Single Sign-On

Free your people from password chains. A single set of credentials

gives them access to enterprise apps in the cloud, on-prem, and
on mobile devices

Features

Automatic Authentication

Flexible Authentication Options

User Activation

Browser, Desktop, and Mobile SSO

Self-Service Admin

The Challenge

Enterprise IT is
blowing up
You've gone from managing dozens of user
accounts to managing thousands. Every user
is requesting a unique set of cloud apps. And
they all want to work from anywhere, on their
own devices. Yikes.
We feel you. Okta helps IT teams spend less
time administrating and more time plotting
strategy. We do it by providing a centralized
location where users can simply and securely
access their apps, and where IT can

automatically manage identities, administer

credentials, and secure users' access.

Boost your people's productivity by cutting the time they spend logging in
and getting set up on apps
Decrease IT costs by eliminating helpdesk calls for forgotten passwords, lost
URLs, password resets, and account lock-outs
Get more work done

Adaptive Multi-factor
Authentication
Secure your apps and VPN with a robust policy framework, a comprehensive set of
modern second-verification factors, and adaptive, risk-based authentication that
integrates with all of your apps and infrastructure.
Learn more

Features

Robust Policy Framework

Comprehensive Set of Modern Factors

Risk-based Adaptive Authentication

Cloud App and VPN Friendly Architecture

Secure your apps and on-prem resources with flexible

access policies, multiple verification factors, adaptive
authentication, and prebuilt integrations with all your
apps and VPN

ROBUST POLICY FRAMEWORK

Protect your company's data without locking down your

employees' lives. Define how often Okta prompts users for
additional verification. Set contextual access based on:

User identity

User group membership

Network

Application

Device

eXus SSO - Easy one-click access to all your applications!

Do your employees have to access multiple applications, each with individual logins? Are your employees
compromising on security by keeping common passwords across applications? Is your IT Admin team
spending more than 50% of their time resetting forgotten passwords?
neXus can help!
We offer you a one-click solution to access all your organisation-approved applications both on premise
and on cloud. neXus Single Sign On (SSO) is a simple and easy solution for your employees password
fatigue.

neXus SSO Benefits:

Increased Efficiency: IT Admin spending less time on password resets; increased employee
productivity
Stronger Authentication: SSO combined with neXus two-factor authentication ensures better
security across organisation
Meets Compliance Requirements: Can integrate role-based/ policy-based application access;
customizable report formats
Supports Identity Federation: It allows you to extend secure access beyond the enterprise firewall,
to other cloud-based, customer or business partner applications. This can be further extended to Just
in Time Provisioning for cloud applications well.

We would like to take you through the detailed feature list and how best neXus SSO can work with your
environment. Please free to write to us or call us to fix an appointment.

Note of SSO
How many passwords can your employees remember and how much time must your admin
spend on resetting passwords? How about one click access to your organizations
applications on premises or on the cloud? Most employees tend to re-use passwords or
keep common password for all applications compromising on security.

Single sign-on (SSO ) is a user authentication process that allows a user to enter
one name and password in order to access multiple applications these
applications could be residing anywhere . SSO authenticates the user for all the
applications they have been given rights to and eliminates further Username / Password
prompts when they switch applications during a particular session.

The user gets to see only those applications that he has access to for eg. a sales
guy may not have been access to Accounts Application hence when the sales guy logs in
he does not even see the Accounts Application Logo in his URL . Since SSO is like one Key
which opens many doors hence many enterprises combine SSO with 2 factor
authentication to ensure that only the right user access these applications.
Nexus SSO solution can combine SSO plus 2FA. The Nexus SSO solution actually helps in
security and compliance since all the access to applications is through the SSO gateway (this
is an SSL encrypted Gateway) we can very derive reports of who has accessed what
applications for what duration etc. and these reports can be used for compliance as well.
Access for Admin ( via Putty etc) can also be done through the SSO as well and they can be
held accountable for their activities -

Another important feature to note is that there are 2 Types of SSOs Enterprise SSO which
works with Web based applications and Client server applications this requires a client to be
installed hence does not work for mobile users / Home PCs etc . Nexus is not into
Enterprise SSO and this is not very popular well.
The other Type of SSO is Web based SSO which works for Web based applications/Terminal
servers / Telnet / SSH and other Text based clients. The Nexus SSO does not require any
clients and does not require you to change you applications. It works with applications which
are not integrated with your AD as well. For integration with various applications Nexus
support various standards like ADFS, SAML ,. Oauth etc One Term you must be familiar with
Is Identity Federation which is basically linking a persons identity across multiple
different systems this is basically the technical term for SSO over various cloud
applications if a customer uses this Term it implies that he is looking for a kind of SSO
which Nexus can very well handle .

What type of organizations needs SSO

1) Target companies with a minimum base of 250 employees
2) Companies which have a mixed environment of on Premises and cloud applications .
3) Companies which have compliance requirements eg Hippa SOX , typically software
and outsourcing companies are big on this
4) May not have cloud but has multiple applications New and legacy and employees
who fall into different business roles .

Agent:
Mr.XXX, May I take few minutes of your time to brief you on Nexussafe SSO and
identity federation
Prospect:

Sure.

Agent:

Thank you Mr. XXX.

Nexussafe, Headquartered in Sweden & offices across India & worldwide. We are world
leaders in the Multi factor authentication, Remote access, PKI and SSO space
.

