Your address will show here +12 34 56 78
2020 Blog, Blog, Featured

Nobody likes remembering credentials. They appear like exerting plenty of pressure on the memory. What is worse is many use identical username and password, no matter the application they are using. Single Sign-On (SSO) could be a method of authentication that permits websites to use other trustworthy sites to verify users. Single Sign-On allows a user to log into any independent application with one ID and password. Verification of user identity is very important when it involves knowing which permissions a user will have. OKTA is a leading IDAM application that our client uses for managing access that blends user identity management solutions with SSO solutions. SPECTRA, an analytical platform which is supported by open source technology has recently been on boarded for the client who is into publishing space. The client has integrated all their applications under one roof of IDAM (OKTA). SPECTRA also follows the same route.

What is SPECTRA?
SPECTRA is a Big Data Analytics platform from Relevance Lab, which has the ability to consume, store and process structured and unstructured data. It also can cleanse and integrate this data into one unique platform. It depicts data intelligently and presents it using an intuitive visualization layer so that business users can get actionable business insights across various parameters. Coupled with an OCR engine, it also provides Google-like search capabilities across legacy unstructured and structured data.


SAML
In the modern era of computing, security is an essential feature when it comes to enterprise applications. Security Assertion Markup Language (SAML) is used to provide a single point of authentication at a secure identity provider. This feature highlights that user credentials could not leave the firewall boundary. SAML is used to assert the identity to others.

SAML SSO works by transferring the user’s identity from one place (OKTA) to another service provider(SPECTRA). The application identifies the user’s origin (By First Name, Last Name & Network Email ID) and redirects the user back to the identity provider (OKTA), asking for authentication to enter the IdP registered credentials.

See the high level architectural diagram below.


Integrating with OKTA Idam Platform using SAML
Identity Provider (IdP) is an entity that provides the identities, including the flexibility to authenticate a user-agent. The Identity Provider also contains the additional user profile information like name, last name, job code, signal, address, and so on. Several service providers may require a simple user profile, while others may require a complex set of user data (job code, department, address, location, manager, etc).

See the diagram below which show Spectra and SAML Integration.


SAML Request, also referred to as an authentication request, is generated by the SPECTRA (Service Provider) to “request” an authentication through IdP to User-Agent. SAML Response is generated by the Identity Provider. It contains the accurate assertion of the authenticated user. Additionally, a SAML Response also contains additional information, like user profile information and group/role information, betting on what the Service Provider can support.

See the picture below which shows SAML Integration flow.


SPECTRA platform initiates sign-in describes the SAML sign-in flow when initiated by the Service Provider. This is triggered when the end-user tries to access a resource or log-in directly on the Service Provider side, like when the user-agent (browser) tries to access a protected resource on the Service Provider side.

An Identity Provider (Idp) initiates sign-in depicts the SAML sign-in request created by the Identity Provider. The Idp initiates a SAML Response that is redirected to the Service Provider to confirm the user’s identity, rather than the SAML flow being triggered by a redirection from the SPECTRA. The Service Provider not once directly interacts with the Identity Provider. User-Agent (browser) functions as the agent to carry out all the redirections. The Service Provider must know which Idp to pass on to the MySQL database. The Service Provider must authenticate the user until the SAML assertion comes back from the Idp.

An Identity Provider can initiate an authentication flow. The SAML authentication flow is asynchronous. The Service Provider interacts with Idp and redirects the request to the complete flow. This creates a situation where the Service Provider will not maintain any state of authentication requests. The response that Service Provider gets from an Identity Provider must contain all the required information. SPECTRA validate the OKTA user information in MySQL DB and transfer the assigned user roles in the application. User can view the assigned roles within the application.

SPECTRA, a product from Relevance Lab offers great flexibility as an analytical platform that has ability to consume, store and process structured and unstructured data. It can be integrated with various Identity Access Management platforms like OneLogin, AuthO, Ping Identity, etc using SAML.

For more details, please feel free to reach out to marketing@relevancelab.com



0

2020 Blog, Blog, Featured

With growing use of AWS Cloud across different industry segments for frictionless business, the use case of “Enabling Scientific Research” leveraging Cloud has unique benefits. Research is a very specialized field driven by a community of “Researchers” who want to focus on “Discovering Science than Servers”. Researchers day-to-day work requires processing data, collaborating online, and trying to maintain labs remotely. There is a need to democratize research computing so that everyone can use that easily.

