MONET+ implemented authentication server CASE, including add-on modules for federated identity and Single-sign-on principles for web applications based on SAML protocols.
The client's requirements
Česká spořitelna’s security regulations required two-factor authentication for remote access to electronic services, including Google App cloud services. In order to enhance the log-in experience for users as well as to heighten security, the bank required the provider to:
Introduce a uniform log-in to the cloud services from within the domain’s network (a single sign-on - “SSO”) using the SAML open standard
Limit mobile device access to cloud services to only those controlled by Mobile Device Management (MDM) of ČSAS
Implement two-factor authentication via a solution based on digital certificates (PKI) or one-time passwords (OTP)
Facilitate log-in from mobile devices
The solution delivered
In 2014, MONET+ implemented the CASE authorization server, including additional modules for supporting a federation service model on the basis of the SAML protocol, these being necessary to facilitate SSO principles for web applications.
The CASE system features 2 authentication methods in ČS bank’s environments: SMS passwords and a mobile authentication app that can work online (acting as an authenticator without the need to overwrite codes) or offline (an OTP generator).
The mobile app was visually adapted and connected to the MDM system to permit PKI certificates to be distributed to end devices; the system pushes a local verification token when the user logs in from a mobile device (i.e. no other device can log in except the one managed by the organization through the MDM system).
The benefits delivered
The integrated authentication solution from MONET+ aided the implementation of strategic changes in the provision of IT services to end-users. The solution in place relied on strong security parameters, in addition to respecting the users’ needs for convenience and mode of operation. The ČS bank system enabled the full use of Google Apps, while also respecting the principles of secure and controlled access from end devices.
Typical to the projects and after-sale services by MONET+ are the conceptual design of the solution’s architecture and the integration of the solution. We continue to seek out new ways and proactive solutions for every job.