Extend Identities Beyond the Firewall
The Challenge: Securely Enable Employee Access to Web-based Applications
To fully optimize your identity infrastructure, you need to expose your internal directories to WAM solutions and web applications. As more and more functions move to the cloud, secure authentication beyond the firewall becomes an essential capability. However, when exposing directories to web-based applications, enterprises face vital security concerns such as:
- Denial of Service lockouts due to repetitive log-in attempts
- Directory harvest attacks
- System crashes caused by unruly queries
The Solution: Virtualize for Secure Authentication Against your Internal Directory
To evade attacks on your directories, RadiantOne acts as a firewall, providing an additional layer of security, yet still allowing vital information from your internal directory to be consumed by your WAM package. So RadiantOne can be used to provide secure access to your internal directory without putting your directory on the Internet. By acting as a filter, RadiantOne limits your directory’s exposure to cloud/SaaS applications, but still routes authentication queries to the appropriate directory. Your identities remain where they are, avoiding migration or synchronization while still preserving your directory’s security.
Extend Your AD Schema for Fine-Grained Authorization without Disruption
Cloud-based and web-based applications can require attributes from non-AD sources to enforce fine-grained authorization policies. However, from your policy engine’s perspective, the attributes should look like they come from your Active Directory. Because direct directory schema extension can disrupt your internal network, RadiantOne makes it possible to virtually “extend” the schema, and store additional attributes in our local store, without disturbing your existing schema. By dynamically joining these additional attributes with the AD profile, you get the best of both worlds: a complete profile for smart authorization and an undisturbed internal directory.