Integrating Trust IAP into a Modern Stack: Microsoft, Okta, and More

Integrating Trust IAP into a Modern Stack: Microsoft, Okta, and More

Modern IT infrastructures have high requirements for security and ease of access to resources. Trust IAP (Identity Aware Proxy) from Trust Tech offers an effective solution for access control and application protection, seamlessly integrating into existing ecosystems, including Microsoft Azure AD, Okta, and other identity management platforms. This approach allows you to significantly improve security without compromising user convenience.

Support for SAML, OIDC, and LDAP Protocols

Trust IAP is designed for maximum compatibility with various authentication protocols, allowing it to be integrated into a wide range of environments. Key protocols supported by Trust IAP include:

• SAML (Security Assertion Markup Language): SAML is a widely used standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). SAML support in Trust IAP allows you to use existing IdPs such as Microsoft Azure AD, Okta, Ping Identity, and others to authenticate users accessing protected applications. This simplifies the identity management process and provides a single point of authentication for all applications.
• OIDC (OpenID Connect): OIDC is a modern authentication protocol built on top of OAuth 2.0. It provides a standardized way for applications to obtain information about authenticated users. Trust IAP supports OIDC, allowing it to be integrated with modern cloud services and applications that use OIDC for authentication. This provides flexibility when choosing an IdP and allows you to use the latest authentication technologies.
• LDAP (Lightweight Directory Access Protocol): LDAP is an application layer protocol for accessing directory services. Trust IAP supports LDAP, allowing you to use existing directory services, such as Active Directory, to authenticate users. This is useful for organizations that already have an LDAP infrastructure and want to use it to authenticate users accessing protected applications through Trust IAP.

Benefits of Supporting Multiple Protocols

Supporting multiple authentication protocols provides the following benefits:

• Integration Flexibility: Trust IAP can be easily integrated into an existing infrastructure, regardless of which authentication protocols are used.
• Single Point of Authentication: Trust IAP can act as a single point of authentication for all applications, simplifying identity management and reducing the risk of configuration errors.
• Support for Modern and Legacy Systems: Trust IAP can support both modern and legacy authentication systems, allowing organizations to gradually transition to new technologies.
• Improved Security: Trust IAP enhances security by verifying the user's identity before granting access to applications, regardless of the authentication protocol used.

User Group Synchronization

Effective access management requires not only user authentication, but also authorization based on their roles and group memberships. Trust IAP provides the ability to automatically synchronize user groups from various sources, simplifying and automating the access management process.

Supported Synchronization Sources

Trust IAP can synchronize user groups from the following sources:

• Microsoft Azure AD: Trust IAP can synchronize user groups from Azure AD, allowing you to use existing groups to manage access to applications protected by Trust IAP.
• Okta: Trust IAP can synchronize user groups from Okta, allowing you to use existing groups to manage access to applications protected by Trust IAP.
• LDAP: Trust IAP can synchronize user groups from LDAP, allowing you to use existing groups to manage access to applications protected by Trust IAP.
• Other Sources: Trust IAP supports the ability to extend the synchronization of user groups from other sources, such as databases or APIs. For example, Trust IAP can integrate with Human Resource Management (HRM) systems to automatically synchronize the organizational structure and user groups. Connectors supporting RESTful API or SQL query standards can be used for integration with databases and APIs.

Synchronization Mechanisms

Trust IAP provides various user group synchronization mechanisms, including:

• Automatic Synchronization: Trust IAP can automatically synchronize user groups at a specified interval, ensuring that group membership information is up to date.
• On-Demand Synchronization: Trust IAP can synchronize user groups on demand, allowing you to update group membership information immediately after changes are made.
• Group Filtering: Trust IAP allows you to filter the user groups that will be synchronized, limiting synchronization to only the necessary groups.
• Attribute Transformation: Trust IAP allows you to transform user group attributes during synchronization, adapting group information to the requirements of applications protected by Trust IAP.

Benefits of User Group Synchronization

User group synchronization provides the following benefits:

• Simplified Access Management: Trust IAP allows you to manage access to applications based on group membership, simplifying the access management process and reducing the risk of configuration errors.
• Access Management Automation: Trust IAP automates the access management process, reducing the workload on IT specialists and increasing work efficiency.
• Enhanced Security: Trust IAP provides enhanced security by ensuring that users have access only to the applications and resources to which they have access rights.
• Compliance: Trust IAP helps organizations comply with regulatory requirements by providing controlled access to sensitive data.

Setting Up Single Sign-On (SSO)

Trust IAP supports single sign-on (SSO), allowing users to authenticate once and access all protected applications without having to re-enter their credentials. This greatly improves the user experience and increases work productivity.

