogin app. "Now that software as a service has been proven, especially by Salesforce.com, Box, and other big vendors, the SAML spec can just tag along, because no one should want to support plaintext password authentication," Kail said. "It's in everyone's best interests to support SAML for increased security."

Private clouds are more than a trendy buzzword--they represent Virtualization 2.0. For IT organizations willing to dispense with traditional application hosting models, a plethora of pure cloud software options beckons. Our Understanding Private Cloud Stacks report explains what's available. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NeilB915
50%
50%
NeilB915,
User Rank: Moderator
10/4/2018 | 2:10:00 AM
iPad Mini Won't Turn On
Such a relevant update i had found in your Blog to know about the process to Allow Single Sign-On For Enterprise in iPad Apps. Thanks for Sharing. If still anyone want some more information about iPad apart from it then i recommend to read iPad Mini Won't Turn On Blog to gathered more details.
iMacCustomer
50%
50%
iMacCustomer,
User Rank: Apprentice
3/12/2018 | 7:49:19 AM
iMac Support Number
This is a desktop experience that draws you can be the best idea behind today's iMac. The new iMac is packed with all new processors, the latest graphics technologies, innovative storage and higher bandwidth connectivity. It's all comes to the life of the brightest and most colorful which is the best display iMac, There is an issue regarding can help with contact us. 

iMac Customer Service Number
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...