1CE

Explore 1CE's features

Secure Single-Sign On
Multi-Factor
Authentication
User Provisioning
Identity Life Cycle
Management
AD/LDAP
Authentication
Authorizaton
Organisational  Setup
Application
Management
Workflow

SAFEGUARDING YOUR DATA AND ASSETS

1CE is the key to safeguarding any organisation’s most valuable data and sensitive information

Secure Single-Sign On

SSO

  • SSO gives user to securely access multiple applications and services using a single ID
  • If user opt SSO, user can access many applications without login in each application
  • SSO is built on a concept called federated identity
  • It enables sharing of identity information across trusted but independent systems
  • If the user wants to access a different website, the new website must have a similar trust relationship configured with the SSO solution. The authentication flow would be the same
SSO connect to any application

The typical login process typically follows this pattern:

  • A user browses to the application or website they want access, to the Service Provider
  • During the authentication process, the Service Provider sends a token containing some information about the user, such as their email address, to the SSO system, aka, the Identity Provider
  • The Identity Provider first checks to see whether the user has already been authenticated. If this is the case, the user can access the Service Provider application and step 5 will be skipped
  • Upon logging in if a user has not yet done so, they will be prompted to do so using their Identity Provider credentials. This could simply be a username and password, or it might include some other form of authentication like a One-Time Password (OTP)
  • The Identity Provider will send a token to the Service Provider as confirmation of successful authentication once it validates the credentials provided
  • This token is passed through the user’s browser to the Service Provider
  • When the Service Provider receives the token, it is validated according to the trust relationship that was set up between the identity provider and the Service Provider
  • The user is granted access to the Service Provider
SSO Steps

Multi-Factor Authentication

1CE Multi-Factor Authentication

  • Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to an application, online account, or a VPN. Rather than just asking for a username and password
  • MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack
  • Separate problem and problem resolution conditions
  • Multiple severity levels
  • 1ce caters to all types of MFA, push, pull, pin, email, QR code, app based and OTP

User Provisioning

How do provisioning work?

  • User provisioning and deprovisioning involves the process of creating, updating and deleting user accounts in multiple applications and systems
  • In a basic automated workflow, you add users based on specific user roles, and whenever a user is assigned a particular role, they’re automatically created in the associated application and given access permissions
  • An example, a new user was provisioned, that user was added to the Sales role and is therefore granted access permissions to the applications associated with that role
  • Users are provisioned into 1ce portal, IAM, AD, applications and the cloud, IaaS, PaaS, SaaS.
Provisioning

How does deprovisioning work?

  • User deprovisioning involves the process of removing or deleting user accounts in multiple applications and systems
  • When it comes to deprovisioning users from applications, you want a solution where you can easily change the user’s status, so that the account in all apps will be disabled, depending on your configuration settings
  • An example, once the user has been deprovisioned, the apps associated with his/her role will no longer be accessible to him/her
deprovisioning

Identity Life Cycle Management

What is Identity Life Cycle Management?

  • Digital identities represent an individual’s relationship with an organization. They can be employees, partners, customers, or applications
  • These relationships change over time, so the digital identities must be able to adapt accordingly
  • This is where identity lifecycle management (ILM) comes in
  • Identity Lifecycle Management (ILM) defines the processes to create and manage digital identities, as and whenever they’re needed
  • For example, when a new employee joins, ILM automatically creates a digital identity for him/her
  • If his/her role changes, ILM updates his/her privileges accordingly
  • When he/she leaves the organization, ILM removes his/her digital identity, ensuring that he/she cannot access any company resources anymore

LDAP

Lightweight Directory Access Protocol

  • LDAP is a protocol designed to maintain and manage “directory services” within a network
  • Think about a directory service as a telephone book for different network resources like documents, printers, users, computers, and servers
  • An example, an organization might store information for all their documents in a directory
  • LDAPS can enable users to search through the directory for a specific document, locate it on the computer, and securely connect to the file
  • LDAPS can also allow users to change the contents of a document without having to re-upload it.
  • LDAPS is widely used to build centralized authentication servers. These servers hold usernames and passwords that are used to authenticate and authorize any-and-all applications or services on the network
  • LDAPS directories typically contain data that needs to be frequently updated, but not necessarily read. LDAPS is designed to deliver extremely fast READ performance, even if the dataset is large. However, the WRITE speed is much slower

Authentication

What is Authentication

  • Authentication (AuthN) is the process of verifying that someone is who they are claiming to be. Technology systems typically use some form of authentication to secure data access
  • When the user needs to access an online site or service, you usually must enter your username and password, in the backend it compares the username and password that user has entered with a record it has on its database
  • The system assumes that customer is valid user based on the information you submitted
  • System authentication in this example presumes that only user would know the correct username and password
  • It authenticates the user by using the principle of something only user would know.

What is Identity Authentication

  • Identity authentication is the process of verifying the identity of a user or service, based on this information, a system then provides the user with the appropriate access
  • It may ask them for a username and password, or it may need to scan their thumb on a fingerprint reader
  • Employees using the system need to verify their identity via an authentication process
  • Define service weights for custom service status calculation
  • Calculate your business service availability based on service weights or number and percentage of unavailable child services

Authorization

What is Authorization?

  • Authorization is the security process that determines a user or service’s level of access
  • In technology, we use authorization to give users or services permission to access some data or perform a particular action
  • Authorization determines what users can do once the system has granted them access

Organisational Setup

Organisational setup in 1CE

  • The platform is designed to cater to small organisations with single OU and small, flat structures and also to complex multi OU federated and large business structures
  • The platform is designed for delivery of mixed organisation structure for both on premise, cloud and hybrid deployments.
  • The platform is designed to cater to organisational changes quickly, including mergers, acquisitions and demergers. Tightly coupled and loosely coupled structures are easily implemented keeping the integrity of the identity, role, access and data security in mind.

Application Management

1CE Application Management

  • The platform allows for complete end to end application provisioning (Adding), de provisioning (suspending), end user role based access to applications through SSO and other mechanisms in a single pane.
  • From user request, work flow of entitlements, RBAC access, timed and limited accesses to temporarily and permanently suspending access is provided in the platform.

Workflow

Workflow of 1CE

The platform allows for ease of defining, designing and implementing work flows for all scenarios including:

  • User related work flow, including request, provision deprovision, entitlements
  • Application related work flows, application adding, RBAC defining, AD synch, password synch, application administration for identity management, attributes updating and suspending application & user access.
ABOUT

1CE Features

About Us
Contact Us
Partner Program

FAQ

OUR PRODUCTS
ThIRU 1CE

ThIRU DLP

ThIRU EDR

ThIRU NOC

ThIRU SOC

PARTNERSHIP ENQUIRY

+61 470247462

partners@thirulabs.com

NEED SUPPORT?

support@1ceid.com

FOLLOW US
Facebook Twitter Youtube

© 2023 by ThIRU Labs. All rights reserved.

Privacy Policy