Single sign-on, or SSO for short, is an authentication process that allows a user to enter a single username and password in order to access multiple applications. The advantages of SSO include users only requiring a single set of corporate credentials, only having to login once, and applications not themselves storing user credentials.
Lifesize Cloud includes SSO capability, and can be included within the Small, Medium and Large Cloud accounts. Here’s a brief introduction to SSO and the Lifesize Cloud SSO capability.
Microsoft Windows and Active Directory: An Example of SSO
Microsoft Windows allows a user to sign in on their machine and access different services across the corporate network like printers, email servers, network drives etc. It is the Microsoft Active Directory which securely stores the details of the users and their accounts, credentials and passwords. Microsoft AD also authenticates and authorises all users and computers in a Windows network using a version of the “Kerberos” authentication protocol that Microsoft calls “Integrated Windows Authentication”, or “IWA”.
Many organisations use Microsoft Active Directory as their preferred user authentication solution. “Active Directory Integration” with Lifesize Cloud provides:
- A mechanism to allows users to sign into Lifesize Cloud with the same credentials used to log into the Windows Network
- A way to avoid manually creating and managing user accounts on Lifesize Cloud for each users
- a way to keep user credentials and passwords secure and under their own policy control
Lifesize Cloud and SSO
Lifesize Cloud SSO capability is based upon SAML 2.0 “Security Assertion Markup Language” and provides trust based authentication working with the end user. SAML is an XML-based solution for exchanging user security information between a user, an identify provider (IdP) and a service provider (SP).
SAML 2.0 allows Lifesize the ability to offer SSO functionality for end users in a secure and widely accepted manner. When using SSO, Lifesize Cloud will never import, download or store user password credentials – it just sends and receives queries, tokens and cookies.
Therefore the organisation remains in complete control of their credentials, directory and associated policies.
Example: SSO using a Browser Client
When using SSO within the Lifesize Cloud WebApp (WebRTC Client), the user simply opens the Lifesize Cloud WebApp in their Chrome browser, and enters their email address. Lifesize Cloud checks to see if this belongs to an account enabled for SSO and then:
- If the user is already authenticated via their IdP, they can immediately start using the WebApp
- If the user is not authenticated via their IdP, they are redirected to the IdP authentication page, allowing them to be authenticated and then start using the WebApp
If the users email address belongs to an account not enabled for SSO, then the credentials will be authenticated by the Lifesize Cloud servers.
What if I delete a User from the Active Directory?
If a user is deleted from the customer’s Active Directory, they won’t be able to login to Lifesize Cloud. However… the cookie validity period will still stand if the user is already authenticated or is already signed in. The current cookie validity period for the WebApp, Desktop Clients and Mobile Client apps are all 30 days.
The user account, associated contacts, chat history and VMRs on Lifesize Cloud will not be deleted automatically. The administrator can remove the user manually via the Lifesize Cloud admin console.
What are the Supported Identity Providers (IdP) for Lifesize Cloud?
- Microsoft ADFS 2.0/ADFS 3.0
- Microsoft Azure
- Ping Identity
- Salesforce Identity
- Open IAM
- Google Apps
To find out more information about SSO and Lifesize Cloud, get in touch with our team today on 0118 214 2300.
You may also be interested in: