Authentication Integration

HySecure can use existing Microsoft Active Directory, LDAP directory services, Novell e-Directory, RADIUS, or SAML server for user authentication and authorization.

SAML tells external applications and services that a user is who they say they are. With SAML, it is possible to use Single Sign-On (SSO) technology, that provides a way to authenticate a user only once for accessing multiple applications. For example, when one logs in on gmail.com, the user can visit YouTube, Google Drive, and other Google services without signing in to each service separately.

SAML Authentication workflow typically involves three parties:

  1. User: The user who is trying to access the application.
  2. Service Provider (SP): The Application or service the user wants to use, such as cloud email platforms like Gmail and Microsoft Office 365. Usually, a user would log in to these services directly, but when SSO is used, the user logs into the SSO instead, and SAML is used to give them access instead of a direct login. In other words, the SP receives the authentication from the Identity Provider and grants the authorization to the user.
  3. Identity Provider (IdP): A service that stores and confirms user identity through a login process. In other words, The IdP authenticates a user and sends their credentials and access rights for the service to the SP.

This enhances user convenience and security. SAML assertions are digitally signed by the IdP, ensuring their integrity and authenticity. This helps prevent tampering and unauthorized access.

Following are the details required to configure user authentication:

  1. Hostname or IP address of the directory server.

  2. Search path (domain root or OU) under which all the target user account exists.

  3. A service account with credentials (non-interactive login user) with rights, in FQDN format.

  4. Shared secret in case of RADIUS server.

  5. Ports to be opened from HySecure to Authentication Server.

Traffic Direction To Be Allowed Port Number HySecure Deployed in
Outbound Traffic from HySecure Node(s) to Authentication Servers - 389 for User Authentication
- 636 for User Password Change or Secure Authentication
- UDP 1812 for integrating a RADIUS Server		 DMZ