KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Good afternoon, ladies and gentlemen, this is Martin Kuppinger of welcome for our and cold webinar simplify access to web and cloud-based applications without today. It's me Martin of, and it's Hobar of Noel. This webinar is supported by well, and after some general information from housekeeping, we will directly start talking about trends and evolution and solutions in the area of securing access to web and cloud based applications. So quickly and information about Cola Cola.
As an Analyst company, we focus on enterprise it research advisory services, system support, and networking for it professionals through our subscription services, where you have access to our research through our advisory services, where we support you directly in process, product development, other areas, and through our main event is the oops should be there is the European identity conference. For some reason, slide is missing. I will talk about it a little bit later.
The European identity conference, however, is the main conference around identity access management, GRC, large security in Europe. It is held in Munich 10th, 13th of May. And by at the end of the webinar, I will also show a slide links to conference. And even you definitely shouldn't miss some guidelines for the webinar. So you are muted centrally. You don't have to mute around yourself. We are controlling these features. You don't have to care about this. We will record the webinar and the recording will be available by tomorrow.
In addition, we will also make the presentations of both panelists available for download as PDFs. So you can also access the information later on. QNA will be at the end. So you can ask questions using the Q and a tool. Anytime we will pick the questions at the end, or in some cases, if appropriate, we might also pick the questions during the webinar, always recommend the attendees to, to end our questions once they come to their mind, because we don't have a comprehensive set of questions.
When we start with the Q and a session today, like, like in most called webinars, we have two speakers. My part Martin Ko will be about status trends and access management, and how to use access management as a central layer for authentication and authorization management.
So, so why is this technology thought for quite a while? Still a very relevant one second part will be then done badly or worth of Nobel, even talk about use cases and best practices for implementing secure access management for web and cloud. So he will look a little bit more on the customer use cases. Third part then like I've said, will be the Q and a session. If you have any questions, trust, enter these questions so that we have them available at the end of the webinar. Okay. To start.
So, so when we look at the, the reality of, of it data, and we have a lot of places where we do authentication, we have our primary authentication to the operating systems. We have sometimes an enterprise SSO in place where we can do a single salon from multiple applications from our windows or our system may for windows. Most solutions are focused on that. We might have some specific things around privilege, shared account.
So specific solutions out of the P XM area, the privilege user access account, whatever management we have, the web SSO, and as part of the WebEx dis management, which is authentication historically seen primarily for external users. It's not necessarily required if you, if internally an Esso deployed, but there are some good reasons, especially, especially when we look at the, the cloud applications for internal users where it definitely makes sense also in that direction where it also allows us to do some, some things around access management and control.
So it's something which is really interesting. And over the time also, it became something which is internal and external. We have a lot of application specific authentications, so all the non integrated things. So since not relying on the primary authentication, the Esso, the web single are on. And finally we have the clouds SSO. So SSO in the cloud for the cloud, which is something where I'm a little bit reluctant on. Why should we have yet another single silent solution out there doing things only for the cloud in the cloud?
So interestingly, most of the solutions in that are area also moving a little bit forward towards supporting different things. So internal, external applications, internal, external users, and flexibility, I think is a very important thing. Cause in that I think that the area of web access management that's what I will cover today was in most of my slides is a particularly interesting one, even while it's sort of an established and technical thing. It helps us to do a lot of things, especially when it comes to, how can I make authentications sort of a little bit more standardized?
So how can I reuse authentication? How can I reduce the tools? If I look at the list from side slide below, we have a lot of different technologies. And I think a very important point is to think about how can we reduce it? How can we reduce the authentication points and technologies, depending on the use cases that helps us with security, we have a centralized control. So we know what is used. It helps us co sufficiency. It helps us with ease of use because we don't have to care with too many different mechanisms. It helps us at the end of day compliance.
So it's sort of strong, affordable, and it should be relatively simple. So that's what we really like to have there. And I think that's a very important thing. And the other thing I'd like to, to touch on is really what does it mean in the context of an overall authentication and authorization strategy? I think a very important thing we have to solve is that we should have relatively few consistent layers for access control.
