On-Premise Single Sign-On, the user friendly way to stay secure finally works on Android Enterprise

adrien-VD9Hsvg3DVQ-unsplash

Seamless Single Sign-On (SSO) authentication for mobile devices is now required more than ever. As security threats are on the rise and employees rely on their phones, especially for business related activities, so there is an increased need for a centralized login system.

What is Single Sign-On and how does it work?

Entering credentials manually is frustrating and very time-consuming. But it’s even more error prone on a mobile device. Being able to respond to work-related requests in time benefits employers and employees alike. Especially when your staff is working remotely. Here is where Single Sign-On (SSO) comes in.

SSO provides your users with convenient access to authorized resources without compromising on security. With SSO the user only authenticates once through their device – this is enough to identify the user and grant access for all applications in the company.

Kerberos, the standard of SSO

The Kerberos-authentication technology is the standard to provide Single Sign-On in the enterprise context. It is used within internal environments and has a proven track record. Some of you might wonder how Kerberos exactly works.

Basically, Kerberos comes down to this: It is a protocol for authentication, that uses tickets. It will avoid storing the passwords locally or sending them over the internet – instead it uses a trusted 3rd-party server, the so called KDC. Further it is built on symmetric-key cryptography that makes it extremely secure.

You have a ticket—your proof of identity encrypted with a secret key for the particular service requested—on your local machine; so long as it’s valid, you can access the requested service that is within a Kerberos realm. Rather than re-entering your user/password credentials, your ticket (cached on your system) is used to authenticate allowing for Single Sign-On.

What about Mobile?

Single Sign-On has always been a challenge on mobile phones – especially on Android devices. While companies got the advantage of the Kerberos SSO on their iOS devices, Android users where left behind. To bridge that gap Device Admin and EMM Proprietary solutions were needed to enable it.

Now that companies have to switch to Android Enterprise the Android world is lacking this important feature. Because Device Admin is being deprecated and companies have to switch to Android Enterprise the Android world is lacking this important feature.

Seamless SSO for Android

Fortunately there is some neat Swiss-made and EMM agnostic compatible solution called Hypergate. The Swiss company behind it is developing mobile security applications for more than a decade and designed Hypergate like a Swiss pocket knife: Simple, effective and offers a lot of possibilities.

Hypergate allows a hassle-free authentication to services and lets users consume the services they need on the go. That saves time and keeps the great Android user-experience they’re used to.

It leverages the open Android account’s APIs and enables SPNEGO Kerberos SSO authentication while using system apps like Google Chrome to browse the intranet. It simulates a secure Smart Card logon and handles the native Kerberos protocol just like any other workstation in your network. The communication happens directly with your KDC (Domain Controller), no additional backend component needs to be installed.

Will it work in my environment?

Hypergate is a very flexible application – it’s compatible with all leading Enterprise Mobility Management solution including MobileIron, Microsoft Intune, VMware Workspace ONE, BlackBerry and furthermore. In addition it is device agnostic, allowing you to have a fully diverse BYOD fleet.

The application can be deployed to all employees via the managed google play store. Besides, Hypergate does not require any infrastructural changes at all. Allowing you to set up SSO in hours, not months.

Truly Mobile with Hypergate

A recent update of Hypergate makes Passwords Expirations, Password Changes and Password resets a pain point of the past. It was often the case that if your support team was resetting your password, you were forced to change the password on a Windows machine. Finally your employees can be truly mobile. No dependence on having to use a computer to complete their work. This helps to eliminate the cost of support time.

Get in touch with us if you want to know more about Single Sign-On and Hypergate. We are a certified partner of Hypergate and we are keen to show you what impact Hypergate can have in your work environment.