24 TOPDESK MAGAZINE � JUNE 2015 2015
Patrick Mackaaij … is an information distribution coordinator. coordinator. He is specialized in technical issues and optimizing processes.
AUTOMATIC AUTOMATI C LOGIN LOGI N WITH SAML Different login names and passwords for various applications are a daily annoyance for end users. You You can facilitate automatic logins using SAML (Security Assertion Markup Language) for employees, customers and partners using the single sign-on principle. This means they only need to log in once, after which they can seamlessly seam lessly use the organization’ organization’ss applications, even via the internet.
What is SAML?
The end user can use the same login login credentials for all applications
SAML is a technical standard that simplifies automatic logins.
involved in single sign-on. One of SAML’s benefits is that the
Applications outsource the login processing to an Identity
applications in question do not save login details. I n practice,
Provider (IdP).
applications often save login credentials in their database in a way
When an end user wants to log in to an application, the application refers the end user to an IdP to process the login. The IdP identifies the end user based on t heir login name, password, and (if applicable)
that is not coded securely enough. News about passwords leaked due to insufficient security are not uncommon. For administrators, administrators, it is a benefit that logging in is managed
a second factor such as a code sent to their smartphone. The IdP then
centrally. An administrator can block access for all related applications
assigns the user credentials that enable the user to automatically log
from a single point. Instances where this could be useful include
in to the original application. If an end user recently logged in, the
an employee leaving the organization, or a password being entered
IdP immediately fulfills the request. As a result, the user experiences
incorrectly several times. It also makes it possible to centrally manage
applications that support SAML as single sign-on.
password complexity and second factor requests.
WORKING SMARTER
SAML and LDAPS instead of VPN
SAML uses a secure internet connection so that your colleagues,
Organizations that outsource the technical management of
customers and partners across the globe can use single sign-on,
applications to application suppliers often choose a VPN connection.
without the disadvantages of a VPN connection. Any exchange of data,
This ‘tunnel’ facilitates automatic automatic logins and data exchange exchange with
such as important contact details, can often be done in a different way,
other systems, such as with TOPdesk SaaS. Opening and maintaining
such as via LDAPS, a stable and safe network protocol.
a VPN connection takes time, however. Installing and changing
LDAPS is safer than VPN. With a VPN connection, the communication
the installation at a later date requires coordination between your
between the end user or the tunnel on one side and the tunnel or
organization and the application supplier. Besides, the tunnel is
server on the other side may be unencrypted. LDAPS encrypts the
temporarily unavailable during maintenance. Think for instance of
entire connection, from server to end user. Short passwords are
changing the pre -shared key (the connection’ connection’ss ‘password’), ‘password’), which in
common for VPN, while LDAPS uses various lines with a mix of a
practice is rarely changed because of all the surrounding hassle. In
variety of characters thanks to the SSL key used.
daily use, a VPN connection often results in minor disruptions when one of the intermediate steps has a temporary malfunction.
For your network’s safety, the commonly used M icrosoft Active Directory has offered the possibility of linking a Read Only Domain
26 TOPDESK MAGAZINE � JUNE 2015 2015
Editorial Controller to the internet since Windows Server 2008. You can further secure the server
Download this issue and more at
by only allowing connections from specific IP addresses to specific port numbers.
www.scribd.com/TOPdesk
Another option is limiting the traffic to the Domain Controller using stateful inspection. Are you currently using a VPN connection to TOPdesk SaaS? Contact your account
The TOPdesk TOPdesk Magazine Magazine covers covers subjects that
manager to discuss the possibilities.
are topical in the world of professional service desks in IT, facilities and other
Getting started with SAML
service providing organizations. TOPdesk TOPdesk Magazine is intended for managers, service
Microsoft’s Active Directory Federation Services (AD FS) can operate as an IdP for SAML.
desk employees, facilities organizations and
This is also true for the Microsoft-hosted Microsoft-hosted Azure Active Active Directory. The settings required required for
electronic city councils — anyone who is
TOPdesk can be be found in Microsoft’s Microsoft’s documentation: documentation: http://bit.ly/1IJ7gZq.
involved involve d with supporting clients on a daily
Do you not yet have an IdP IdP,, or has your Active Director y not yet been set up to function as such? You You could call in an organization that supplies network management to take
basis. This concerns both the processes and the technology behind these services.
care of the set-up, such as our sister organization OGD. TOPdesk supports supports SAML 2.0 from version version 5.5 onwards. onwards. In order to use SAML, your your TOPdesk environment environment should be accessible accessible via the SSL protocol. protocol. This could could be either
TOPdesk TOPde sk Magazine is a TOPd TOPdesk esk publication, publication, +44 (0) 207 803 4200,
[email protected]
directly or through a proxy, as documented on the TOPdesk Help & Support website: http://bit.ly/1KAuUbb. You Yo u also need the TOPdesk licence for web authentication, along with a few days of
Editors-in-chief: Milou Snaterse, Nicola van de Velde
consultancy to set up the SAML link. You You can read more about this in our documentation
Editors: Nienke Deuss, Stefanie Klaassen,
on the Help & Support website: http://bit.ly/1LL26tF.
Milou Snaterse, Luke van Velthoven
Our consultants can also he lp you update your TOPdesk environment. Get in touch with your TOPdesk account manager to discuss your options.
Translators: Transl ators: Laura van Rosenberg, Rosenberg, Leah Clarke Clarke and Nicola van de Velde Contributors: Lukke van Bemmel, Wes Heemskerk, Fiona IJkema, Patrick Mackaaij, Wolter Smit Layout: Louise van der Laak, Joost Knuit, Denise van Rijst Photography: Menno van der Bijl, Aad Hoogendoorn Copy editor: Leah Clarke
A print run of 10,000 Quarterly magazine Languages: Dutch, English Copyright © 2015 TOPdesk. Although this publication has been produced with the utmost care and attention, the writers cannot be held responsible in any way for any damages that may occur due to errors and / or deficiencies in this publication.
