ebook

Entrust Identity
as a Service
Cloud-based platform for intelligent
identity and access management
Digital business demands a modern identity strategy

For today’s digital business, home-grown manual IAM approaches

aren’t sufficient because they can’t: 1) authenticate customers
without negatively affecting their experience 2) support employees’
demand for access to more apps and data 3) support the rapid
adoption of cloud services 4) provide secure, regulation compliant,
and cost-effective data integration across multiple user populations.

— Evolve Your IAM Strategy For Your Digital Business

Merritt Maxim & Andras Cser, Forrester
December 4, 2020

2
Table of contents
THE IDENTITY PLATFORM THAT
REDEFINES AUTHENTICATION

Today, enterprises are dynamic and ever-evolving. Transformational Use Cases

Furthermore, adoption of mobile and cloud applications are VPN ACCESS................................................................................. 4

Streamline remote access
changing the business paradigm.

In parallel, authentication needs are changing. Passwords MOBILE............................................................................................ 6

Unlock the power of mobile
and other legacy authentication methods just don’t cut
it anymore. As enterprises transform digitally, they need
authentication solutions that tie seamlessly into today’s CLOUD SSO................................................................................... 8
Seamless access to all apps
working environment and the needs of today’s users –
as well as a foundation for future needs and growth.
PASSWORDLESS LOGIN....................................................... 10
Seamless and secure login and logout

A modern approach to digital identity CUSTOMER AND PARTNER PORTALS.............................12

protects sensitive applications and
data; unifies treatment across channels,
populations, and hosting models; and scales
to meet today’s dynamic business needs.
Digitally connect and collaborate
PRIVILEGED USERS..................................................................14
Critical on-premises systems and apps

Evolve: Your IAM Strategy For Your Digital Business

Merritt Maxim & Andras Cser, Forrester
December 4, 2020
3
VPN access
Streamline remote access Secure and simple VPN access is
now a necessity
Out there in the real world, the people who drive the business need to get things
done — and they see the devices and systems they use as part of the solution.
What they don’t need is for them to be part of the problem. And when it’s the
latter, it’s a problem for everyone – the team, the client, and the enterprise.

Unleash the power of VPN access

• Tailor security requirements to all your • Simplify provisioning and deployment Workers use an average of
user groups 3 DEVICES EVERY DAY
• Minimize infrastructure costs to do their work1
• Contextual and behavioral adaptive
authentication

72% of the world’s

employees will be
mobile workers by 2020

Key takeaway
Work anytime, anywhere with secure and simplified VPN access.

1. Citrix Mobility Statistics, 2015

4
VPN access
The challenge
Remote teams need access to applications in the digital
enterprise, and they need them fast, securely, and
seamlessly. In a world of real-time competitiveness, the
friction of complex authentication is a serious threat to
the enterprise.
Hard tokens that are time-consuming, passwords that
are easily forgotten – the challenge of getting into
VPNs internally and remotely is a pain point employees
don’t need.
And individually keying in passcodes, character by
character, is desktop ergonomics in a mobile age – it’s
slamming the brakes on your team before they’ve even
gotten into the race.
CHOOSE ENTRUST IDENTITY AS A SERVICE FOR VPN ACCESS
• Mobile Smart Credential
• Adaptive authentication
• Mobile push
• Biometrics
The solution
Mobile push authentication puts the power of the
enterprise in the hands of the people driving it forward.
Transforming the user experience with just a push of a
button, employees can quickly and easily log in to their
VPN – removing user frustration.
Alternatively, the added value of mobile smart
credentials push authentication builds on the public key
infrastructure because the private key never leaves the
device. It not only offers the edge for physical access
and smart card login, it also extends compliance to a
wide array of regulated markets.
And, crucially, mobile smart credentials keep the
business protected and secure. It also simplifies the
I trust that
process by leveraging transparent two-factor
authentication, which ensures the network can trust the security can
be simple
identity of the person trying to access it.
• Face recognition
• Scale on demand
• Proven integrations for all major VPN solutions
5
 Mobile
Enabling a trusted mobile experience Mobile is reshaping
the enterprise
Mobility has reshaped the enterprise, and employees have become used to a
blended day of work and life that revolves around their device and the amazing
convenience that can deliver. Go one step further and transform the user’s mobile
device into their trusted workplace identity, wherever that may be, with the option
to grant secure access to company resources passwordlessly.

This new mobility is a gift for the enterprise. In just a few years, mobile devices
Annual increase
have pushed productivity levels to peaks that were, not long ago, unimaginable.
in managed devices2
But nothing comes without risk. And managing this risk is a day-to-day challenge
for all IT departments.

