David van de Maas from ngage says.
‘‘As soon as the possibility was there, our organization set up a federation via SAML with ClockWise.’’
‘‘In short, it is web-based Single Sign-On across domains. The service provider ClockWise (SP) delegates authentication to the identity provider ngage (Identity Provider or IDP). SAML is based on trust, a trust between IDP and SP.
This way, the user experiences a true Single Sign-On, once logged into our portal, and no further username and password are required to use ClockWise.’’
‘‘ngage specializes in Identity & Access Management. SAML is an important part of Access Management, and we implement it frequently for our clients, from government agencies to publishers, and from cloud applications to webshops.’’
‘‘Clockwise is considered a business-critical (financial) application. The time registration and invoices generated are an important part of the operations. Using federation via SAML provides a few key benefits.’’
‘‘Business-critical applications should be secured with more than just a username and password, in our view. For this, Multi-Factor Authentication (MFA) is used, meaning username/password and a token, SMS, Yubikey, or smartcard, etc. However, implementing MFA on all used systems and applications can lead to a complex setup. There are many solutions, and not every application supports all methods. By using a single authentication source, namely our IDP, password policies only need to be enforced in one place, and only one MFA solution needs to be implemented on that system. Additionally, SAML is also ideal for centrally enforcing authorizations.’’
‘‘The technical or functional administrators of an application like ClockWise do not need to reset passwords, set up self-service for this, or create procedures for it.’’
‘‘Not only will a user not need to enter a password for each application, but the user also won’t have to change their password in various systems.’’
‘‘Implementing SAML can range from childishly simple to extremely complex. This complexity is mainly caused when the messaging traffic contains very specific components. However, the SAML (2.0) standard has existed since 2005 and is a widely used methodology, meaning it has been fully refined.’’
nl
‘‘De SAML koppeling met ClockWise valt onder de categorie kinderlijk eenvoudig. In de Clockwise instellingen kan een wizard worden gestart om een externe Authentication provider te definiëren en die de configuratie aan de zijde van ClockWise realiseert. De stap daarna bestaat uit het definiëren van de Service provider aan de zijde van IDP. In ons geval gebruiken we MicroFocus Access Manager wat betekende dat we ook daar alleen een wizard hoefden te starten. Het werkte meteen. Interessante optie die ClockWise heeft ingebouwd is dat per type gebruiker het mogelijk is om de gebruiker te laten kiezen tussen providers.’’
en
‘‘The SAML integration with ClockWise falls under the category of child’s play. In the ClockWise settings, a wizard can be started to define an external authentication provider, which implements the configuration on the ClockWise side. The next step is defining the service provider on the IDP side. In our case, we use MicroFocus Access Manager, which meant that we only had to start a wizard there as well. It worked right away. An interesting feature that ClockWise has built in is that for each user type, it’s possible to let the user choose between providers.’’