Supported SSO Scenarios

Trust IAP supports the following SSO scenarios:

• SAML-based SSO: Trust IAP can use SAML to implement SSO, allowing users to authenticate through an existing IdP, such as Microsoft Azure AD, Okta, Ping Identity, and others, and access protected applications.
• OIDC-based SSO: Trust IAP can use OIDC to implement SSO, allowing users to authenticate through a modern cloud IdP and access protected applications.
• Kerberos-based SSO: Trust IAP can use Kerberos to implement SSO in Windows networks, allowing users to automatically authenticate to applications protected by Trust IAP without having to enter credentials.

Setting up SSO with Trust IAP

Setting up SSO with Trust IAP includes the following steps:

1. Configure Trust IAP as a Service Provider (SP): You need to configure Trust IAP as an SP in the IdP, providing it with information about Trust IAP, such as the URL of the claims service and the SP entity ID.
2. Configure the IdP in Trust IAP: You need to configure the IdP in Trust IAP, providing it with information about the IdP, such as the metadata URL and the signing certificate.
3. Configure Authorization Rules: You need to configure authorization rules in Trust IAP to determine which users and groups have access to which applications.
4. Test SSO: You need to test SSO to ensure that users can successfully authenticate and access protected applications.

Benefits of Setting Up SSO

Setting up SSO provides the following benefits:

• Improved User Experience: SSO allows users to authenticate once and access all protected applications without having to re-enter their credentials, which greatly improves the user experience.
• Increased Productivity: SSO increases productivity by eliminating the need to enter credentials multiple times.
• Improved Security: SSO improves security by reducing the number of places where credentials are stored and reducing the risk of their compromise.
• Simplified Password Management: SSO simplifies password management, as users only need to remember one password to access all applications.

Using Trust IAP with Microsoft Azure AD

Trust IAP easily integrates with Microsoft Azure AD, providing a comprehensive solution for access management to applications hosted in Azure or beyond. This allows you to use existing Azure AD accounts to authenticate users and manage access to applications protected by Trust IAP.

Integration with Azure AD Conditional Access

Trust IAP integrates with Azure AD Conditional Access, allowing you to apply conditional access policies to protect applications protected by Trust IAP. The integration is carried out through standard protocols, which ensures smooth compatibility. This allows, for example, to require multi-factor authentication for access to sensitive applications or to block access from certain locations. Additional information about Azure AD Conditional Access can be found in the official Microsoft documentation.

Benefits of Integration with Azure AD

Integration with Azure AD provides the following benefits:

• Use Existing Azure AD Accounts: Trust IAP allows you to use existing Azure AD accounts to authenticate users, simplifying the identity management process.
• Centralized Access Management: Trust IAP allows you to centrally manage access to applications hosted in Azure or beyond using Azure AD.
• Apply Conditional Access Policies: Trust IAP allows you to apply Azure AD conditional access policies to protect applications protected by Trust IAP.
• Improved Security: Trust IAP provides improved security by integrating with Azure AD Security Center and using its analytics to detect and prevent attacks.

Using Trust IAP with Okta

Trust IAP also easily integrates with Okta, providing a powerful solution for identity and access management to applications. This allows you to use existing Okta accounts to authenticate users and manage access to applications protected by Trust IAP.

Integration with Okta Adaptive MFA

Trust IAP integrates with Okta Adaptive MFA, allowing you to apply adaptive multi-factor authentication to protect applications protected by Trust IAP. The integration is based on OIDC and SAML standards, which allows you to adapt authentication requirements depending on the context. This allows, for example, to require multi-factor authentication only under certain conditions, such as access from an unfamiliar location or from an unusual device. Details on setting up Okta Adaptive MFA can be found in the Okta documentation.

Benefits of Integration with Okta

Integration with Okta provides the following benefits:

• Use Existing Okta Accounts: Trust IAP allows you to use existing Okta accounts to authenticate users, simplifying the identity management process.
• Centralized Access Management: Trust IAP allows you to centrally manage access to applications using Okta.
• Apply Adaptive Multi-Factor Authentication: Trust IAP allows you to apply Okta's adaptive multi-factor authentication to protect applications protected by Trust IAP.
• Improved Security: Trust IAP provides improved security by integrating with Okta ThreatInsight and using its analytics to detect and prevent attacks.

Conclusion

Trust IAP is a powerful and flexible solution for protecting applications and managing access that seamlessly integrates into modern IT infrastructures. Support for SAML, OIDC, and LDAP protocols, user group synchronization, and single sign-on (SSO) configuration allow organizations to increase security, simplify access management, and improve the user experience. Integration with Microsoft Azure AD and Okta extends the capabilities of Trust IAP and allows it to be used in cloud and hybrid environments.