Content
Objective:
- To understand the options you have to integrate with PolicyStat
Environment:
- PolicyStat
Answer:
You have the option to integrate PolicyStat with your Active Directory via LDAPS, as well as SAML 2.0 SSO authentication. Please review the different integration solutions below.
Ideal Solution: Integration with AD via LDAP(s) and SSO authentication.
Benefits:
- AD integration provides the daily provisioning and de-provisioning of accounts. Having all employee accounts allows the customer to leverage the full functionality of the application.
- SSO Provides Authentication that potentially (not always depending on the IDP) bypasses the login. Extra layer of security from the your IDP. Supports Just In Time (JIT) account provisioning and updates.
Secondary Solutions:
- AD Only: Provides the second most level of value. All user accounts present and update daily.
- SSO Only: (With Bulk Upload) Provides all accounts initially. Requires admins to maintain user accounts long term and not ideal for clients who intend to use acknowledgements. Admins responsible for deprovisioning stale accounts.
- SSO Only: (No Bulk Upload) (worst) Requires Admin to create accounts initially needed for implementation and would then be responsible for deprovisioning.
AD Integration Method:
- Secure LDAP (LDAPS) User attribute data is encrypted and sent using the external LDAP port 636. Client would need a security certificate to use this.
SSO Integration Methods:
- Any IDP that supports SAML 2.0
- Some Examples:
- ADFS version 2-4
- Ping Federate
- Citrix
- Okta
- Azure
Service Account:
Regardless of integration method chosen, we would request a service account for testing the configuration to ensure proper functionality.
Comments
0 comments
Article is closed for comments.