Cross Identity Secure Web Authentication (SWA)

SWA is a form of authentication that provides SSO support for applications that do not support any federated sign-on methods. Users can enter their credentials for SWA applications on the respective login page.

If you either have an enabled or not enabled SWA for an application, the end user can go to the Launchpad> Application menu option and set up the credential for that application. Also, you can go to the Manage Credentials menu option to either update or delete the credentials. CI stores the end user's credentials in an encrypted format combined with a customer-specific private key. When an end user clicks on an application icon, CI securely posts their credentials to the app login page over SSL and the user is automatically signed in and the process is called credential replay.
 You can set up SWA to achieve the following functionalities:

• User self-registration (User sets username and password)
  This option enables users to select their usernames and passwords while registering themselves. CI allows end-users to leverage the password feature to generate a strong random password. Users must be allowed to enter the credentials when the application is either newly assigned, removed or reassigned.
• Admin sets user credentials
  The option allows an admin to set all usernames and passwords for an application instance, after which the credentials are never exposed to their CI end-users. This option enables you to restrict user access to the credentials of sensitive apps. Also, this option allows you to have a single application license or a single application account that will be shared by multiple people in your organization.
• Admin sets username, the user sets the password
   This option allows the admin to set up the app instance accounts on behalf of the users, while still allowing users to set and change their app password, which is separate from their CI password.
• Admin sets the username and uses the user's CI password
  This option allows the admin to set up the app instance accounts for users and leverage their existing CI passwords. To achieve this, the admin needs to add the user accounts to the onboarded application and then associate the username through provisioning. Subsequently, users can access the integration without being prompted for a username or password.

Secure Web Access - Agent in the target application

CI SWA ensures that users cannot access the application (which is integrated as a WEB application in CI) unless they have successfully authenticated CI. To achieve this, CI provides the Web Application Gateway method.

Application Gateway is software that enables you to integrate applications hosted either in cloud infrastructure or in an on-premises server with CI for authentication purposes.

Application Gateway acts as a reverse proxy protecting web applications by restricting unauthorized network access to them. It intercepts any HTTP request to such applications and ensures that the users are authenticated with the CI before forwarding the request to the application.

If the user is not authenticated with the CI, Application Gateway redirects the user to the CI Sign-In page for validation.