Unleash the power of mobile

• Go passwordless • Highest level of security

• Totally transparent to the user •S

 treamline access to your digital
enterprise Company leaders believe
• Increase employee productivity significant remote
• Unified platform experience workforce is permanent3

Key takeaway
Frictionless user experience with the highest level of assurance, delivering
increased productivity.

LE AR N M O R E 2. IDC Mobile Worker Forecast, 2015

3. Gartner Return to the Workplace Benchmarking Against Your Peers Webinar Poll, 2020
6
Mobile
The challenge
Employees are spread across different locations and out
in the field, demanding the same access to applications
that they enjoy in the office. But nothing comes for free.
Along with the ubiquity of tablets and smartphones and
the powerful business impacts they bring, comes a new
security paradigm.
The world of work may have migrated from desktop to
mobile, but how do you protect the enterprise in a digital
world packed with security challenges? An alternative
token, such as the derived personal identity verification
(PIV), takes the usability of authentication to a new level.
In regulated environments especially, where PIV
authentication is mandated, organizations are forced to
find a solution that utilizes a virtual smart card.
CHOOSE ENTRUST IDENTITY FOR MOBILE
•N ative integration with leading EMM
applications
• Adaptive authentication
• Mobile as a Service Smart Credential
The solution
Enterprises that face sophisticated attacks every day
also need to deliver a seamless experience to employees
working hard to give their company the edge. It’s a
tough call.
The solution is a trusted digital identity delivering a user
experience that takes the friction and frustration out of
authentication. Now, a virtual smart card embedded in a
device can deliver seamless, secure, mobile access that’s
invisible to the user and indispensable for the IT guy.
Liberated from the pain of old school authentication,
staff work harder, faster, and more competitively. The
successful fusion of usability and strong security is no
longer a theory — and it’s putting the power of anytime,
I trust
anywhere identity authentication at the heart of the
enterprise. hands-free
authentication.
•S oftware developer kits (SDKs) to embed identities
into a mobile platform
• Mobile pre-check
• Mobile push
7
 Cloud SSO
Seamless access to all apps Cloud is a must-have

Cloud solutions such as Microsoft Office 365, Salesforce, and Box have disrupted
traditional business practices by changing user behavior and expectations.

Because of the rapid adoption of the cloud, there is a need to decouple

credentials for every unique cloud application so the organization can leverage a
single, strong credential. The results streamline user access as the same credential
can be used for internal apps, VPN, and workstations for example. And it allows Without cloud apps, tools,
you to control your authentication policy rather than having to rely on individual and services, we could not
Software-as-a-Service provider approaches. have sent millions of workers
home, maintained global
Unleash the power of cloud SSOs supply chains, or shifted
entire business models in a
• One identity to access on-premises •T
 ailored experiences for every user matter of weeks
and cloud applications
•F
 ewer IT help desk calls
• Improved user experience with
NEARLY
transparent security and broad
enablement 9-IN-10 CEOs
View cloud-based
infrastructure as the key
to growth4

Key takeaway
Work anytime, anywhere with secure and simplified VPN access.

I N FOG R APH I C
4. Forbes Insights 2016 Study, “How to Win at Digital Transformation: Five Steps Digital Transformation Leaders are Taking”
8
Cloud SSO
The challenge
The growing business needs tools – and lots of them.
Tools that allow users to manage multiple credentials
and avoid the security nightmare of passwords being
reused for every application.
Office 365, Salesforce, and Google Docs are just some
of the critical applications digital business employees
need at their fingertips — instantly and without a second
thought. But in a climate of daily threats and security
challenges, IT needs frictionless, high assurance methods
that protect outside the traditional enterprise security
parameters.
IT professionals need a security platform that spans all
the tools of the digital business. It’s a tough ask in a
tough market.
CHOOSE ENTRUST IDENTITY AS A SERVICE FOR CLOUD SSO
•  asswordless access
P •R  eal-time security reporting standards (SAML)
• User self service
• Adaptive risk-based authentication
• Advanced mobile security
• Cloud or legacy apps
The solution
Identity as a Service means that you only have to
authenticate once to get instant access to all your
business-critical apps.
With SSO, you’re in. No passwords, no tokens, no cards,
just a secure, seamless experience. And with the
top-level assurance capabilities required by government
departments and global finance organizations, you can
enjoy secure access to internal enterprise apps, web
apps, Microsoft environment, and any other web access
management systems. The same credential can be used
for VPN and workstation access and you can configure
the service, so it’s up and running in minutes.
I trust in
a security
platform that
spans all our
digital business
needs.
based integrations
• Effective provisioning with integration to Active Directory
• Configure/deploy in minutes or hours versus weeks
and months
9
 Passwordless login
Seamless and secure login and logout Unauthorized access puts
enterprises at risk
From an IT perspective, passwords are notoriously insecure. From a user
perspective, passwords are annoying. For strong security and an enhanced
employee experience, take your workforce passwordless. Entrust has been
offering passwordless solutions for 7+ years, including: 80
• Mobile-derived PIV solutions

