MY1LOGIN SOLUTION BRIEF:

PROVISIONINGAutomated Provisioning of Users’ Access to Apps

The ability to centrally provision and de-provision users for application access has both security and productivity benefits for your organisation.

My1Login enables your organisation to:

• Employ a unified approach to identity governance and administration

• Centralise control over provisioning and de-provisioning of user access

• Rapidly onboard new employees

• Instantly cease ex-employee access to all applications

• Integrate with existing directory services, e.g. MS Active Directory, Oracle Directory Service

• Integrate with identity standards, e.g. SAML, SCIM

• Provision using the My1Login API when Identity Standards are not supported by Service

Providers.

my1login.com | 1

My1Login’s Provisioning Engine ensures the right people have access to the right applications at the right time.

MY1LOGIN SOLUTION BRIEF:

PROVISIONINGAutomated Provisioning of Users’ Access to Apps

IDENTITY STANDARDSProvisioning (and de-provisioning) utilises a number of protocols and identity standards. A few of the most-relevant standards, protocols and terms you’ll come across are below - an explanation of what they do can be found in the Provisioning Glossary.

DIRECTORY SERVICESMy1Login integrates with all popular directory services, including Microsoft Active Directory, IBM Directory Server, Oracle’s Directory Service, CA Directory, Apple Open Directory and a multitude of generic user directory services. Additionally, My1Login can also integrate with bespoke user directories.

No matter what directory service you currently use, My1Login can work with it to provision your users for applications across cloud, mobile and legacy platforms.

The My1Login Provisioning Engine ensures user access to all applications can be ceased centrally when required.

my1login.com | 2

Standards, Protocols & Terms

SAML Security Assertion Markup Language

SCIM System for Cross-domain Identity Management

CRUD Create, Read, Update, Delete

IdP Identity Provider

SP Service Provider

API Application Program Interface

LDAP Lightweight Directory Access Protocol

DSML Directory Services Markup Language

APPLICATION PROVISIONINGService Providers (SPs) host target applications. My1Login can provision users on SPs using identity standards, such as SAML. Additionally, even where SPs do not offer common identity standard compatibility, My1Login can use SCIM-to-API or a customised API to enable provisioning for these applications.

My1Login can be used to provision users in 3 ways:

Standard ProvisioningWith Standard provisioning an administrator creates the user identity within the Identity Provider (My1Login). Each Service Provider (SP) has specific provisioning requirements that My1Login is pre-configured to provide. The admin carries out the provisioning via the My1Login application by adding the details for the new user that is to be provisioned – My1Login ensures this information is in line with the requirements of the SP, and then transmits it to the SP using SCIM. Once successfully created, the user provisioning is complete.

Organisational ProvisioningWith Organisational Provisioning, the user identity is created automatically using the Active Directory details. My1Login utilises Active Directory Groups to automate the provisioning process, providing permission-based access to the Service Provider (SP) for users. Whenever a user’s Active Directory (AD) details are changed the user’s corresponding SP application access is updated as well.

The benefit of organisational provisioning is that it’s synchronised with the directory service (e.g. Active Directory) – vastly reducing administration effort. An example would be where an employee moves departments within the business - simply by changing the user’s group in the directory service, My1Login will automatically de-provision and provision their access rights to applications relevant to their role.

Just-in-Time ProvisioningWith JiT provisioning, the user identity is created (provisioned) with the Service Provider (SP) at the moment the user first tries to access the target application. To enable JiT, an admin simply authorises a user for a particular target application within My1Login. No identity provisioning activity between the identity provider and the SP takes place at this stage.

When a user attempts to access an SP application, it is first checked whether the user’s unique identifier is already provisioned. If no matches are found, the user has an account created for them on the SP. This happens seamlessly for the user.

JiT provisioning reduces admin effort as there’s no need to provision the user manually, the user simply has to be authorised to access a particular SP’s target application.

my1login.com | 3

my1login.com | 4

WHY MY1LOGIN PROVISIONING

• Proactive and Just-In-Time user provisioning, updating and de-provisioning

• Integration with the directory service of your choice

• SCIM support for full SCRUD user directory operations

• Organisation Directory group provisioning for rapid onboarding

• Custom APIs and SCIM-to-API bridging enabling provisioning on any target application.

MIGRATING IdPsMigrating from an existing Identity Provider (IdP) to My1Login is straightforward and seamless. Within the target application settings on the Service Provider (SP), an admin simply changes the relationship from the incumbent IdP to My1Login by updating the configuration information. This creates a new relationship between the SP and My1Login - all existing user provisioning remains in place without the need to re-provision existing users for applications.

The My1Login Provisioning Engine provides security and productivity benefits for your organisation.

PROVISIONING GLOSSARY

SAML is an XML-based, open standard, data format for exchanging authentication and authorisation between parties, in particular, between an Identity Provider (e.g. My1Login) and a Service Provider (e.g. Salesforce).

my1login.com | 5

SCIM is an open standard for automating the exchange of user identity information between identity domains or IT systems.

In computer programming, Create, Read, Update and Delete (Sometimes called SCRUD with an “S” for Search) are the four basic functions of persistent storage.

A Service Provider (e.g. SalesForce) is an entity that hosts target applications and provides services to users.

A set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.

An Identity Provider (e.g. My1Login) creates, maintains, and manages identity information for users, services, or systems and provides authentication to other service providers (applications) within a federation or distributed network.

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.

DSML (Directory Services Markup Language) is a representation of directory service information in an XML syntax.

DSML: Directory Services Markup Language

LDAP: Lightweight Directory Access Protocol

API: Application Program Interface

SP: Service Provider

IdP: Identity Provider

CRUD / SCRUD: Create, Read, Update, Delete

SCIM: System for Cross-domain Identity Management

SAML: Security Assertion Markup Language

ABOUT MY1LOGINFounded in 2007, My1Login is a European leader in protecting against enterprise cyber security threats through its Identity and Access Management solutions.

The trend towards SAAS has moved Enterprise identities outside the traditional corporate infrastructure, exacerbating the challenges of identity sprawl, password fatigue, resets and compliance adherence. My1Login’s next generation Identity and Access Management solution enables organisations to overcome these challenges by providing a single user identity for employees, improving productivity and eliminating security threats.

My1Login’s IAM solution supports identity standards such as SAML, SCIM, OAuth 2.0 and OpenID Connect, but crucially can also integrate with target applications that don’t have connectors, ensuring there are no gaps. My1Login works across cloud, mobile and legacy desktop applications enabling control of user identity and access while delivering a return on investment. The service can be deployed rapidly, even in the most complex enterprise environments.

My1Login protects over 1,000+ organisations worldwide.

PARTNERS

Call

HAVE A QUESTION? SPEAK TO OUR IDENITY EXPERTS

Email Visit

0800 044 3091 contact@my1login.com www.my1login.com

My1Login Limited, Office 404, 324 Regent Street, London, W1B 3HH

© My1Login. All rights reserved.

10,000+ APPS My1Login works with all common directory structures, legacy desktop apps and today’s Enterprise applications including Microsoft Office 365, BMC Remedyforce, Zendesk, DocuSign, LinkedIn, LivePerson, Netsuite, GotoMeeting, Dropbox, Yammer, Atlassian, Hootsuite, GotoMeeting, Workday, Box, Google Apps, Prezi, Salesforce, Pardot, Stripe, AWS, Zendesk and Cisco.