Cloud Access Manager is an identity bridge. It connects your users, your partners, and your customers to the applications they need.
Cloud Access Manager delivers real productivity gains to your end users while minimizing the effort needed to control access to your on-premise applications and cloud service accounts:
Cloud Access Manager can automatically log users on to almost any web application. While its web proxy component can automate login to applications that require Kerberos, NT LAN Manager (NTLM), HTTP, or forms-based authentication, its built-in security token service (STS) can provide Single Sign-On (SSO) to claims-aware applications that comply with either SAML or WS-Federation standards.
Cloud Access Manager’s secure Password Wallet holds the user’s application credentials. Once Cloud Access Manager has learned the user’s credentials for an application, it will store them in the Password Wallet, and subsequently automatically forward them to the application whenever it is launched by the authenticated user through Cloud Access Manager.
In a Windows Active Directory environment, a Kerberos ticket is created and stored on a user’s computer when the user logs in. This ticket allows the user to access services on the network without having to enter their username and password again. Because Cloud Access Manager can accept Kerberos tickets as a form of authentication, Windows authenticated users can launch their application portal directly, without the need to log on again.
In addition, because Cloud Access Manager uses a proxy-based approach to SSO, your users do not have to download any client software. Their credentials are stored safely in the Cloud Access Manager Password Wallet on your private network.
Cloud Access Manager’s web proxy component acts as a security gateway to protected applications on a private network. You do not have to install and manage plugins on all of your individual web servers — configuration, auditing and control is centralized through Cloud Access Manager — and because your applications can continue to run on your internal network, they are safely protected from many web-based attacks. In addition, you can grant access to application URLs through Cloud Access Manager’s Role Editor.
Privileges can be granted or denied easily and quickly through Cloud Access Manager’s Role Editor. You can create roles for members and individual users from internal and external directories and the roles can then be applied to applications, groups of applications, and Cloud Access Manager administration functions.