Contact us +66-2-675-9371 or +66-97-008-6314 for more information.
Implement Advance Password Policy to enhance Cloud Security
One of the strongest features of SSO1 (gControl) is to enforce a strong password policy for google application for work users. The Advance password Policy of gcontrol helps in setting various combination of the complexity with the expiry of password. Expiry of password is a must have feature to ensure email security (gmail security) requirements are met and in turn data security by preventing breach of accounts and compromising data.
Along with these the biggest advantage of using SSO1 (gControl) is having the provision for implementing different policies using OU based policies. Advanced Password policies helps customers and google apps admin retain their organizational security policies on Google Application without much concern about Cloud security.
Watch video for Implement Advance Password Policy to enhance Cloud Security
Major Challenges with password policies:
Customers who want to retain their strong password policy as it was implemented on Microsoft Active Directory.
Customer who need more complex password and force users to change the password every few days
Customer who would like to have different level of password policies in different departments of the organization
How Google Helps:
Google apps provide a pretty good cloud security solution for google apps admins. It helps you set your password policy by logging into the google admin console from the dashboard and then click on Cloud Security—> Basic Settings.
This email security feature helps you select a minimum and maximum length for the users password building on password security policy.
"Superficially all these seems to be good, but a deep look shows something missing."
Google password policy takes care of the length of the password you want your user to select but long passwords are not always secure. You would want your users to add special characters and even Upper case letters to make their passwords more secure.
How can you enforce this?
One more feature you would like as an google apps administrator is to force your user to change his password every 15 days or according to the company policy
but this feature seems to be missing with Google.
How Password policy feature of SSO1 (gControl) works
The google apps admin needs to login and click on the SSO1 (gControl) icon from apps and click on the Advance Password Policy from Quciklinks and Enable password policy by clicking the check box. The google apps admin can define the following
Complexity of the password.
Set password age
You can even restrict the user from using the username as his password.
That's it the google apps admin need not do anything else just make the changes add the rules and save. After this once Users login they will be forced to change their policy according to the new corporate rules.
The google apps administrator has full freedom in framing the password policy for the corporate users and gives full control to the google apps admin and protects the corporate network from unauthorized access.
FAQ of Implement Advance Password Policy to enhance Cloud Security
Does SSO1 (gControl) stores password?
No, SSO1 (gControl) doesn't store the user's password. It uses the credential provided in login page to authenticate with Google Apps/Active Directory/Azure Active Directory.
2 factor authentication for greater Cloud Security.
2 factor authentication adds extra layers of security for your google application account enabling you to have a much safer cloud security solution. 2 factor authentication system strengthens your google application account in such a way that a hacker with access to your cloud username and password won't be able to access your data without having access to your phone.
"With evolution of technology, easy for stealing data has increased manifold. Small activities over the internet can make you compromise your password even without realising it."
Any of these common actions could put you at risk of having your password stolen
Using the same password on more than one site
Downloading software from the Internet
Clicking on links in email messages
2-Factor Authentication can helps in keeping intruders out, even if they have your password.
Doesn't that sound relieving?
Block unauthorized access to user's corporate account.
Enhance cloud security layer of user's corporate account .
Unique passkey generated by the user itself for access of corporate mail account every time from their handheld device.
Set enforcement rules for the policy
How Two Factor Authentication Solution of SSO1 (gControl) works ?
SEE HOW IT WORKS:
Login to SSO1 (gControl) to set 2-Factor Authentication.
Now, click on 2- Factor Authentication under "Quick Links"
Click on "Add Policy" to configure policy for the users or groups.
Mention policy details such as name, policy description,range of dates & add users manually or by uploading .CSV file.
Administrator may set enforcement rules for the groups or for the individuals by clicking on Always,Corporate Network(IP) & Remember User IP.
Click on "Save" to complete configuring policy.
USERS SIGNING IN:
SIGNING IN TO YOUR ACCOUNT WILL WORK A LITTLE DIFFERENTLY
User tries to login their corporate mail account by mentioning login credentials
Now, user need to put the unique secret key displayed on the bottom of the page into their handheld device.
If the user does not have Google Authenticator in their device then they need to install this from Google Play Store.
Once done with installing Google Authenticator now user need to put passkey or code which is generated from Google Authenticator into the box & click on "Login"
Finally user will be logged into their corporate account without any hassle.
Two factor authentication solution of SSO1 (gControl) in a nutshell
It is a single solution to add extra layers of cloud security to you google application and ensuring that your data is safe in the cloud.
