Symplified, the Cloud security company, on Wednesday announced a new provisioning fabric for its SinglePoint identity and access management (IAM) solution. These new capabilities – Symplified Sync, Symplified Identity Vault and the SinglePoint Virtual Directory – provide centralized, one-to-many capabilities for managing and synchronizing user identities regardless of whether they reside in on-premises IT infrastructures or cloud applications. In addition, the Symplified Identity Vault for Google and Salesforce.com transforms these two cloud applications into a cloud directory service for managing user accounts and serving as an authentication mechanism for other applications.

“Cloud computing is forcing a major disruption in identity management, since hosted applications are outside the reach of on-premises identity and access management systems,” said Scott Crawford, Managing Research Director, Security & Risk Management for Enterprise Management Associates (EMA) a leading industry analyst and consulting firm. “Companies with existing directory infrastructures like Active Directory want to ease the adoption of cloud computing if they can do so safely, avoiding additional expense and management burdens wherever possible. Meanwhile, smaller firms that rely on cloud-based resources to run their business are looking for a way to centralize and streamline access management and user account administration. Symplified addresses both of these requirements with their new provisioning capabilities.”

Virtual Directory Spans Enterprise and Cloud Identities
To enable organizations to query multiple identity silos in order to centrally enforce access management policies for all applications, the SinglePoint Virtual Directory unifies on-premises and cloud user repositories. The SinglePoint Virtual Directory provides normalization, attribute mapping, data transformation and support for a wide range of LDAP and RDBMS systems as well as cloud services. For example, this capability would allow a company to enforce access control policies for a web portal of applications using Active Directory for employees, Sun LDAP for partners, and Salesforce.com for customers and prospects. This core integration technology provided by the SinglePoint platform eliminates the need to:

1. Migrate or consolidate existing user stores

2. Write customized code for data exchange between repositories

3. Change underlying schemas to provide a normalized role model across silos

“The one-to-one approach to identity management and user provisioning already places a heavy burden on IT departments within the enterprise network, but it totally breaks down when cloud applications are introduced,” said Eric Olden, Founder and CEO of Symplified. “The new provisioning fabric we have built into SinglePoint provides a one-to-many management model. By integrating with on-premises directories and co-opting cloud application infrastructures like Google and Salesforce.com for identity management we are improving security, user convenience through single sign-on, and eliminating huge management costs associated with user provisioning. We have also introduced the first in-the-cloud alternative to Microsoft Active Directory which enables organizations to cloud-source more of their IT infrastructure, save money and increase service levels.”

Syncing Identities between the Cloud and Active Directory
For organizations that use Microsoft Active Directory, Symplified Sync provides synchronization of user account information, including migration, provisioning, updates, and de-provisioning, for cloud applications. Initially, Google and Salesforce.com are supported, with additional cloud applications to be added over time. Symplified Sync maps user attributes from Microsoft Active Directory to the target application according to established access control policies. Administrators can create, modify or retire accounts once in Microsoft Active Directory and changes are automatically propagated in the cloud application.

Identity Vault Moves Identities and Directories Securely to the Cloud
For companies that rely primarily on cloud applications, lack an on-premises directory infrastructure, or want to move their on-premises directory to the cloud, Symplified Identity Vault™ provides a cloud directory service to securely host identities. Identity Vault sits between the Salesforce.com and Google applications and enables organizations to use these internet-scale and highly available infrastructures as user directories. It eliminates the need for on-premises directory infrastructure with its heavy, complex architecture and ongoing operational expense.

Similarly, Symplified Identity Vault can be used to eliminate identity repository sprawl in the cloud. For example, Symplified Identity Vault can be used to support a partner or customer portal. Instead of creating a standalone user store for the portal, partners/customers can authenticate against the Salesforce.com database which would be used to verify their credentials and grant/deny access requests. Using Symplified Sync in combination with Symplified Identity Vaults provides a simple and rapid way to migrate from on-premises Active Directory infrastructures to cloud-based directories. This solution can be can also be implemented in a hybrid state to support both Active Directory and cloud directories for controlled and gradual migrations.