Leveraging Microsoft’s Identity Management product set might be considered an easy option for enterprise, but it comes at a cost, and is not without complexity. These factors can compromise your time to value and return on investment. Looking at the broader drivers such as productivity, compliance, and risk mitigation is part of the story but it’s also worth considering the effectiveness of your solution when it comes to mitigating phishing risks, managing Shadow-IT and eliminating user friction.
Here we look at the 8 key considerations when choosing IAM and why so many enterprises are turning to My1Login to compliment or replace Microsoft’s IAM offering.
1. Application Compatibility
My1Login is compatible with a wider range of application types when compared to Microsoft.
Both solutions are compatible with web-based applications that use connectors (e.g. SAML, OIDC) and credentials-based web apps (i.e. usernames and passwords). However, unlike Microsoft, My1Login can also be integrated with legacy, Windows desktop applications that run as stand-alone executables and don’t have connectors e.g. Mainframes, Terminal Sessions, legacy financial systems etc.
Whilst the general industry trend is towards cloud applications, legacy and bespoke, in-house applications still exist within the core foundations of many enterprises, particularly in Financial Services, Public Sector and Utilities markets. If the corporate Single Sign-On (SSO) solution does not work for all business applications, then user experience is inconsistent and there is a risk that users will find unsecure methods of managing login credentials for apps where SSO is unavailable increasing the likelihood of a cyber-attack.
My1Login’s desktop connector enables Single Sign-On authentication with legacy applications, without the need for any API, meaning wider application compatibility and therefore enhanced return on investment for the customer.
2. Password Policy Enforcement for External Cloud Apps
My1Login enables enterprises to create and enforce application-specific security policies that ensure cloud applications are protected by long, random, high-entropy passwords. These passwords are generated and automatically updated by My1Login on the external application on behalf of the user, and the new password can be hidden from the end-user on the My1Login system. This eliminates password phishing risks; if the users are unaware of the passwords required to access their corporate applications they cannot be phished for them.
Hidden passwords also render the user unable to access the target applications outside of the governance of the My1Login solution. When a user leaves the business, and their access to Active Directory is removed, this immediately revokes the users’ access to the My1Login service meaning they are unable to access the identities for their cloud apps.
3. Enterprise Password Management
Often there is a need for sharing and audit controls around access to privileged accounts – this could be developers requiring server/ftp details or marketing departments requiring shared access to social media accounts. My1Login’s solution includes an integrated Enterprise Password Manager that allows users, where permitted, to share access to identities for specific applications with individuals or teams under full audit trail. Access to applications can even be shared so that users and external partners can use the identities to sign-into apps without seeing the passwords on the My1Login system.
4. Shadow-IT Management: Auto-discovery and Auto-Integration of Applications
With the proliferation of cloud-services, business units and departments are often able to adopt non-core, cloud-apps without the IT department's knowledge (‘Shadow IT’). My1Login can auto-discover and report on the cloud-apps being used across the enterprise and, with one click, enable administrators to set a policy that automatically enables or disables SSO for these apps. As a vendor-neutral solution, My1Login integrates as seamlessly with Microsoft and non-Microsoft applications. This puts the business back in control of the identities being used to access all web-based applications across the organisation and addresses the “Shadow-IT” blind-spots that other solutions cannot detect.
5. Stronger Encryption
The Microsoft solution relies on data being encrypted ‘at rest’ on their servers. This means at some point Microsoft have the encryption keys that protect customers’ data creating a single, highly-vulnerable weak point in security. In the last year alone, the industry has seen several IAM providers who use this approach experience significant data breaches.
My1Login utilises full, client-side encryption, a significantly more secure approach. Usernames and passwords are encrypted securely inside the perimeter of the customer’s enterprise network using keys that never leave the customer’s environment. Only after this encryption is the useless, encrypted data transferred to My1Login to be stored. This means even My1Login is unable to access the data as there is no access to the encryption keys. My1Login have won multiple awards as a result of this more secure approach to encryption. Please get in touch if you would like to find out more.
6. Faster Deployment
Whilst Microsoft’s IAM solution requires custom development and bespoke integration that often necessitates engaging Microsoft certified partners, My1Login is an off-the -shelf solution that can complement the existing corporate directory enabling rapid deployment. Basic SSO services using SAML and OIDC can be deployed on a full-blown Identity as a Service (IDaaS) basis, meaning no client installation required which accelerates time to value for the enterprise.
7. Less Complex
Configuring Microsoft’s IAM for a multitude of different applications requires a significant amount of work by the in-house IT team or through engaging Microsoft partners. IT managers say they spend too much time integrating new apps into their Active Directory infrastructure, this is especially true as most of these tend to be cloud-based.
My1Login offers a simple and straightforward implementation that can be deployed to run in the background meaning there is no need for user training. Users launch an application and My1Login performs SSO as required. This means there’s no change in user behaviour required which reduces barriers to adoption and therefore increases the business benefits realised by the enterprise.
8. Lower Total Cost of Ownership (TCO)
My1Login’s TCO is typically far lower than Microsoft IAM. With Microsoft there are often professional services overheads associated with implementation, maintenance and the configuration changes required to integrate new applications. My1Login is far easier to deploy as it is less complex and works ‘out of the box’ with the ability to auto-discover the applications in use across the enterprise and activate SSO with one-click.
My1Login does not require any dedicated hardware and there’s minimal effort required by in-house staff to deploy and maintain My1Login’s IAM solution.
My1Login can be rolled out to thousands of users in less than one hour and using industry standard connectors, such as SAML, My1Login can provision seamless SSO to applications immediately. For applications that don’t have connectors, My1Login can use password vaulting and forwarding, ensuring that SSO is provided with minimal admin integration effort.
Additionally, when new, credential-based web apps are adopted by departments without the IT team’s knowledge, My1Login’s auto-discovery and integration functionality can automatically integrate these with Single Sign-On without requiring any configuration by the IT Admin team, reducing the cost of deployment and eliminating Shadow-IT risks.
My1Login offers an alternative to Microsoft’s identity solution that provides Single Sign-On for web and legacy Windows desktop applications. My1Login’s Identity and Access Management solutions offer a number of advantages over Microsoft that includes; compatibility with a far wider range of applications, automatic discovery and integration of new applications, enterprise password management, password policy enforcement on external cloud apps, stronger encryption, faster, less complex deployment and a lower total cost of ownership.