Security Control - Securing Private Web-enabled Applications
Description Providing a seamless authentication experience and platform for users to access both public and private cloud web enabled applications
Components and Required Capabilities

Access Management

  • Must have the ability to provide cloud and on-premise applications in the SSO portal
  • Must have the ability to provide authorization to application via portal regardless of location

Network Security

  • Must have the ability to authorize access and/or relay authenticated context to application which could include protocol translation.
Best Practice Recommendation

For authentication, consider implementing a Single-Sign On (SSO) solution early in the maturity of the program as it provides big wins especially with removing core access quickly on a termination.  External SaaS applications, or cloud-based vendor/3rd party apps can be integrated into SSO with federation services.   Once deployed and functional, you can augment it with more sophisticated SSO and MFA scenarios. For example, SSO based on context authentication, risk score and policy based access control.  

Interaction Diagram