Monday, December 15, 2014

Business Cases - Web/Mobile SSO Case Requirements

We will start a series focusing on the Centrify User Service and to give it the right context, just like we did a year ago with Server Suite we are basing this in a set of business requirements.

Here's a summary of the requirements:

Web and Mobile SSO
Our organization currently uses Salesforce, Office365, Google Apps, Sharepoint (internally), has Apache/Java (internally) and they need SSO;  some of these apps are SAML, WS-Fed, User/Password or may be using the Centrify on-premise app plugins.

Access to these applications has to be granted to Active Directory users, but there are instances in which partners need access as well (who won't have AD accounts).  These users may access using rich clients (browser) or mobile devices (iOS/Android browser and mobile apps);  connections can be centralized via a portal, directly initiated or via intranet shortcuts.  In the case of Office365, users will continue to use their full clients (Outlook, Lync, etc) on their Windows and Mac workstations.

Security Requirements
Confidentiality - no synchronization of personal identifiable information off premises; encryption in traffic and at rest is required.
Access Control - the security department wants to have the flexibility to set policies that allow to control access based on time/day, network or geographical location (to limit apps to be intranet accessible only, not via the web);
Step-up Auth - One-time-passwords (two-factor) should be an option for sensitive use cases.
Governance -   Entitlement management and separation of duties should be enforced.
Availability - As a global company, close to 100% uptime, geographical layout and redundancy are a most.

Infrastructure Requirements
Business Requirement - The IT organization wants to shift capital expense (capex) to operational costs (opex);
Self-Service - the solution should provide flexible self-service options to minimize calls to the help-desk.
Office 365 - all features (rich or web clients) should be supported, ideally without added infrastructure complexity.
Decrease VPN usage - ideally this solution should provide alternatives to VPNs for internal-only apps.
Disjointed Namespace - The solution should accommodate for a different domain (for AD) than the business name (Internet DNS name).  It uses internally, vs. outside.

Other Requirements
Project Management and Methodology - the PMO would like to use the same methodology (DEV-QA to PROD) for this project.
Marketing - Branding and imaging should be maintained.

Go to Planning Session I:

No comments:

Post a Comment