Solution brings big business Identity management to the small enterprise
re:ID Magazine publisher AVISIAN is not a multi-national company, nor does it have hundreds of employees, but we still have many of the same identity and access management issues that larger companies face.
We use many SaaS tools and web apps for business operations, and some of these don’t enable multiple logins, requiring user names and passwords to be shared among employees. Making these passwords strong and memorable has been always been difficult.
This led us to evaluate different password solutions identity and access management tools. After seeing a demo at a trade show, we decided to give Gemalto’s CloudEntr product a try.
Our internal administrator created user accounts for our staff and set up the initial series of sites we access during normal operations. To date, we have 18 sites enabled with CloudEntr, each of which is shared across some or all users.
To setup a site, you select it from the list in CloudEntr and specify your user name and password. CloudEntr has a library of 1,300 sites for enterprises to access but others can be manually added, says Tom Smith, vice president of business development and strategy for CloudEntr. “The numbers go up every month,” he adds.
We found that most of our sites were already included in CloudEntr, which expedites the setup. For the services that were not available, it just took a few extra steps to ‘teach’ the app the location of the necessary data entry fields on the page. CloudEntr customer service was responsive and helpful in the couple instances where we had difficulty setting up a site.
Because we knew we would be enrolling each site and entering usernames and passwords, we used this as a time to mandate a strong password policy. Each site is now protected by a 20-character, randomly generated code with upper and lower case letters, digits and special characters.
Next, each employee downloaded the CloudEntr app to all computers and mobile devices they use for access. The app is protected by a password, the only one they need to remember going forward.
To access a protected site, they simply click the CloudEntr icon from the browser’s top bar and log in to the app. Then they select the site to access from their CloudEntr vault. The service handles the rest, supplying the username and strong password in the format required by the specific site.
Employees can also use the app for their personal sites, social networks and financial accounts. The company administrator cannot see this login information so the employee’s accounts are kept secure and private.
The administrator controls which applications are shared with each user, and it can be done without the user ever seeing the password. This feature is nice if a contractor is working for a limited time because we don’t have to worry about sharing credentials, they can just click on the app within CloudEntr and have access to what they need.
Access to CloudEntr can be protected using a one-time passcode generator that can be downloaded to a mobile device.
Gemalto is incorporating additional functionality to the system. In May, the site added the ability to federate identities that are SAML enabled. “We will be able to expose their APIs, build a user interface and add it to our library so customers can turn these apps on,” Smith says.
The system is also looking at linking into Active Directory and other corporate resources for more integration, as well as including additional multi-factor authentication schemes, Smith says. We want to add the necessary capabilities to go after larger organizations,” he adds.
Any downsides? It would be helpful if CloudEntr included a strong password generator to create the random strong passwords. We have to use other sites to generate these passwords, and then we enter them in CloudEntr.
CloudEntr offers a free month to trial the system, and after that it’s $4 per user per month.