The OutThink Command Centre is a secure on-line portal for managing your end-users, training campaigns, attack simulations, and interacting with analytics results and reporting. Only named and trusted administrators should be granted the rights to access the application.
OutThink can provision accounts for your administrators directly, and those named members of staff will receive an emailed invitation to set a secure password to log in to the application. Multi-factor authentication is also enabled by default, requiring a mobile device to which OutThink will send a verification code for each login.
However, instead of OutThink provisioning accounts directly in the system on a customers behalf, some customers have internal policies in place that require them to use their own corporate login – a process known as Single Sign On.
OutThink is built on the Microsoft Identity Platform, and configured and registered as a multi-tenant application with Microsoft Entra ID (Azure AD). This greatly facilitates enabling a single sign on experience with customers who also have Microsoft Entra ID in place.
Customers can securely Bring Their Own Identity to applications registered in a vendor or partner’s Entra ID Tenant. This completely dispenses with any need to setup a federation with a customers Identity Provider to achieve SSO.
With Microsoft Entra External ID (formerly Azure AD External Identities), you can allow people outside your organization to access your apps and resources, while letting them sign in using whatever identity they prefer. Your partners, distributors, suppliers, vendors, and other guest users can “bring their own identities.”…
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview
The external user’s identity provider manages their identity, and you manage access to your apps with Entra ID to keep your resources protected.
How it works
- OutThink will invite your administrators (“external users”) to OutThink’s dedicated Azure tenancy as guests, and will grant them the authorization rights to securely access the OutThink Command Centre SaaS application.
- An emailed invitation will land in your inbox from Microsoft, with a hyperlink to accept the invitation. Every application administrator who requires access to the OutThink Command Centre application will also receive this invitation.
- OutThink enforces a security policy in Azure, resulting in all access to our applications requiring a strictly enforced set of requirements from all connecting users, including Multi-Factor Authentication. When accepting the invitation, your users will be required to set-up or re-confirm their MFA settings.
- Depending on the configuration of your corporate Identity Provider, the invitation process may also request direct authorization from your IT Administrator, before allowing you to proceed.
- Finally, once successfully accepted, access to the Command Centre application is set-up and can be accessed via https://cc.outthink.io using the Sign in with Microsoft button. Authentication is controlled by your own corporate Microsoft Entra ID (Azure AD) and policy.
Requirements
For your organization to take advantage of this secure feature, one of the following must be true:
- You store your user profiles in Microsoft Entra ID (including Office365 and Dynamics CRM tenants).
- You have an on-premises Active Directory and are using Microsoft Entra Connect to synchronize the on-premises Active Directory with Microsoft Entra ID.
Multi-Factor Authentication (MFA) Always On
Your own security policy will mandate how and where your end users can authenticate via your corporate Microsoft Entra ID (Azure AD) Directory. OutThink do however enforce an access policy with Multi-Factor Authentication for every access to the OutThink Command Centre application.
Alternative SSO Solutions
For customers that do not have Microsoft Entra ID (Azure AD) but also wish to implement Single Sign On for your administrators via your Identity Provider, please refer to our support for SAML 2.0 here.
Was this helpful?
8 / 0