• All Files

Enhancing security and user authentication

Prysm has enhanced its Application Appliance security and user authentication through the support of several third-party identity providers. You can configure third-party identity providers — including ADFS, Azure Active Directory, Google G-Suite, Okta, Ping Identity, and Salesforce — as the preferred authentication mechanism for Prysm Hosted Cloud product interfaces.

After you configure an identity provider, your Prysm users can sign in with their company-issued name and password, via a Single Sign-On (SSO) user authentication service. An identity provider shares existing centralized authentication servers that other applications and systems use for authentication purposes and combines this with techniques to ensure that users have to enter their credentials only once. This makes signing in to Prysm easier for users, and it simplifies user management for administrators. The benefits of using a single sign-on identity provider include:

  • Mitigating the risk of unauthorized access to third-party applications and company content stored therein (user passwords not stored or managed externally)
  • Reducing password fatigue from different user name and password combinations across different applications
  • Reducing time spent re-entering passwords across multiple applications
  • Reducing IT costs due to lower number of support cases around failed sign ins and password reset requests
  • Streamlining new user on-boarding to the Prysm platform via Auto-provisioning and New User welcome emails

In addition to identity provider based authentication, you can also employ the following additional steps to attach and secure a Prysm appliance as a domain-joined device. If you already use Prysm's legacy LDAP-based Active Directory integration, consider the following recommended changes:

  1. Create a Service Account with Interactive Login privileges enabled.
  2. Join the Prysm Application Appliance to the customer domain.
  3. Configure automatic sign in using the Service Account created in Step 1.
  4. Confirm that Prysm is launched with sufficient access to the underlying file structure.

If you have Prysm's legacy LDAP-based Active Directory integration already configured, please consult the latest Prysm Upgrade Guide for other changes required to take advantage of the latest identity provider integration.

Go here to integrate your identity provider with Prysm: Identity provider management

Top