• Proximity workstation login of hacking related breaches

caused by compromised
• Passwordless SSO authentication credentials5

Unleash the power of passwordless login

• Secure • One-time user registration $6T/year

• Increased workforce productivity • Reduce TCO Global cybercrime
damages predicted to
• Unified access reach $6 trillion annually
in 20216

Key takeaway
Highly evolved security for your enterprise. Simplicity for your users.

WATCH TH E VI D EO 5. Verizon Data Breach Investigations Report, 2020

6. Herjavec Group Official Annual Cybercrime Report, 2019
10
Passwordless login
The challenge
Lost, stolen, and damaged data. Financial theft. Hits to
productivity, intellectual property, business disruption,
and reputations. The list of cybercrimes goes on ad
infinitum. And amongst different cybercrimes, 80% of
breaches are a result of hacking credentials – typically
passwords.
With cybercrime growing at an alarming rate, passwords
create vulnerability for enterprises. Yet the average
employee uses 36 cloud services at work, and accessing
those applications requires multiple passwords. If
compromised, those passwords put you at risk of data
loss and unauthorized network access.
CHOOSE ENTRUST IDENTITY AS A SERVICE FOR PASSWORDLESS LOGIN
• Happier users
• Unburdened IT
• High assurance credential based
• Proven
The solution
Taking your workforce passwordless creates a secure
digital identity on the employee’s mobile phone using a
PKI credential that is unlocked with biometric
authentication, such as fingerprint or facial recognition.
This ensures that the credential holder is, in fact, the
credential owner, protecting workers’ digital identities
and corporate assets. And, by replacing the password
with a high-assurance passwordless solution, you are
also creating an effortless employee experience –
especially when combined with SSO for cloud and
on-prem apps, including legacy.
Passwordless options for consumers include using
smartphone biometrics or FIDO tokens with BYODs.
• Unified SSO
• Reduced TCO
• Flexible deployment options
• X.509, PIV, PIV-D, and FIDO2 compliant
11
 Customer and partner portals
Digitally connect and collaborate

Enterprise stakeholders can often be forgotten in the drive to make IT work for
the team, but they’re the lifeblood of the organization, be they clients, customers,
suppliers, or contractors.

The first encounter a stakeholder has with the business might well be through
an authentication experience, which can set the tone of the relationship as it
develops.

Unleash the power of customer and partner portals

• One easy-to-manage credential for •E
 xpand relationships with customers
secure, flexible access and partners

• Transform your enterprise from • Integrate customers into your

customer-aware to customer-led innovation processes in real time

Key takeaway
Give external users access to the apps, information, and networks you choose.

LE AR N M O R E
12
Customer and partner portals
The challenge
Never has the phrase, “the customer rules,” been more
important than it is today. Making an organization
customer-led is crucial for success and profitability, and
in the digital space, that means frictionless identity
credentials.
Reaching new markets, expanding existing relationships,
and delivering competitive and excellent customer
experiences is also important, but those outcomes aren’t
guaranteed.
In fact, several high-profile breaches have originated
from weak partner credentials being stolen. Without an
authentication pathway that is frictionless, customers
and partners will associate a painful process with the
brand, driving decisions that will impact the business.
Enterprise IT managers need an authentication solution
that enables a customer-led business.
CHOOSE ENTRUST IDENTITY AS A SERVICE FOR CUSTOMER AND PARTNER PORTALS
•A  daptive authentication, such as device
fingerprint, device reputation, geo-location
• Out-of-the-box onboarding tools
• User self-registration and management
The solution
For organizations with external users that require a
simple, low-cost solution that does not require mobile,
grid, and email can offer a pragmatic option.
Users enjoy flexible access through a wide range of
authentication choices – from OTP to hardware tokens
and grid cards. But it goes further. The solutions for
customers are scalable, as they grow in number and
their needs and expectations evolve, so the
authentication infrastructure adapts to the new realities.
Trusted
connections
allow my
• Wide range of authenticators to choose from
• Transparent, secure user experience
company
to thrive.
• Mobile innovation
13
Privileged users
Critical on-premises systems and apps Trusted identities ensure digital
business success
It’s tough at the top, and tougher still at the heart of the most sensitive IT
platforms in the enterprise. Keeping them safe and making sure the correct MORE THAN

