Authentication-as-a-Service Simplifies Single Sign-on and Access Controls


The cloud delivers many business benefits, including the ability to preserve capital, offload many IT operational tasks, implement new applications and services quickly, and tap into IT resources that might not otherwise be affordable. Thanks to these benefits, organizations are moving to the cloud in a big way. According to the RightScale 2017 State of the Cloud Report, the average organization is using 1.8 public clouds while experimenting with 1.8 more, and leveraging 2.3 private clouds while experimenting with 2.1 more.

In a previous post, we discussed the importance of a centralized approach to identity and access management (IAM) when moving to the cloud. Without it, IT will not be able to keep up with the maintenance of user credentials, access controls, and policies. However, organizations also need to consider the end-user when implementing a cloud IAM platform. Employees, customers, partners, and other authorized users need streamlined access to multiple cloud-based resources.

In the on-premises IT environment, many organizations have implemented single sign-on (SSO) systems that eliminate the need for users to enter credentials to access each resource. SSO enables users to authenticate through one mechanism that automatically logs them in to all the resources they are entitled to access.

Authentication-as-a-Service (AaaS) is an increasingly popular means of implementing SSO services. As the name implies, AaaS is a cloud-based solution that eliminates the need to purchase, install, and maintain an onsite SSO solution. It brings the benefits of the cloud to SSO and access controls, providing the ability to define and enforce policies and incorporate authentication services into business applications.

An AaaS solution should incorporate multiple standards-based authentication mechanisms, including Lightweight Directory Access Protocol (LDAP), SSH, and Security Assertion Markup Language (SAML). It should also allow IT and development teams to use RESTful APIs to deliver and manage authentication services for internal and external users, and support multifactor authentication based on biometrics, hardware or software tokens, or context.

RSA recently announced that its SecurID Access platform has an AaaS option. The RSA Cloud Authentication Service consists of four main components:

  • Cloud-based software that performs real-time authentication
  • An on-premises identity router that connects to an identity source and enforces access policies
  • A hosted administration console for performing setup and management tasks
  • The SecureID Authenticate App that runs on user devices.

The RSA Cloud Authentication Service uses a dynamic risk-scoring technology to deliver convenient and secure access to on-premises and cloud-based resources. It validates the legitimacy of access attempts by dynamically evaluating a significant number of user characteristics, including role, location, IP address, device type, and time of attempted login.

The solution then makes real-time authentication decisions by correlating and analyzing this data, along with the risk associated with the asset the user is trying to access. Leveraging dynamic risk analytics at the time access is requested helps ensure assets are protected while asking users to step up authentication only when the situation appears risky.

AaaS shifts the complexity of maintaining authentication services to a cloud provider while making it less complicated for users to access on-premises and cloud resources. Let us show you how the RSA Cloud Authentication Service can help you prevent identity-based attacks while meeting the demand for user convenience.


For more information about Authentication-as-a-Service, please send us an email at (

Leave a Comment