So we shouldn't have too many different areas where we do everything authentication authorization helps us to have, let's say, points of controls instead of having sort of a non and chaotic approach, which is the reality and a lot of organizations today. So that's about a lot of things about externalizing security out of applications and application out of security, sorry, build on standard application security and services. That's the strategic thing.
However, tactically, we need something where we could do it right now. So in the long term, the best thing is to work against neuro authorization system to do things like entitlement management, but it's very long term approach. And we will have applications probably in 20 or 30 years, which aren't ready to do that to work in that way. I think the trust trust sort of reality, we, we are facing. If you go back to the year 2000, I think many of us were surprised how many applications from the seventies they still had to use.
And there's a very obvious benefit in, in focusing on, on few of these layers where we really put our investments, our efforts in that's, we can wide MIS investments in point solutions, and that's at the end of the day from a tactical perspective. And I would definitely say, it's not tactical in the sense of short term, it's for sure the, the perfect way to do it would be maybe something else, but that's dealing with the reality that's dealing with what we will also face for.
As I said, for the next 10, 15, 20, 30 years, it's built using an access management layer, putting something in front as a consistent layer where we centralize also education against one sorted identities, which might be a virtualized source of identities that might be different directories where it can do authorization based on a consistent out of policies. Sometimes even in the integrative applications, using APIs or other things, we can do all the things C so we can do it there. We have a lot of experience in doing that because these solutions are out there for a pretty long time.
So that's really something which is feasible, which is, could be done relatively quickly, which helps us to address a lot of things. But I'd like to, to, to highlight this. So when I talk about an access management layer, maybe as some explanation, it's sort of, it's sort of a consistent layer. Our it architecture where access management indication is performed. So it's within our, our architecture.
It means I'd like to have few central layers, which are used for as many applications, as many users as possible things going, going through the layer, not a lot of different authentication and authorization mechanism, side by side, where I could easily bypass. So that's what I have in mind with section layer.
And, and that's a look at these things. I have a lot of applications there.
And so, sorry, I obviously haven't inflated this and I've been doing this application for the ones who are not speaking German. So I have a lot of apps out there. I have apps I'm accessing, I have my client, I have my browser and I need to, to find a way to, to deal with this. And so in some cases I could say, okay, it's a Federation endpoint in my application, my client, my Federation endpoint applications, Federation enabled, but it doesn't work in any time.
So in many situations we also need something else because if an application has Federation endpoint, I need something which provides Federation endpoint. And that might be a web access management tool. I might have situations where I don't have Federation end to end. So I need to provide staff service interface, where users can register, where they can do other things. And in some cases, it's just, I access the application. We are my browser. I need the ability to manage the authentication, to manage the authorization in a consistent way.
And that's again where web access management comes into place. So I have different ways and most of these ways are for access can be done. At least when we are accessing, we are browser way of federations can be managed by web access management. So that's sort of one central layer. We can do a lot of things which are related to our technology for web access management. It helps us, we have self service capabilities, access management, authentication, all that type of stuff there enables also. And I think that's a very important part. Helps us also enabling versatility.
I don't know who of you had a look at my block during the last two or three weeks. So I've blocked a lot. And my blog is@blockcovercall.com. And one of the most important topics was in the last weeks was obviously the RSA security ID incident.
So the, the security problem they have experience there. And what I always highlighted was it's about versatility. It's about having the flexibility to add another technology, to replace technology relatively quickly with web access management or access management layers with strategies you have there, which support different authentication technologies out of the box, you gain more flexibility or more flexibility in the choice of mechanisms. And you also can use appropriate mechanisms for different groups of users and different interactions and transactions. So it helps you.
It's not the only thing you need there. You need for sure, some strong ass technologies and other things there, but it helps you to deal better with this requirement of versatility. So one of the ways to enable versatile or flexible exchangeable authentication is a level of web access management. You have building support of a central layer, and you can have a flexible definition of what type of authentication to use. According to the other thing I'd like you to focus on is around external users, accessing internal applications. I think that's a very typical use case.
