Secure Single Sign-On Enables Migration to the Cloud

The Platinum Group of Companies, which includes Allied United Insurance and Top Finance Company, is a financial services organization with approximately 250 employees based in the Los Angeles area.

A Focus on User Adoption
Thom Vandenberg, the IT project manager responsible for the strategic move to SaaS, had a number of key issues to address with the migration to Salesforce in the cloud. Among them was how to encourage high levels of user adoption of the new application. He realized that users would not be enthusiastic about using Salesforce if they had to go through an arduous process of logging onto the new platform every time they needed to use it; therefore, convenient access would be critical to user adoption and the overall success of the project. This was particularly true if users needed access multiple times during the day or needed to have several windows open simultaneously.

The Platinum Group also wanted to take advantage of Chatter, Salesforce's collaboration application, as part of the company's transformation to a “social enterprise.” Chatter allows companies to link identity-related information from external sources (Facebook, LinkedIn, and similar social networking sites) with internal profiles, expanding the ability of organizations to collaborate with users, business partners, and customers.

Single Sign-On to the Cloud
As a result, Vandenberg embarked on a search for an enterprise-grade SSO product that would enable The Platinum Group users to quickly and easily authenticate identities once and then access multiple SaaS solutions without having to log on every time they accessed the system. He also wanted a solution that would allow power users to enable multiple sessions through different browsers that open simultaneously, improving utilization of the application and overall productivity.

Provisioning Cloud Applications
Another challenge that Vandenberg wanted to address was the problem of provisioning and de-provisioning SaaS application accounts. While The Platinum Group does not have a high degree of turnover, Vandenberg sought a solution that he could use to:

  • Quickly and easily create new Salesforce.com (and, later other service provider) accounts
  • Keep the user identity attributes in those accounts in synchronized with the internal system of record (Microsoft Active Directory) as their profiles change
  • Detect when a user has been terminated and deprovision the SaaS account, eliminating the possibility that a former employee would be able to access internal company data.

“The McAfee solution delivered the highest level of functionality of all the vendors we evaluated. [McAfee] Cloud Single Sign On is head and shoulders above the competition.”

Thom Vandenberg
IT Project Manager The Platinum Group

Meeting Security and Compliance Requirements
The Platinum Group's insurance division, Allied United Insurance, is subject to government regulations and industry requirements regarding access control to sensitive customer financial data. Another compliance requirement was support for PCI DSS, which includes specifications for managing end-user identities to protect against unauthorized access to payment card data. As a result, Vandenberg looked for a solution that could support two-factor authentication to ensure that, in certain scenarios, the user would have to demonstrate physical possession of a hardware device such as a cell phone in addition to logon credentials.

Enabling Management
Finally, Vandenberg realized he needed a management environment that would enable the system administration team to easily manage and monitor user access to SaaS applications like Salesforce.com. He wanted to provide administrators with the ability to capture identity-related events in standardized log files that could be used for various reporting and audit functions, such as ensuring compliance with industry regulations and requirements.

Robust Functionality
The Platinum Group team evaluated the cost/beneἀt ratio of building a solution to meet its needs, versus buying one from an existing vendor. This analysis revealed that, while the initial investment of time and effort required to build the functionality would not be exorbitant, over time, it would cost more to maintain the system as it expanded to include additional service providers. The team estimated that it would take a week to build and test a new connector each time they added a new SaaS application provider. They would also need to add new staff with knowledge of developing connectors that support Security Assertion Markup Language (SAML), the leading industry standard for managing SSO-to-cloud applications. As a result, the team conducted a search for a solution and evaluated several leading vendors.

During the evaluation process, The Platinum Group considered the vendor's reputation and experience in the industry, the time required to implement the solution, the level of support offered both during and after deployment, and the features and functions delivered with the product. In the end, the team chose McAfee Cloud Single Sign On. “The McAfee solution delivered the highest level of functionality of all the vendors we evaluated,” says Vandenberg. “[McAfee] Cloud Single Sign On is head and shoulders above the competition.”

Unlike competing solutions, McAfee Cloud Single Sign On was able to uniquely address The Platinum Group's requirements in several key ways:

  • Synchronized provisioning and user profile updates of SaaS accounts, leveraging Microsoft Active Directory, The Platinum Group's system of record
  • Automated deprovisioning of SaaS accounts when a user is terminated and their Active Directory account is removed
  • SSO through a secure enterprise portal to Salesforce.com and Chatter, with the ability to easily add more SaaS solutions to the portal over time
  • The ability to deploy strong, two-factor authentication by challenging users to enter a one-time password (OTP) delivered to their personal cell phone or other mobile device, when required
  • Support for integrated Windows authentication (IWA)
  • Rapid deployment capabilities as well as 24/7 support from one of the industry's leading global IT vendors

Laying the Groundwork for Expanding SaaS
The Platinum Group completed internal deployment and testing in two weeks and rapidly rolled the solution out to its entire IT team, with plans to eventually make the solution available across the entire company. User adoption has been excellent, and as the company continues to implement its extended SaaS strategy, the team expects the ability to quickly and easily add connectors for new SaaS applications, such as Google Apps. When asked to sum up the project results, Vandenberg said, “Our experience with McAfee has been fantastic. They've been a terrific vendor to work with, and have responded to all our questions and inquiries with answers that worked and worked well.”

Platinum Group

Customer profile

250 employees in the Greater Los Angeles

Industry

Financial Services

IT environment

Initial Salesforce.com application in the cloud with broader SaaS strategy planned

Challenge

  • Ensure end-user acceptance and adoption of new SaaS solutions
  • Provide single sign-on (SSO) for SaaS applications
  • Manage provisioning and automated deprovisioning of SaaS accounts and synchronize them with enterprise identities

McAfee solution

  • McAfee® Cloud Single Sign On

Results

  • High user acceptance of SaaS solution since users only have to enter credentials once
  • Stronger security through use of industry-standard SAML tokens
  • Integration with enterprise identity repositories for automatic provisioning and deprovisioning