Sign in will require something you know and something you have
Verification codes made just for you
FAQ of Greater cloud security layers for your google Apps accounts
As Google Authenticator is used for Android which app can be used for Windows phone instead of Google Authenticator?
Users with Windows mobile phone can use Microsoft Authenticator for 2-factor authentication.
Forgot Password to help resetting passwords with ease
When the user forgets the password for the business email (Google application), it is usually the google apps admin who is burdened with resetting of password. It is quite a tedious and time consuming task for an organization with a significant number of headcount.
Forgot password feature of SSO1 (gControl) uses the Question & Answers method to help the users reset their passwords, Google Apps admin can define some predefined questions and set the policies to have min questions answered by the user to allow them to reset their own passwords.
Watch video for Use Forgot Password to ease resetting password for Google Apps
Though Google apps ease the IT infrastructure all there are a few challenges/ complexity it adds.
Let's look into a challenge which it poses and how it might trouble your IT team.
Surveys show that close to 20% of the users of an Enterprise tend to forget their passwords of various accounts. Your organization might also be facing this situation time and again where a user forgets his password and he requests the IT admin to reset his password.
The process to change a user is simple yet it takes considerable amount of the Admin's time. It doesn't make sense for an Organization to waste an IT admin's productive time in helping users reset the passwords.
SSO1 (gControl) comes to the rescue in this situation. SSO1 (gControl) allows the user to reset his/her password on his own without needing assistance from the IT admin. Let's see how SSO1 (gControl) implements this feature.
Generally the internet websites ask users to set a security question while the user registers which they are asked to answer when they forget their password and need reset it. SSO1 (gControl) does the same in a different way.
SSO1 (gControl) allows the google apps administrator to choose the question for any user.
The Google Apps Admin has the freedom to choose any question he wants the user to answer.
The user can login to his account and if he/she has forgotten the password he can click the password reset option and he will be requested to answer the security question set by the Google Apps Admin.
Once the user answers the question and if the answer is valid the user is allowed to change his password according to the company policy /policy set by the google apps admin
A brief on how to configuring SSO1 (gControl) self-password reset. It's a simple process and one time for the user compared to Google's default password reset.
Google Apps Admin has to login to the Google Admin Console.
He needs to have SSO1 (gControl) installed. Click on SSO1 (gControl) icon from the apps.
Click on the Password Policy and in General just select Allow end user to change the password.
Once you are done with the above process users of your organization can change their passwords on their own when they forget without the need of assistance from the IT admin.
FAQ of Use Forgot Password to ease resetting password for Google Apps
Can I give the user the right to reset his password?
Yes, Instead of admin,User can reset his own password with Forgot Password feature in SSO1 (gControl).
Integration with Azure Active Directory
Even in the era of cloud technologies, Active Directory is the most adopted infrastructure by majority of enterprises as a solution for information security and user management. Most of the large enterprises using cloud services prefer Active Directory as an identity provider.
Looking at the market demands CloudCodes integrated Active Directory with SSO1 (gControl).
AD Integration with SSO allows google apps administrators to integrate either On-Premise or Azure Active Directory with SSO1 (gControl) therefore, securely connects AD infrastructure with SSO and Google Apps security.
Watch video for Integration with Azure Active Directory
Active Directory as Identity Provider
. Single Sign On with Active Directory i.e. end user's login within a network will not require to provide credentials instead existing desktop session will be carried forward for Google Apps.
Support for multiple primary domains to handle scenario where large enterprise have multiple branches and each branch has their own domain.
You can add Users ID and corporate Network IP's manually or upload the csv by clicking on the respective icons. Now when an end user tries to log in from unauthorized IP's they will get notified that user is not allowed to login from this system.
Advantages of Directory Integration:
Other than identity provision there are several other advantages of AD integration with SSO.
Less credentials, less overhead :
As users are authenticated with Active Directory, users do not need to maintain multiple credentials. Therefore less overhead for end-users and IT administrators.
Centralized Access Control:
As Active Directory is the identity provider, even if cloud technology is being used by enterprise, control still remains with Active Directory.
Unification of multiple directories:
For enterprises having complex directory infrastructure with multiple directories can combine all the directories via AD integration with SSO.
FAQ of Integration with Azure Active Directory
AD- SSO1 (gControl) Passwords are synced or saved?
Users are only authenticated through Active Directory. User's passwords in Active Directory are not saved with SSO1 (gControl). SSO1 (gControl) does have an option of syncing passwords. It syncs password at the login time unlike the GAPS tool which does the sync only when the User changes his password in AD.
Contact us +66-2-675-9371 or +66-97-008-6314 for more information.