7-IN-10 CEOs
identities are connected to them is one of the most crucial jobs an IT manager
has to navigate.
feel they are not fully
And admin accounts are often targeted as the ingress to much more corporate prepared for a cyber event7
data. It’s tempting to ramp up the complexity in authentication, but it’s also
putting the brakes on competitiveness, so what’s the solution?
UP TO
Unleash the power of privileged users
• Secure access for IT, anytime, • Frictionless user experience
anywhere
• Protection against evolving threats
40
• Trusted access for privileged users

• High-value transactions of all digital initiatives

will fail due to
mismanagement of
identity-related
requirements

Key takeaway
Strong authentication and trusted security for critical resources that sit inside
your firewall.

7. Hiscox Cyber Readiness Report, 2020

14
Privileged users
The challenge
At the nerve center of the dynamic enterprise are
systems, information, and platforms that only a few
should have access to. High tech, government agencies,
and finance departments all safeguard a range of
sensitive material, ranging from intellectual property to
national security assets and market critical data.
Not just that, executive outcomes that can make or
break the organization are enacted through systems
where additional assurance is essential. As project-
specific contractors come and go, informational
gatekeepers need to be confident that they are giving
access to the right people. But even at privileged user
levels, a frictionless experience is vital to ensure the
smooth and competitive running of the enterprise.
CHOOSE ENTRUST IDENTITY AS A SERVICE FOR PRIVILEGED USERS
•  obile push
M •A  daptive authentication
• Dual approvals
• Mobile Smart Credentials
• BYOD and Mobile ID precheck
The solution
Flexible, secure access and frictionless authentication is
essential, making adaptive authentication key to
providing transparency and only enabling step-up
authentication when the risk is elevated. With the ability
to tailor policies per user, the process is truly frictionless.
Even at the privileged level, solutions need to be scalable
so they can stay the perfect fit for a rapidly developing
enterprise.
Certificate-based credentials have a vital role to play
here – PKI, especially when combined with out-of-band
push authentication, can help protect against the most
advanced attacks.
The solution can be configured and deployed with
Whether cloud
or on-premises,
speed, offering time-saving low-touch daily operation
and a unified UX across any device in any location.
I always have
trusted access.
• Easy integration
• Unified authentication platform for cloud apps and
on-premises assets
15
Entrust Identity as a Service

Ready to unleash the

VPN access
Streamline remote access
Work anytime, anywhere
with secure and simplified high levels of assurance, delivering
VPN access.
Mobile
Unlock the power of mobile
Frictionless user experience with
increased productivity.
Cloud SSO
Seamless access to all apps
Offer frictionless access while
providing strong protection
against breaches.
full power of your
digital business?
FI N D O UT M O R E
Experience Identity as a
Service with a completely
free 30 day trial.

START FR E E TR IAL

Passwordless Customer and Privileged

login
Seamless and secure
login and logout
Highly evolved security for
your enterprise. Simplicity
for your users.
partner portals
Digitally connect and
collaborate
Give external users access to
the apps, information, and
networks you choose.
users
Critical on-premises
systems and apps
Strong authentication and
trusted security for critical
resources that sit inside
your firewall.
16
 ABOUT ENTRUST CORPORATION
For more information
Entrust keeps the world moving safely by enabling trusted identities, payments, and data protection. Today more
888.690.2424
+1 952 933 1223 than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase,

[email protected] accessing e-government services, or logging into corporate networks. Entrust offers an unmatched breadth of
digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500
entrust.com
colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s
most entrusted organizations trust us.

Learn more at
entrust.com Global Headquarters
Entrust and the Hexagon logo are trademarks, registered trademarks, and/or service marks of Entrust 1187 Park Place, Minneapolis, MN 55379
Corporation in the U.S. and/or other countries. All other brand or product names are the property of their respec- U.S. Toll-Free Phone: 888 690 2424
tive owners. Because we are continuously improving our products and services, Entrust Corporation reserves the International Phone: +1 952 933 1223
right to change specifications without prior notice. Entrust is an equal opportunity employer.
©2021 Entrust Corporation. All rights reserved. IA21Q3-entrust-identity-as-a-service-ebook-eb [email protected] entrust.com/contact