However, if I look at, for example, our current advisory customers, then it's still not solved or not solved well in many situations. So customers are facing a situation where they say, okay, I have to deal with many more external use, which should have access to some of my applications. That's still relevant topic. You can do it. Those Federation. In many cases, you can't do it with Federation only. You need some for Federation, but you need more. So you need something which is sort of supporting Federation and other technologies, which also again, is a central access point.
The central point of control, one set of policies, support for Federation and centralized auditing. And that's where web access management is. Federation support comes into play again, because that's really where you can then build your access control points. And you can also do it the other way around.
So not only about how do I quickly enable other types of users without having a new infrastructure every time, which is it's also about how can I manage the access to different external services I might use typically I'm, I'm using more and more external services for my internal users and helping them, making it easier. And in that case, again, internal users to external apps, that's where WebEx is. Management is something you should consider having sort of a lightweight Porwal.
For example, for you external applications, where everyone can also indicate once, and then you manage and control how these external applications are used. You have service skills and on you might enable and manage federations if they're required. So it's sort of the door to the cloud applications used by your enterprise. That's again, one of these use cases and that, again shows you can't do a lot of things with, with such layer. You can't do everything with one are situations where you need other things.
If you look at your internal, non web applications and other things, however, it's, it's something which helps you to address a lot of real world issues you're facing virtually every organization. And so that's the reason, in fact, why I think that that looking at web access management, even while the technologies are there for quite a while, it's a very important thing.
And it really helps you to address this, this strategic thing and, and security, which I think is very, very important not to build, to use points another one for the next one, but to, to focus on on few technologies, which cover a lot of different challenges, really help you to address a lot of different things. And so you have one set of policies for a lot of applications, for a lot of different users. You have one point for logging this one point for managing federations one point from authentication.
And in fact, based on the policies authorizations, one sign on to many applications, and that's really the, the particular advantage and charm of this type of solutions that it helps you do such things. It helps you also to do these things relatively quickly because WebEx and so as a layer put in between is, is from my perspective relatively non-intrusive technology. So it's relatively quickly to implement it is something where the S and the integrators have a lot of experience. So these are things where things.
So if I look at this from a strategic perspective of doing controlling, authentic authorization, doing access management, then my result is there are different things you should do. And, and for sure, you should look at how can you externalize security out of applications on the long run, but it's also about how can you have a quickly and a tactical and still long running long to be used solution. And that's where, where management on the Federation capabilities come into play. So that's what I'd like to provide for today, from, from the market and the generic perspective. Right? Right.
I'd like to hand over to Lee who will then talk about specific implementations, best practice use cases from customers, and probably as well, a little bit about the product offering in that area. So Lee, I will make you presenter. And then it's your turn. Sorry.
I've UN, okay, here you go. Thank you, Martin. And thank you for that insight and waiting to receive the, got it. Okay. So let me start by introducing myself.
I'm Lee, how I'm a senior product manager at Nobel focused primarily on Noel. Now, as a follow on to Martin's introduction, we're going to be discussing how access management technologies are evolving to extend levels of control beyond organizational boundaries and into the cloud.
Now what's clear is that access challenges continue to grow brief history lesson, you know, in the early days, access management deployments were often project specific securing access to a small set of resources, and it departments could easily install and manage whatever software was needed to accomplish that task.
But as implementations grew in terms of resources and news accounts, it became more difficult to manage these environments and addressing the increased complexity and management overhead of these expanding environments was actually where Neville's initial entry into the access measure space, excelled it's agentless architecture meant that customers could very quickly secure any standard web application, and they didn't need to wait for the access management vendor to develop an agent nor did they need to update web servers and platforms to support the latest version of an agent.
And that still holds true today. And the role was also one of the first vendors to realize that access management needed to extend beyond web applications. Organizations were deploying separate web access management and SSL VPN solutions. And neither of which had the capability to share policy or session information, which increased management overhead and caused multiple logs for a user.
