The most excellent login, as the film characters Bill and Ted would say in their Excellent Adventure, is a login which is secure, simple, and uses the same steps whether on a PC, mobile device, or a virtual machine. It is even accessible via the browser, email client, or a remote desktop. That’s the point: Logging in should be as painless and drama free as it is secure.
Walking through some excellent logins
Logging into a network can be a mess – both for the user and the organization. There’s an overload of devices, technologies, and situations which all complicate the process. Options include the traditional PC or a virtual workstation, mobile devices, onsite location or remote desktop – the list of potential technology mashups and SNAFUs is nearly endless. There is also a wide range of people with different access needs and technical capabilities.
What pulls this together is that each of these individuals – regardless of their specific technologies – needs to login easily and securely to various IT systems. In this video, we’re going to show you how the user, Pia Petersen, has an excellent login experience as she logs into six different systems or devices with the help of Liga GlobalID and a smart card.
6 different logins:
1. Login with a PC
No surprises here, just insert the smart card, click on Pia Petersen’s name, and enter the four digit secure pin code. That’s it. She is logged into Windows. She can log into her account using the card and PIN on a different machine.
(See our other videos where we show how card technology actually works and what is inside the chip together with our video showing different kinds of card readers)
2. Login with the browser
Here Pia is logged into a Windows machine and just launched the browser. I will go to Outlook.office365.com and it will ask me for the user email account. So we just log on here with Pia’s PIN code and she is good to go with this service. The screen now says Welcome to Liga Software. I can go and work with Word, et cetera, but I’m authenticated to Office365.
This can be set up with different flows according to single sign on services, Kerberos Federation, the domain, how the machine is connected, whether it’s hybrid or non-hybrid network.
In this case, this machine is connected directly to a local domain. It might act a little bit different when connected to an Azure domain, so stay tuned for a future video on this topic.
3. Login with an iPad
Go to the website of the Outlook with the iPad. Actually, the iPad already remembers that address if you have been there before. After entering the email address, you will be led back to the ADFS service and then from authentication directly into Outlook. I will get the same emails as just before, even the same work files.
Technically, by going to the VPN administration of the iPad, you can see that I have enrolled a certificate for Pia into the key chain of the secure storage of the iOS unit, which is a service that we do from the GlobalID product to make it simple for users to use a device like the iPad.
4. Login with an iPhone
This process is similar to the iPad. When enrolling Pia here to use the standard iPhone email application, I chose Microsoft Exchange and then her email account. Then we step through the ADFS selection and it takes just a few seconds for the exchange to refresh and fetch the emails. Then we have the same welcome to Liga Software message as seen before on the iPad.
5. Login via Remote Desktop with RDP
Pia has an RDP shortcut on her desktop. This is a LIGA service that can be exposed to the open internet because it’s using a combination of two-factor authentication and a secure login into the service. It can only authenticate if you bring this with you. It is also very important to stress that the technology we’re using does not require any authorization directly to the Windows operating system which means that users can just plug in a token or card into a PC or location and they are able to authenticate directly into your environment.
I can choose Pia and go to my organization’s federation site. I would be asked to enter my PIN code for the smart card. And I will be authenticated to my email application and find, yet again, the same emails and the same system seen before.
6. Login with VMware Horizon
The VMware Horizon client is set up as a shortcut on the desktop and after clicking on it, Pia is asked to enter her PIN code. We have set up Horizon to only allow for a smart card login. This not only gives a high level of security, it also provides a great level of convenience for the users.
And you see immediately that I’m Pia and you will see in a second that I get my remote desktop and I can go to outlook.office365.com and enter the email of Pia.
I am redirected to my ADFS service, log in with my certificate, and away we go. Keep in mind that this is a service that runs in a virtual environment on another server, separate from this physical machine on which I’m demonstrating from.
That’s it. Six most excellent login methods which enable you to securely connect into your work account, work securely, sign out, and disconnect with the help of our Liga GlobalID.
A SINGLE PLATFORM FOR SECURING USER ACCOUNTS
Identity is the new perimeter. Address the most urgent cyber security issue with our GlobalID Platform for securing your users.