More Related Content Similar to Enable Secure Mobile & Web Access to Microsoft SharePoint (20) More from CA API Management (15) Enable Secure Mobile & Web Access to Microsoft SharePoint1. Enable Secure Mobile & Web
Access to Microsoft SharePoint
Empower Mobile Employees by Providing Secure Access to Microsoft SharePoint & Other
Intranet Resources from Beyond the Enterprise Perimeter
Remote SharePoint Access:
1. Remote user launches browser or
native mobile app to access Microsoft
SharePoint or other intranet resource.
2. SecureSpan Gateway challenges user
for credentials and authenticates using
Microsoft Active Directory.
3. SSO session is created. A cookie or
OAuth access token is issued and
returned to the mobile application.
4. Mobile application consumes
SharePoint Web application or API on
Gateway using the cookie or token.
5. Gateway reverse‐proxies Web
application or intranet API, maps
external cookie/token with Kerberos
ticket for internal authorization.
Learn More About Layer 7’s The Problem: Accessing SharePoint Beyond the Enterprise Perimeter
Mobile Access Solutions Microsoft SharePoint authorizes user access based on a Microsoft domain session using
Phone Kerberos or similar technologies. An external user without a direct domain session
+1‐800‐681‐9377 cannot access SharePoint directly using common Single Sign‐On (SSO) solutions
(toll free within North America) deployed at the perimeter of the enterprise. Requiring VPN access to the enterprise for
or +1‐604‐681‐9377 accessing SharePoint and other intranet resources is not practical and widens the attack
Email surface of the enterprise.
info@layer7.com
Web The Solution: Layer 7 SecureSpan Gateway
www.layer7.com
Layer 7 delivers a simple solution for brokering access to Microsoft‐based Web
Facebook
applications and APIs. By deploying Layer 7’s SecureSpan Gateway in the DMZ, the
www.facebook.com/layer7
enterprise can enable and control access to Microsoft SharePoint without the need for
Twitter
VPN connections. This solution integrates into the existing environment, including the
@layer7
SSO solution. Once this infrastructure is in place, the enterprise can leverage the same
SecureSpan Gateway to control access to any Web applications and APIs that need to
be consumed by mobile applications.
Layer 7’s comprehensive suite of Mobile Access technologies includes:
• SecureSpan Mobile Access Gateway
Provides Mobile Access to APIs and Web applications and enforces policies for
controlling this access
• Identity Broker
Integrates with backend and externally‐facing identity and access management
(IAM) solutions and brokers between them at runtime
• Layer 7 OAuth Toolkit
Provides a complete OAuth implementation for issuing tokens to mobile
applications consuming APIs plus flexible token/session lifecycle management
Copyright © 2013 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
2.
Key Features
Mediation & Security for External Access
Ability to reverse‐proxy Web and API traffic
Reverse‐Proxying
Support for a wide range of protocols including HTTP(S), WebSocket, (S)FTP(S) and XMPP
Filter, redact and encrypt content to help identify and suppress leakage of sensitive
information (credit card numbers etc.)
Configure and deploy the SecureSpan Gateway as part of a PCI‐compliant process using Layer
7’s PCI‐DSS installation and configuration guide
Security & Compliance
Institute threat protection against SQL injection, denial‐of‐service (DoS) and cross‐site
scripting (XSS) attacks
Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML
schemas etc.
Auditing/Logging Record all instances of access to Web applications and APIs
Policy enforcement
Access Control Integration with existing IAM and SSO solutions
Attribute‐based authorization
Identity Brokering
Authenticate users via form‐based authentication, HTTP Basic, NTLM, mutual authentication
Direct/Indirect or multi‐factor authentication
Authentication Create and manage sessions directly
Federate authentication to external SSO systems by redirecting
Integrate with IAM and SSO solutions including Microsoft Active Directory, CA SiteMinder,
IAM Integration Oracle Access Manager, OpenSSO/OpenAM, Tivoli and custom auth APIs
Map between external cookie/token and internal cookie/token
OAuth
Support for OAuth 1.0, 1.0a and 2.0
Sample applications for each core grant type (authorization code, implicit, password, client
Specification creds) and relevant extension grant types (SAML bearer, JWT), as well as two‐ and three‐
legged scenarios
Bearer token or MAC token types
Policy‐based implementation for easy integration with existing APIs and IAM systems
Out‐of‐the‐box authorization server endpoints and resource server actions
Implementation
Token lifecycle management through APIs
Easy token revocation
Supported Standards
HTTP(S), TLS 1.0 to 1.2, WebSocket, XMPP, AMQP, MQ Series, Tibco EMS, (S)FTP(S), WCF, Kerberos, Kerberos Delegation,
Kerberos Constrained Delegation, NTLM, OAuth 2.0, OAuth 1.0, OpenID Connect, SAML 1.1, SAML 2.0, Active Directory, LDAP,
XACML, PKCS, FIPS 140‐2, X.509 Certificates, Apple Push Notifications, Android Notifications, WS‐Security, WS‐Trust,
WS‐Federation, WS‐Addressing, WSSecureConversation, WS‐I BSP, WS‐ MetadataExchange, WS‐Policy, WS‐SecurityPolicy,
WS‐PolicyAttachment, WS‐SecureExchange, WS‐I, WSIL, UDDI, WSRR, MTOM, XML Signature, XML Encryption, XML, SOAP,
REST, XPath, XSLT, WSDL, XML Schema, JSON, JSON Path, JSON Schema
To learn more about Layer 7, call us today at +1‐800‐681‐9377 (toll free within North America) or +1‐604‐681‐9377. You can also: email
us at info@layer7.com; friend us on Facebook at facebook.com/layer7; visit us at layer7.com; follow us on Twitter (@layer7).
Copyright © 2013 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.