Now, these access challenges has continued to grow as organizations love to take advantage of online partnerships with the need to provide seamless access to and from partner services. And most recently, these challenges have been further stressed by the introduction of cloud applications, such as Google apps and Salesforce. And many of these cloud providers were initially self-contained and required users to be created and authenticate directly to the service, which introduced a whole new set of risks associated with phishing attacks. And obviously the potential for data loss.
Now, most access management technologies can protect your internal web applications if you can also protect enterprise applications, but how do you extend that control to secure access to partner and cloud applications, and also solve issues related to multi community access to SharePoint, which brings within a whole new set of challenges as well?
Well, for many, the answer is federated identity, and you can find various definitions for federated identity or identity Federation on the web, but it really comes down to the ability to provide single sign onto systems that are in different security domains. Now, Federation technology has been around for nearly a decade and initial use cases centered around business to business connectivity.
And it's true to say that business to business connectivity did exist before identity Federation technology, but these trusted connections were typically need to be custom coded, which wasn't a sustainable model as partnerships increased. And so identity Federation specifications would develop to define a standard way to secure the exchange identity information between different security services.
Now, Federation technology began to be applied in, in other use cases in particular cross-departmental access in large organizations, especially in government. And we saw various implementations across various industries, including travel and finance. And most recently Federation technology has been supported by leading cloud vendors, such as Google and Salesforce as a way to provide its customers seamless access once validated by some form of corporate identity service.
And strangely enough identity Federation is also proving to be an excellent response to solve the challenges of managing access to Microsoft SharePoint when users exist it multiple identity stores, and we'll provide more information on this specific use case later in their presentation. Now, as you can see from the slide, there are a number of benefits that identity Federation can deliver, but in reality, the way some vendors delivered identity Federation, essentially as an add-on to their access management technology often increased complexity and management overhead.
So how can navel help to not only secure access to the variety of resources within your environment, but also provide a federated identity solution that can provide access to partner and cloud services and do that in a simple way, easy to install and manage? Well, the answer is with navel access manager. So this is the, the access management technology that Martin was just talking about. And not only is navel access manager, fully enabled web access management solution, providing authentication authorization, web single sign-on personalization and auditing.
It does also include an SSL VPN so that you can provide secure access to enterprise applications for users, users that are outside corporate firewalls and more so with access managers, identity Federation capabilities, they are built into the product. So there is no need to purchase or install additional software to provide federated access and access manager can act as both identity provider, meaning it can provide a federated authentication and service provider, meaning that it can consume a federated authentication for all major specifications, including SAML and Ws Federation.
Now, if I had to describe only one clear benefit of access major, it would be that it can secure access and provide federated authentication without having to deploy any software on your web service. But there are obviously more benefits now, users, what we call access gateway technology that prevents direct connections to the web applications immediately increasing overall security and ensures that a user is authenticated and authorized before it passes the request onto the web server.
And due to this capability in caching features within the gateway, we've had numerous customers that tell us that the access gateway has allowed them to reduce the number of web servers required to maintain levels of service. And the gateway can also help further reduce infrastructure costs by reducing the number of public IP addresses and SSL certificates that are required to, to put our actual service out onto the internet.
And especially when those services are within the same domain names as navel.com and whatever a user needs to be authenticated either in the form of a direct authentication or via identity Federation is the responsibility of a component in access manager called the identity server to validate the user's identity against configured LD app stores, as well as generate role information based on the user's identity, which can then be used by access manager's policy enforcement points to determine appropriate levels of access.
Now, various forms of authentication are supported out of the box, including standard name, password X 5 0 9 certificates, tokens and biometrics if needed. And it also supports open ID and Microsoft information cards. And once you use, as identity has been validated, and roles have been defined, access manager performs a single sign onto any standard web server, either by populating an authentication header or by performing a form fill both of which rarely require any modifications to the web server.
And in addition to providing a single sign-on access manager is also able to provide identity information that allows the web applications to personalize the content such as the typical good morning type of messages that you see on webpages all can be used to provide additional authorization within the application. So it really is providing this central point of access and access control that Martin was was talking about earlier.
