Configuring cloud apps for single sign-on (SSO) and conditional access

Configuring single sign-on (SSO)

The app connectors that are added to the Verify portal instruct administrators on how to set up each cloud app to use Verify as an Identity Provider. The administrator configures the app directly in the app's portal, not the Verify portal.

Each app connector integrates with a specific cloud app. Verify provides many pre-defined connectors to various cloud apps. For successful integration with MaaS360®, Verify requires that the administrator configures the cloud app with specific information, such as company name, domain name, and a list of apps in the product suite.

Verify also provides workflows for automatic certificate generation that is required for SAML authentication on cloud apps.

Verify also provides a generic connector that the administrator can use to integrate with any app that supports the standard SAML workflows for authentication.

Configuring the conditional access check

Verify provides a feature that allows an administrator to check for conditional access on cloud apps. If this feature is enabled, Verify checks if the device is enrolled and compliant in MaaS360 before the user is allowed to access the app. This check prevents unauthorized and unmanaged devices from connecting to your cloud apps.

Administrators can select the Access policy that determines how users can access the application.

• From the SSO tab, clear the Use default policy check box. A list of access policies is displayed in the Select Access Policy window.

Entitlements

Administrators or application owners can set or modify who is entitled to access the application based on the necessity and relevance of the application to the user or group. Users must be entitled to the application to view and access the application from the Cloud Verify homepage or to sign on to the target application's web page.