Federated ID
Contents
Most Viewed Articles
Download Guide

Documentation

Search

Implementing Mozy with Federated Identity

Article Reference ID: 000273330
Comment

Mozy leverages the user management capabilities of Microsoft Active Directory or any LDAP-enabled directory service to automatically provision and deprovision Mozy users and provides Single Sign On (SSO) support for any identity provider that supports the Security Assertion Markup Language. To integrate with Mozy, your directory service must support LDAP v2.0 or higher and your identity provider needs to include support for SAML v2.0.

Automated User Management

When automating user management, everyday actions in the directory service, such as user creates, updates, and deletes, are synchronized to Mozy simplifying administration of the service for IT management. Mozy supports two methods of exchanging information with your directory service.

  • Pull mode: Mozy queries the directory service for changes and automatically updates the corresponding user accounts. All of the configuration information for connecting to your user directory server and to your identity provider is stored in the Mozy service. The Mozy initiates all connections for synchronization and authentication.
  • Push mode: Uses the Mozy LDAP Connector installed on a local server to push changes from your directory service to the Mozy service. Authentication information for the user directory is stored on a local server using the LDAP Connector software. The LDAP Connector software will push any changes from your network to the Mozy service.

Single Sign-On Authentication

To provide SSO support, Mozy integrates with any enterprise Identity Provider (IdP) using SAML v2.0. The IdP validates the identity of the user, then sends a SAML assertion (message) validating the users' credentials. The assertion is used to gain access to SAML-enabled applications and network services. The SAML assertion is presented to Mozy as proof of identity and eliminates the need for a Mozy-specific username and password. Once the assertion is validated, Mozy issues an access token for access to the service.

Mozy performs ongoing identity provider testing with Active Directory Federation Services (AD FS). Detailed instructions for integrating with AD FS are available in the Appendix. The identity providers listed below have been successfully integrated at customer locations.

  • Active Directory Federation Services (AD FS)
  • Azure
  • Centrify
  • LastPass
  • Okta
  • OneLogin
  • OpenAM
  • PingOne
  • PingFederate
  • RSA Via
  • RSA FIM
  • Secureauth
  • SiteMinder:

Related Content