Now it actually provides identity to these applications using a process call identity injection, and web developers tend to love this feature as it means that they don't have to write code in the application to go and retrieve identity directly from some kind of LD app store or database. They simply need to grab the identity from the web headers that the access gateway is forwarded, which again is, is a very standard way of doing things in the web world. It's out of the box capabilities are extensive, but should customization be required to meet specific project goals.
APIs are available to interact with the products, authentication, authorization and services. And for those of you that are interested in going beyond just web access management and are interested in the products, SSL VPN capabilities, it is a very capable service supporting windows, Mac, and Linux clients. And it has the various client integrity and desktop cleanup capabilities. You would expect such as checking that virus, scanners and firewalls are enabled.
Now, one other note about the products Federation capabilities, in addition to its support of multiple specifications, you know, again, including Sam one, Sam two, and Sam stands for the security assertions, markup language Ws Federation and Liberty Alliance. The same benefits that the access gateway brings to protecting web applications without the need to install additional software extends to Federation enabling those services as well. Access manager is actually able to transform federated identity into standard web headers and query strings that again, any web server can interpret.
Now, one of the challenges that we've talked about is providing multi community access to SharePoint. And so I wanna get into providing more information about what that challenge is, and again, show how navel can help with it. And we know organizations are struggling with this today.
And, and the fact is that Microsoft SharePoint doesn't handle multiple identity stores very well, especially when those stores aren't active directory, but in many large organizations, different communities of users, such as employees, partners, and customers are often managed in different LD up stores.
And typically the SharePoint administrator has to have found some way to represent those identities into a single active dietary, which requires some form of, of manual process, manual registration, perhaps, or use a provisioning solution, both of which can increase management, overhead and costs, and neither option addresses federated authentication from business partners. A great example of an organization that has suffered through these challenges is Volvo.
It has its users represented in thevery and doesn't want to go through the pain of managing users in active dietary for SharePoint access, not does it want to manage security definitions in multiple places. So let's take a look at how access manager can help. So in this scenario, notice that we've introduced nav access manager, which becomes the central authentication point. Whenever users request access to SharePoint. Now the identity server component of access manager is able to validate identities across multiple ID stores.
So solve the Ry active dietary sun, really any ELD up store, as well as being able to provide federated authentication using any of the specifications that we've mentioned. And once the user has authenticated access manager transforms the identity either from LDAP or federated source into a set of claims that are forwarded to SharePoint, either via active dietary Federation services, or more recently with Microsoft SharePoint 2010, which has its own claims directly. In this case, the SharePoint administrator doesn't need individual identities in SharePoint's identity store.
He or she simply needs to map the claims. SharePoint receives via IDF ADFS from access manager to SharePoint groups, which then obviously determines access levels within SharePoint. Now this process is very similar, whether using ADFS to interpret the claims or Microsoft SharePoint, 2010s own Federation, not only simplified SharePoint manager from the administrator's view, but we've also improved the user by giving them single sign on access to any other web application access manager is.
And the key thing to bear mind here is that when we talk about single sign on to any service that access manager is protecting, that's not only the internal web applications, but that could be a federated authentication out to a business partner, a federated authentication out to a cloud provider as needed. And as we've already stated, access margin includes identity Federation. So this capability that we're talking about here is available out of the box. You just need to configure the trusted links between ADFS or SharePoint, and then configure those SharePoint group mappings.
So this is a great feature, and we know a lot of customers that are struggling with this that will benefit from this capability.
Another challenge that access manager can help with is when organizations have to manage many federated connections now not wanting to get too technical, but a traditional federated connection involves the configuration of a trusted link between an identity provider, which as we said before, provides the federated authentication to every service provider, which is essentially the web application that the customer's trying to get access to, which consumes that federated identity, that trusted connection is established in the form of, of something called the exchange of metadata.
