Our SaaS CloudSSO – par excellence

Essentially that is what it is. Recently we announced our Force.com based Cloud SSO solution. What is unique about this is that we are the first (and as of now the ONLY) solution that will allow Force.com user identities to be federated not only across Force.com applications, but also across other cloud providers as well.

We provide Identity for the cloud in the cloud – now that is different, isn’t it?

I know, I know… there are about half of a dozen vendors that claim to provide a Cloud SSO solution. So why are we different or better than the others?

We provide a fusion, bringing together the best of McAfee and Intel.   We bring years of advanced security research ,  our multi-tenant offering cloud security suite from McAfee, coupled with Intel’s Identity offering that includes SSO, hardened provisioning/de-provisioning and an escalated authentication (OTP) solution.

Everyone knows that salesforce.com is all about the cloud and SaaS, right? But once you set up your users/ identities in the Force.com platform it can be only used there. If you need to setup another SaaS application then your administrator needs to setup the user base all over again. Even though there are tools available to make this process easier it is still a chore. Imagine if you could have the power to set up the identities and policies once and run forever. If your users have to remember only ONE password then you could enforce the passwords to be very strong. This would not only reduce the security risk (imagine a SaaS application having a weak password… what can be more dangerous than that) but it could also help with eliminating a lot of help desk password reset calls from frustrated users.

One pivotal and unspoken benefit is the  increase in productivity where a user can seamlessly navigate between applications.

Our solution also includes a hardened, proven provisioning/ de-provisioning which takes care of syncing identities across applications and across multiple cloud providers. And there is also a built-in escalated authentication of identity using a second form factor which comes in handy when someone tries to use sensitive applications. Our OTP (One Time Password) solution allows the users to provide the second factor (of what you have in addition to what you know).

If you missed our recent announcement about the beta release at RSA check it out here.



For more details check us out IntelCloudSSO.com

Andy Thurai — Chief Architect & CTO, Application Security and Identity Products, Intel. Andy Thurai is Chief Architect and CTO of Application Security and Identity Products with Intel, where he is responsible for architecting SOA, Cloud, Governance, Security, and Identity solutions for their major corporate customers. In his role he is responsible for helping Intel/McAfee field  and technical teams and customer executives. Prior to this role he has held technology and architecture leadership and executive positions with L-1 Identity Solutions, IBM Datapower, BMC, CSC, and Nortel. His interests and expertise include Cloud, SOA, identity management, security, governance, and SaaS. He holds a degree in Electrical and Electronics engineering and has over 20+ years of IT experience.





451 Group Report on Intel Cloud SSO

As we introduced Intel Cloud SSO Beta last week at RSA conference, Steve Coplan, Senior Analyst with the 451 Group Enterprise Security Practice wrote a report on Intel’s solution.

Few highlights from the report:

  • Intel’s cloud access broker strategy, predicated on the convergence of authentication and federation with API governance, as well as roadmap integration of McAfee security functionality, makes for a compelling vision.
  • Intel is looking to make a splash by providing bundled pricing for application connectors, federated single sign-on (SSO) and authentication.
  • As we outlined some three years ago, by introducing a new network topology, cloud computing establishes the need for a new network device that we refer to as a cloud access gateway. As the API revolution takes hold, security and access management for the cloud is a stepping stone to solidifying Intel’s ambitions to addressing the opportunity.

You can read the complete 451 Group research report here.

Intel introduces IAM as-a-service for cloud apps

Intel Cloud SSO LogoAt the RSA conference 2012 this week, we’re excited to introduce a new cloud service “Intel Cloud SSO” for Enterprises to provide Identity and Access Management (IAM) for cloud applications from the cloud. The service runs on Salesforce’s Force.com platform as-a-service (PaaS), and offers secure seamless single sign-on access to 100+ SaaS applications through pre-built connectors. End users have to remember just one password to login into the service’s SSO portal, from where they can launch all the applications they are allowed to access. This single sign-on experience eliminates password sprawl, improving security and user productivity. To help Enterprise IT deal with on-boarding/off-boarding of users, the service includes role based automated provisioning/de-provisioning of user accounts into cloud apps.

Intel Cloud SSO service is the cloud version of the Intel Expressway Cloud Access 360 (Intel ECA 360) on-premise software which was released during last year’s RSA conference 2011. We’ve implemented “Freedom Licensing” for both products that allows customers to use either Intel Cloud SSO or Intel ECA 360, or both, for the same license fee, providing ultimate flexibility to our customers.

The service provides enhanced security and improved IT controls by:

  • Including One-time Password based step-up authentication when accessing secure cloud apps. The built-in One-time Password technology supports mobile soft-tokens through a downloadable mobile app.
  • Customers using Intel Ultrabook client devices to access cloud applications can leverage the service’s seamless trusted device authentication by integrating with Intel Identity Protection Technology.
  • Including policies that IT can use to restrict access to cloud apps based on various contextual elements such as: which mobile device the user is accessing from, accessing from corporate network or not, etc.
  • Customers can use their corporate identity store (such as Active Directory) and Kerberos to authenticate into service’s SSO Portal, thereby eliminating even the password required to sign in to the service’s SSO portal.

Do I need to be an IAM expert to use it?

No. When we were building Intel Cloud SSO, we laid out basic tenet for the service – keep it simple. Anybody should be able to configure and use it, and shouldn’t require special skills. Having worked with other IAM systems in the past, this wasn’t an easy goal to achieve …

How can I get access to the service?

Currently, the service is in a Beta phase. You can apply for Beta by visiting www.intelcloudsso.com.

Is it available through McAfee?

McAfee (an Intel company) already sells Intel ECA 360 software as McAfee Cloud Identity Manager under the McAfee Cloud Security Platform (read post), and plan to include this service in its portfolio later this year.

Vikas Jain is Director of Product Management at Intel Corporation responsible for Cloud Identity and Security Products. You can follow him on Twitter @VikasJainTweet

2-factor authentication and SSO to Salesforce and Force.com apps

Salesforce and Force.com applications share the same identity management infrastructure. This allows a user logged into Salesforce to access other applications deployed on Force.com platform without entering credentials again (aka Single sign-on). This works very well except it doesn’t solve the following 3 problems

  1. How can I ensure that authentication into Salesforce for my users is secure using techniques such as 2-factor authentication? And, for any way they access Salesforce – through web browser, mobile app, or Outlook add-in.
  2. How can I ensure that my users leverage the credentials from Enterprise user stores such as Active Directory instead of creating another set of credentials in Salesforce?
  3. How can I ensure that my users get Single sign-on (SSO) experience not just between Salesforce and Force.com applications, but also when they access other SaaS applications outside the Force.com platform?


Intel Expressway Cloud Access 360 provides a solution addressing all the above problems (and more). It bundles 3-in-1 solution providing Federated SSO, 2-factor strong authentication, and user account provisioning linking Enterprise credentials to Salesforce/Force.com.

  • Federated SSO is provided into Salesforce and Force.com implementing the Security Assertion Markup Language (SAML) standard that Salesforce supports
  • 2-factor strong authentication is implemented before the user is federated into Salesforce/Force.com using One Time Password (OTP) delivered as soft tokens over mobile devices such as iOS (iPhone, iPad), Android, Blackberry, and Windows devices.
  • User provisioning and de-provisioning is implemented using REST APIs exposed by Salesforce

ECA360-salesforce-integration.jpgTo learn more about how Cloud Access 360 integrates with Salesforce and Force.com, visit