Руководство По Настройке для Cisco Cisco Identity Services Engine 2.1
At-a-Glance
Easily Authenticate Mobile Users Securely to
Sensitive Data
The traditional enterprise network perimeter has continued to break
down over time. Employees now insist on using mobile devices to work
anytime and anywhere to remain productive in today’s competitive
marketplace. The average user has three devices accessing the
corporate network. More devices mean a continued expansion of
the attack surface enterprises need to secure. A delicate balance
must be maintained between security and productivity. In addition,
enterprises have increased their use of software as a service (SaaS)
and virtualization, making it increasingly difficult to securely authenticate
and authorize users seeking access to corporate resources.
down over time. Employees now insist on using mobile devices to work
anytime and anywhere to remain productive in today’s competitive
marketplace. The average user has three devices accessing the
corporate network. More devices mean a continued expansion of
the attack surface enterprises need to secure. A delicate balance
must be maintained between security and productivity. In addition,
enterprises have increased their use of software as a service (SaaS)
and virtualization, making it increasingly difficult to securely authenticate
and authorize users seeking access to corporate resources.
The integration of the Cisco® Identity Services Engine (ISE) with identity
access management solutions lets you supplement existing authentication
and authorization policy attributes with contextual network information.
This allows an appropriate level of challenge measures to be taken
during the authentication process and enables authentication challenges
to adapt to the level of risk so that users can access what they need,
when they need it, with a high degree of security, regardless of device
type, application environment, or other factors. This level of precision
in authentication and application authorization decisions is critical to
safeguard information assets and decrease the risk of a cyberattack.
access management solutions lets you supplement existing authentication
and authorization policy attributes with contextual network information.
This allows an appropriate level of challenge measures to be taken
during the authentication process and enables authentication challenges
to adapt to the level of risk so that users can access what they need,
when they need it, with a high degree of security, regardless of device
type, application environment, or other factors. This level of precision
in authentication and application authorization decisions is critical to
safeguard information assets and decrease the risk of a cyberattack.
How Cisco Identity Services Engine Integration with
Identity Access Management and Single Sign on Works
• Cisco ISE leverages pxGrid technology to provide user identity, device
and network contextual information to identity access management
solutions.
solutions.
• Cisco ISE contextual data is used to create policies for user populations
or devices, such as policies specific to mobile devices or users
regarding what web or cloud-based applications they can access.
regarding what web or cloud-based applications they can access.
• Users of identity access management partner productss can use
the Cisco ISE contextual information to decrease authentication
challenges and offer a single sign-on capability when appropriate.
challenges and offer a single sign-on capability when appropriate.
Cisco Identity Services
Engine with Identity
Access Management and
Single Sign-on Platforms
Benefits:
• Easily authenticate authorized
mobile users securely to access
sensitive data.
• Customize access policy
and intentionally increase or
decrease sign on security level as
appropriate and enforce additional
authentication measures for
higher-risk users.
• Combine credentials with device
posture, location, behavior
patterns, and other factors to
establish assurance level in real-
time during access attempt.
© 2015 Cisco and/or its affiliates. All rights reserved.