But I don't need to get into that right now, but essentially there's, there's a lot of effort involved in this. Now you can imagine with a small number of partners, this could be fairly manageable, but let's take an example of a government customer that navel has today, which has over a hundred departments each with its own it infrastructure, each having its own sets of IDP. So identity provider and SP service provider services, a user from one department needs to gain access to single silent, to every other department within the governments.
And so administrators have to create trusted links to the service providers in every other department, as well as a trusted connection to each department's identity provider, because every other department's users have to get single sign their services as well. And not only is this complex to initially set up, I mean, you can imagine the number of trusted connections that need to be set up here. It's also complex to manage as these trusted connections involve certificates that are gonna expire.
So again, how can navel help with this management nightmare? Well, we recently added a feature to Navis manager that we call SP brokering, which as the name suggests can broker a federated authentication between services without the need for the traditional trusted links between those two parties.
So if we apply this to the government example, which you've seen rather than having to create and manage individual links to all of the departments, each department could actually create a single identity provider and service provider connection to access manager, which in turn would then broker and authentication to any other department that has also established a link to the broker. Now departments could be using different federated specifications.
For example, one department could connect to the broker using Ws Federation and then access services in another department that connected to the broker by SAML two, the broker can also be configured to build groups of trusted services, restricting access to specific departments if required as well as enabling role-based policies that can determine if the user is even allowed to request authentication to a specific partner service.
Now, this is obviously far easy to implement and manage than establishing individual connections, but it is also simplified the process of providing seamless access to cloud applications, such as Google apps. You know, if they just basically add one of these software as a service applications, to the same broker, any departments could connect to that SaaS service through the broker with all the same levels of control we've just described.
Now, obviously these capability has benefits that extend beyond this government use case to any organization that has to manage many federated connections and navels also working with a number of many service providers that are looking to offer a, a Federation hub type of service. And this is gonna be very, very important to those kind of organizations as well.
Now, as we are talking about, you know, offering access to cloud services, I did want to review a customer success story with you, which is Huntington bank.
Now, as you can see from the slides, they are a full service bank, highly distributed with over 600 locations and they initiated a project to consolidate customer data and create a unified view with really regulatory compliance has been a key business driver and they actually selected salesforce.com to help with this, but immediately ran into one of the challenges we've identified earlier, which was how did they provide seamless access to Salesforce now, knowing that salesforce.com supported SAML, they looked for an access management solution that could provide the full range of access management capabilities and could also easily provide that federated access to Salesforce.
And they selected nav access manager for this. And they immediately realized the benefits of single sign Salesforce while having the ability to obviously extend that access control out to other services, whether they be into internal to the bank, or, you know, as they obviously add additional softwares or service applications in the future.
Again, it's very easy to extend control and seamless access to those services as well. And hunting bank also uses Noel identity manager to streamline the process of managing user identities at Salesforce, automatically provisioning and deprovisioning users in Salesforce based on corporate parcels.
Now, as we are hunting and for many other customers, the business benefits of using the develop access management technology with built in identity Federation are clear. You can enhance security and reduce risk, improve user convenience and satisfaction by providing seamless access to services. You can simplify and accelerate online partnerships with cross-department or beyond organizational boundaries. And of course you can track user activity to facilitate whatever compliance related activities you have.
And you can also leverage the architectural benefits of access manager to help reduce your it complexity and costs. So in conclusion, in addition to business to business, connectivity Federation is key to simplifying access to SharePoint and cloud-based applications and only develop access manager provides is out of the box support for all the major specifications, as well as the full range of access management services that we've discussed.
You know, definitely we, I believe service provided brokering will become an essential capability for any organization that has to manage a large number of Federation connections. You know, and we talked about some of the use cases been applied to government type of implementations, as well as manage service environments.
But again, this can be related to any organization that has lots and lots of connections to manage. If you aren't already in access market customer and are facing some of the challenges we have discussed here, I do encourage you to contact navel or navel partner. And hopefully in the future, we can add you to this growing list of access manager customers. And with that, I'd like to open this up for some Q and a, Okay, thank you. Presentation. I will make me 10 presenter again.