Working closely with our AWS partners, Relevance Lab is creating an AWS “Research Workbench” powered by Intelligent Automation that can enable use of Cloud by Research Institutions and Researcher’s a frictionless manner.

Core functionality needed

  • Basic need of High End and Research focused enterprises to be able to leverage AWS products seamlessly for research oriented business needs.
  • Specialized roles – Principle Investigator, Researchers under one or many Research projects with different funding sources (Public and private).
  • Ability to collaborate with Intramural and Extramural researchers.
  • Specialized tools and software needs for an Analytics solution – AWS SageMaker, EMR, AI/ML, HPC, data security, secure Workspaces, large data sets sharing capability etc.
  • Need for proper AWS Management & Governance with the ability to manage Self-Service (ITSM or custom portals) based lifecycle management (Provisioning, Managing, De-provisioning of users and assets).
  • Proper cost and budget management and controls.

Additional challenges for Research Projects

  • Massive Volumes of Data.
  • Cross functional research teams.
  • Research data management with compliance and security considerations.
  • Leveraging new techniques of AI/ML, serverless computing, spot instances for HPC etc.

Scientific community has to adapt these challenges and AWS Cloud provides the platform for collaboration, on-demand resources and scale in a secure and compliant manner. Bringing together relevant AWS tools to create a bundle of Research Workbench makes this easier.

Catering to research needs special attention to the use-cases that may come up. For example a researcher may be working on a data science project using AWS Sagemaker notebooks and a large volume of research data in an S3 bucket. Given the sensitive nature of data, the access to the bucket may need to be secured within the organization and accessible only from within the specific network. Also a researcher may only need to access his own data and computing resources. We have developed a security model around the same which addresses such needs. The researchers can only access the resources from a Workspace created for them for that purpose.


To cater to the above the solution encompasses a “Research Portal” for user interactions and a specialized “Research Workbench” for collaborating on tools and data.

  • Research Portal – Managed with existing ITSM Self Service Portals like ServiceNow.
  • Research Workbench – Created by using AWS standard products, Service Catalog and Control Tower to enforce governance.

The above features allow creating and managing the lifecycle of a Research within an enterprise by leveraging investments in existing ITSM Portal and providing a seamless experience for AWS consumption. The solution leverages existing best practices of AWS Control services with Control Tower, Service Catalog, secure Access and automated provisioning/deprovisioning of resources. A critical part of such a Research Portal is proper cost management and tracking of research budgets and consumption against the same.

The following diagram explains the building blocks of a Research Workbench solution deployed with integration to ITSM Platforms like ServiceNow and using the AWS Service Management connector.


The reference deployment architecture using AWS Control Tower (CT) best practices is explained below. The access is controlled using AWS Simple AD and IAM roles.


The entire cycle of onboarding new researchers and provisioning assets for their research is automated using RLCatalyst BOTs solution with 1-Click deployment while still following the ITSM best practices as explained below.


Research Workbench Features
Following is a sample list of features planned (this is an indicative list only and not comprehensive)


Summary of Solution benefits
Based on the pre-built functionality of ServiceNow Self Service Portal, AWS standard products and our custom solutions are integrating the two platforms with a specialized research focussed use case. The following benefits includes:


  • Quick start solution targeting Academic and Research Institutions – New and existing AWS customers.
  • Existing customers with ITSM investments.
    • Using existing ITSM platforms (ServiceNow, Jira Service Desk, Freshservice).
  • Focusing on primarily “Built on AWS Solution” with standard products.
    • AWS Control Tower, Service Catalog, ITSM Connector, Sagemaker, Workspaces, EC2, S3, RDS, EMR etc.
  • Deployment options.
    • Per customer Research Solution deployment (using customer Cloud and ITSM resources).
    • Hosted solution offered to customers with (Managed Services based Cloud and ITSM platforms).
  • RLCatalyst leveraged Solution(Automation, Service Portal, Observability and Cost Governance) add-ons.
  • Pre-built solution to address 80-90% standard needs with scope of some customer specific customizations.
  • Ability to on-board new customer in 3-4 weeks based on pre-built offering with agility and low onboarding costs.

For a demo video please click here

For more details, please feel free to reach out to marketing@relevancelab.com



0