7 Replies Latest reply: Feb 21, 2013 3:27 PM by mike_cc RSS

    MWG and SAML/SSO?


      I am looking into SAML/SSO solutions for logging in to 3rd party/partner web sites.


      Does McAfee have anything or are there solutions that I can tie into MWG? Since all Internet traffic will be passing through the proxy, this seems to be where I would want to integrate SAML. If I'm incorrect or if there are better solutions, please let me know.




        • 1. Re: MWG and SAML/SSO?

          Hello Mike,


          Not currently.  McAfee does offer an SSO solution called McAfee Cloud Idenitty Manager, but isn't currently integrated with MWG. 

          • 2. Re: MWG and SAML/SSO?
            Sven Welschen

            One small correction. MCIm is the right tool for single sign on and even better, it does integrate with MWG. If you use authentication on MWG today, you can have seamless integration with MCIM.




            • 3. Re: MWG and SAML/SSO?

              Is MCIM cloud only?



              • 4. Re: MWG and SAML/SSO?

                Which cloud services do you want to integrate with?


                MCIM would typically sit in your corporate intranet or DMZ.   here is the product webpage.




                Here is a power-point slide I made that sort of summarizes one example of how MCIM is deployed.  The services listed are just examples since MCIM can integrate with hundreds of services.


                • 5. Re: MWG and SAML/SSO?

                  I need a solution for my constiuents that regularly access several and sometimes dozens of sites that all have their own username/password combinations - government sites, banking sites, partner sites, etc.



                  • 6. Re: MWG and SAML/SSO?

                    That is exactly the problem MCIM solves.  It depends on which sites you want to integrate with regarding the features.  For example, Box.net can do SAML authentication, so MCIM would give you complete control over the identity management.  Other sites such as this McAfee Community website don't do SAML, so you would need to use a generic HTTP Post connector, which means you cannot prevent users from using weak passwords, but they could still use MCIM as a convenience method for doing the authentication.  It's also a better solution than storing credentials in a browser, which is insecure.


                    Keep in mind that if you don't see a connector for the service you want to integrate with, it doesn't mean it isn't supported. MCIM can work seamlessly with any SAML 1.1 or 2.0 service provider. I've also integrated with Shiboleth services.  We can also work with most sites that do HTML forms based authentication.  The pre-built connectors just ease the deployment, but we are always adding connectors.  The last 2 releases have added over 100 connectors each.

                    • 7. Re: MWG and SAML/SSO?

                      Excellent. I'm downloading the eval now.


                      Thanks for your help.