And I think that the important thing you really stressed is that the, the integration of, of classical WebEx management with strong Federation capabilities is a key thing. Like I said, we are now entering the Q and a session I'd like to, to ask the attendees again, to enter your questions so that we have a comprehensive list of questions there.
Lee, maybe, maybe you, you start or maybe a question at the beginning is this, if you look at your customers and your in well access management customers, which for percentage of them are currently using also the Federation capabilities and which are only only using and in quota, the classical web access management. So roughly Well, so we do have actually large number of, of access management customers, you know, over 1300 customers.
And, you know, I would probably say between 15, 20% of those are currently using Federation in terms of the typical Federation use cases within terms of business to business. But I do see that growing rather quickly, as we see more of these customers starting to use software as a service based applications, you know, we, we obviously gave the example there of Huntington bank, but there are other examples of, of customers connecting to obviously Google various other CRM type of, of cloud solutions. So I do see that growing rather rapidly. Yeah. Okay.
So for them, it's, it's sort of logical trials because they can use Federation if it's, if it works with the, the cloud service, otherwise this can rely on sort of the web capabilities. So it, Yeah. And what we often see Martin, is that the way that customers are are representing this is that they still like the concept of, you know, the central Porwal for corporate users.
And, you know, once a user's been logged into that, Porwal via an access management technology like nav access manager. They can just simply present links on that. Porwal out to Salesforce, Google apps.
And again, because Noel access manager has authenticated the user, they can immediately provide access to any other service based on these federated specifications. Okay.
And I do, how would you, you rate the, the maturity of, of cloud services regarding support for Federation today? So what's your experience and your customer's experience on that?
That, that's a great question. And it's, I think probably in the past 12 months, we've seen since the least the start of some maturity with some of these vendors, you know, in, in the early days, it was actually difficult to get from, from companies like Google and, and Salesforce, but, you know, just the sheer demand from customers to have that kind of single sign on control and, and be to be able to extend out the access management implementations has meant that, you know, these customers have had to act.
So all these, these cloud providers have act to act and, and provide access to these services. So I think, again, as I said over the past 12 months, we've see, started to see some maturing there again, over the next 12 months. I think you'll see a lot adding some to the services.
Yeah, I think so as well, however, Sam was only one part of the story. The second part of the story say more granular authorization thing. And I think that's also a very, very interesting point to solve. And that's, I think where things like you access management was the capability to really manage access based on, on policies.
Again, place, place, an important role there. Maybe some frequently we will provide slides. They are available level at the website as soon as possible. And you can download to slides then. So slides will be, will provide a recording of the entire webinar by tomorrow, but going, going back to the topic of, of that, maybe again, if, if you, if you look at, at, at what happens, I still feel that that many customers besides the, the move towards the cloud still are the, the main problem is maybe not using cloud services.
The main issue is still, how can I enable a flexible integration of it ecosystem so I can, can I open up a specific applications to them in a, in a consistent and easy to manage way? Would you agree to that?
Yeah, I, I do. And, you know, it's, it's challenges that we've, we've have been around for, for quite a while, obviously with access management technologies.
And I, I think the example we gave with SharePoint is bringing that again to the forefront. You know, SharePoint has been a, a hugely successful product for Microsoft, but about providing access to content rather than any security controls.
And, and, and so we've, we've seen many organizations have struggled with that scenario that I mentioned where, you know, they've got these multiple identity stores where they're trying to represent these multiple communities of users and, and SharePoint just hasn't been able to step up to the mark. And so that's where access management technologies have, have really helped.
And we actually worked with Microsoft initially as part of the partnership that we have with Microsoft to develop a set of use cases around simplifying access to SharePoint for, for this case, when you do, especially if those stores aren't active dietary. So yeah, I fully agree with that.
And again, access management technology is stepping up to the mark. Okay. If there are no first questions from the audience and it looks like they are in additional questions, then it's up to me say thank you to the audience for listening to this call webinar. I thank you to Yuli for participating and presenting in this webinar. Thank you. Yeah. Thank you.
