Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) is an industry standard that enables XML-based applications to securely exchange authentication, attribute and authorization information between other SAML-compliant applications. This removes the need for costly, difficult-to-integrate proprietary solutions and improves the efficiency and security of working in multi-domain environments.

SAML use-case support

RSA Federated Identity Manager is designed to support the most common SAML use cases. Organizations can deploy any or all of the following:

• Web single sign-on—Authenticated web users can easily move between applications within your environment or among your business partners without re-authenticating themselves.
• Attribute service—As a user moves from one web site or service to another, RSA Federated Identity Manager allows applications or web services to contact a centralized service to capture additional attributes about that user, such as role, employee ID number, purchasing power or account balance. The module lets you control which attributes are shared between business partners and how that information is securely exchanged.
• Authorization service—Similar to the attribute service, the module serves as a centralized source of authentication information for applications and web services, providing user identity information, as well as where, when and how users were authenticated. This information is invaluable in determining whether to grant access to a particular service or application.

Low cost of ownership

RSA Federated Identity Manager is a complete solution, enabling organizations to shorten time to market and achieve low cost of ownership by providing out-of-the-box functionality that will continue to evolve in step with emerging standards. Value-added features included:

• Automated tools to speed deployment time, such as the ability to clone business and security policies
• Name-mapping plug-in to help resolve disparate user-naming conventions between you and your business partners (e.g., John_Doe = jdoe = Johnd)
• Support for digital signing and local and remote digital certification validation
• Flexible and secure deployment models that fit into virtually any architecture

Flexibility, Extensibility & Investment Protection

Through the RSA Federated Identity Manager’s innovative plug-in framework, the product is able to integrate with a company’s existing identity infrastructure such as data repositories, authentication services, attribute services, provisioning tools, access control products, Web servers and application servers, so you can deploy with “plug and play” speed. The plug-in architecture, along with extensive developer documentation, enables fast and easy integration, leveraging a company’s existing IT investments.

A full repertoire of plug-ins is available to protect and extend our customer's investment including;

• Native RSA SecurID two-factor authentication integration
• Native RSA ClearTrust web access management integration
• Integration with other web access management solutions
• Microsoft Windows login federation
• SQL integration
• LDAP integration