

Netflix dumps Exchange, other on-premise software in cloud-first strategy - jamesjyu
http://www.citeworld.com/cloud/22091/netflix-dumps-exchange-other-premise-software-cloud-first-strategy

======
Cowen
Might want to edit the title. This article really isn't about Netflix using
GMail.

It's about Netflix's use of OneLogin and SAML to manage single sign-on for
their corporate cloud apps. That umbrella includes Google Apps like GMail, but
it also includes apps like "Dropbox, Docusign, Workday, Safari Books, SD
Elements, ServiceNow."

Single sign-on is a downright essential feature for a lot of B2B cloud apps.
Asking corporate users to constantly log in to a loads of different cloud apps
is a fast way to make sure that most of those apps don't get used. It's only
natural that a service like OneLogin would come around to help companies
manage single sign-on.

~~~
justizin
Disclaimer: I work for OneLogin, but do not speak for OneLogin. :)

\--

For sure. It's no coincidence that before recently moving to OneLogin from a
short-term contract at Gap corporate, my biggest pain at work was getting
access to do my job.

I think it took a week of onboarding to get on WiFi and in the ticketing
system. I worked at Gap for six weeks (everything but the systems are pretty
cush). The entire time I had an insecure password set by a network
administrator because the password reset form was broken.

I had access to my Gap Exchange account for nearly two months after I left -
longer than I worked there.

Perimeter-based security typically leads to a situation where the people who
need to get their job done can't conveniently, but anyone with half a
cluestick can waltz in.

------
dman
The story appears to be a paid piece for OneLogIn.

------
stephengillie
Odd that they're dumping Exchange for SSO-related reasons, as " _... Microsoft
is now getting into the game. It recently announced that its customers, using
certain Microsoft products and services, will be able to manage passwords for
third party cloud apps through Active Directory._ " From the 2nd page.

~~~
EvanAnderson
Active Directory Federation Services (ADFS) can be used as a SAML 2.0 Identity
Provider (iDP). This goes back to the introduction of ADFS in Windows Server
2003 R2.

~~~
justizin
In this case, they were probably using AD just because of Exchange, so if you
want to ditch Exchange for Gmail, it's an odd choice to use AD as your
identity provider, esp if you're a company known for wanting as little on-
premise IT as possible.

~~~
EvanAnderson
I would guess that they're using Active Directory because they have Windows
PCs to manage. AD, arguably, provides a _lot_ of value if you have any
quantity of Windows-based PCs that you want to manage centrally.

I haven't seen any compelling third-party hosted offering to replace the SSO
and Group Policy functionality in Windows client OS's that AD enables. Maybe
when Samba4 reaches maturity that will change.

------
conexions
Anyone know of any good tutorials on setting up a SAML ID Provider or
integrating SAML into a website?

~~~
anotherperson55
If you are using Ruby or Rails, there is a toolkit for integrating saml
[https://github.com/onelogin/ruby-saml](https://github.com/onelogin/ruby-saml)