Prospect:

Thats ok but I am interested in SSO

Agent:
Let me brief u on single sign on and identity federation. There 2 types of sso web
based sso and enterprise sso. We are not in the domain of Enterprise sso only web based sso. This
works for all web based apps/ Terminal servers and can be accessed from any device without the need
of any client agents or any change In your applications does your company use any cloud
applications ?

Prospect:
Yes do use Salesforce.com and Amazon cloud , I am looking for a SSO for my cloud
applications plus in built applications
Agent:

Great our sso works apart from Web apps with Telnet, SSH and Terminal server as well.

Prospect:

Great , will your SSO solution meet my compliance needs

Agent:

Sure by default we support SOX Hippa and other compliance report formats you can
customize the reports as well .

Prospect:
the solution.

Would like to have a POC or webex session on the same .Also send some datasheets on

Agent:
No Problem We will arrange the same. However u needs to reconfirm on the number of
users and applications u are using.
Prospect:

Eg we have 6 apps and 500 users

Agent:

May I know whether you have allocated any Budget or it can be created?

Prospect:

Budget is not an constraint , if the product meets my requirement then i will go

for it.

Agent:

May I know who will be the final decision Maker & whether they will be part of
this demonstration.

What is 2 FA
2FA for Multi Factor authentication is a 2 step verification process . What the user
knows ( user name / password ) is called the First Factor of authentication , what
the user has ( a Hardware token , SMS OTP or Crypto Token containing a digital
Certificate) is known as the second Factor of authentication and finally what the
user is ( Biometric ) is the third factor of authentication .
User name and Password is static information which is likely to get compromised in
various ways hence a extra layer of security is required in the form of a 2FA which
contain usually a dynamic piece of information like a Hardware token with a number

which changes with time or an OTP which is a different number every time . The
most popular form of 2FA today in the Corporate world is Soft Tokens. A soft token is
an app which is installed in your laptop/ Mobile or Tablet and has a PIN which is
secret and known only to the user, every time the PIN is entered the App throws an
different number which is your OTP. This works like your hardware token except that
it is using the computing power of your mobile device. Soft token avoids headaches
of SMS services and also logistical and battery life issues of Hardware tokens
Who are the Potential Users of 2FA ?
Well anyone with a concern for security is a potential users. However for the
purposes of lead Generation let us look at the following criteria
1) Any one using SSL VPN- SSL VPN is used to give access to users from outside
the LAN , these could be customers and Partners . SSL VPN has a username
password and a 2FA is a excellent additional layer of security. The SSL VPN
could be from any brand it does not matter . Usually someone with more than
200 SSL VPN users goes for 2FA
2) Any Enterprise using cloud based applications like Office 365 or Google apps,
the reasons are obvious now even Microsoft promotes cloud based 2FA
however giving your security to the same Service provider who handles your
data is not such a good idea. We give a in premise 2FA for the cloud users.
Companies often have their servers hosted in DCs these enterprises are also
good potential users of 2FA .
3) IT/ Ites/ Research firms These enterprises sometimes have multiple users
accessing the same machine hence they have 2FA for Domain users as well.
Many large companies who are sensitive about data security have 2FA for
even offline ( out of LAN ) i.e they want that the user use 2FA to even boot
the computer a combination of Laptop encryption plus 2FA is common for
many large firms .
Invisible Token
Invisible token is an applet from Nexus which embeds itself in the browser of the
device and enables the user to do Device Binding . This method is superior to the
traditional Mac based device binding which can now be spoofed easily . There is no
need to mention to the customer the term Invisble token however customer will
ask if devices can be enrolled and removed easily - and yes we can do the same .

neXus Enables Multi-Factor Authentication for Microsoft Office 365

Multi-factor authentication increases the security of user logins for cloud services above and beyond
just passwords. With a multi-factor authentication solution in place, the user is asked to verify his identity
using more factors than just his password. Additional factors could for example be a code sent to his
mobile phone or a one-time-password generated by a corresponding security app. Multi-factor
authentication offers a pertinent solution to organizations wanting to adhere to modern company security

policies or to simply protect their users access to critical information.

Extend MFA to Microsoft Office 365 with neXus

neXus helps you secure Microsoft Office 365 by providing the secure multi-factor authentication technology
you need.
We offer a software-based solution that lets you choose your authentication method depending on your
specific security requirements. After the user successfully enters his first factor (password) with Microsoft
Office 365, he is redirected to the neXus authentication page, from where he can log in using his preferred
or his organizations pre-defined authentication method.
Authentication methods available for strong authentication with neXus:
Software (Mobile) Tokens
SMS one-time-passwords (OTPs)
Hardware Tokens

You can also opt for device binding as an authentication factor. With device binding, only pre-approved
and validated devices can be used to access Microsoft Office 365. This feature also proves immensely
effective for organizations implementing Bring Your Own Device (BYOD).
The neXus authentication solution allows you to implement a consistent authentication policy for all your
Microsoft Office 365 users. It runs on all devices (laptops, smart phones, tablets) and across platforms
(Windows, Mac OS, Windows phone, iOS and Android).
How can we help you integrate this with your existing infrastructure? Contact us
Learn more about the related neXus products:
PortWise Authentication Server
Hybrid Access Gateway
Invisible Token

We look forward to talking to you in person.