News Stay informed about the latest enterprise technology news and product updates.

Intel Cloud SSO lets IT manage SaaS apps

Intel is the latest company to jump into the Identity as a Service space with the launch of Cloud SSO, built on’s platform.

Intel, best known for manufacturing computer chipsets, entered the Identity as a Service space this week with software that provides a way to secure employee access to SaaS apps.

The new cloud-based offering, Intel Cloud SSO, is the first product to come from Intel Corp.’s 2011 McAfee acquisition, and it is built on, Inc.’s platform.

Active Directory is no longer sufficient for managing identity.

Andy Thurai,
Intel CTO

The capabilities in Cloud SSO appear useful, but its integration limitations will keep  Intel’s platform out of organizations, IT pros said. In addition, the Identity as a Service market is a nascent and may take years to gain traction in the enterprise, said Steve Coplan, an analyst at 451 Research, an IT research firm based in New York.

Intel Cloud SSO capabilities

Cloud SSO provides IT with management tools and visibility into what’s happening at the intersection of cloud storage and Software as a Service (SaaS) applications, said Jeff Sussna, founder of Ingineering.IT, an IT consulting agency based in St. Paul, Minn.

“A system that can blend internal and external access controls with the private and public cloud can be really powerful,” he said.  

Intel Cloud SSO provides a single sign-on (SSO) authentication portal to businesses’ cloud applications, such as ADP Payroll Services, Dropbox, Microsoft Office 365 and SugarCRM. It also provides a dashboard that administrators can use to provision user applications, either individually or based on pre-defined groups

IT can restrict and prioritize SaaS apps and block app use on specific devices, at certain times or days of the week, or by IP addresses.

Users provide an initial authentication, and Cloud SSO takes care of the secondary authentication for the various SaaS apps, which are available to users in a dashboard console.

An employee connected to the corporate network has automatic authentication to use their provisioned SaaS apps, just as they would on a standard Windows desktop. If users work remotely, they can access applications through a browser, said Andy Thurai, Intel’s chief technology officer of application security and identity products.

“The nature of the beast for SaaS apps in the cloud is different because most times, the enterprise isn’t in control of them,” Thurai said. “Active Directory is no longer sufficient for managing identity.”

Meanwhile, Citrix Systems Inc., VMware Inc. and the cloud computing startup, Okta, offer similar competitive products that do integrate with Active Directory.  

Cloud SSO limitations

Enterprises that want to integrate Cloud SSO with on-premises identity tools, such as Active Directory and Lightweight Directory Access Protocol, have to install what Intel called an “identity bridge” client, which is deployed to on-premises servers.

Installing the client can be a problem for many companies. New York-based alcohol distributor Castle Brands Inc. uses Active Directory to provision employees and set up group policies, so any service that IT wants to move to the cloud has to integrate with Active Directory, said Andre Preoteasa, the company’s director of IT.

Active Directory works well, so there’s no reason to replace it with something in the cloud, Preoteasa said.

“If my Active Directory could be accessed by cloud services,” without any sort of middleman client, “that would be ideal,” he added.

Additionally, Cloud SSO doesn’t integrate with enterprise legacy applications. It strictly provides IT better management and visibility for external SaaS apps, Intel said.

The other issue with Cloud SSO has to do with application program interface connectors for the thousands of available SaaS apps IT may need to support, Coplan said. For example,’s platform and Cloud SSO rely on Security Assertion Markup Language (SAML) and OAuth for the secondary authentication between applications.

More on SaaS apps

SaaS applications help Bosley consolidate apps, cut maintenance costs

The reinvention of SaaS

SaaS dominates the cloud

Identity as a Service tools offer IT pros control over BYOD, cloud

“The problem is, not every SaaS app supports SAML or OAuth,” Coplan said.

The platform integrates with a large number of SaaS apps, but there are “20,000 other Internet apps [the platform] doesn’t integrate with,” Sussna said. 

It would be tough to convince end users that they should only use the Cloud SSO services provisioned by IT, because after all, “IT can’t block the Internet,” he said.

Cloud SSO has a starting price of $5 per user per month, which includes an unlimited number of applications and 24-hour support. Volume discounts are available.

Let us know what you think about the story; email James Furbush or follow @JamesFurbush on Twitter. Like on Facebook.

Dig Deeper on Enterprise mobile app strategy

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Is Active Directory still sufficient for identity management?
kerberos still pretty strong in providing security at the network-access level.
the only problem i see is we may not be able to use AD autherntication in hybrid cloud where AD is inside your org and needs to access Public CLoud
We use it today for SaaS apps. Not sure why we would throw it away for something unproven.
it does what it needs to do and does it well
AD is limited in a heterogeneous environment to manage the IdM of Main Frames, Unix, Linux, MACs, etc. As organizations move to multi factor authentication there are more robust solutions than AD.
Active directory attributes are sufficient,but required more in default….
No, more is required.
Yes, for administrative purposes,its more than enough. Why do we need more complex structure when it can be done in simple ways!
Microsoft AD was never sufficient for ID in enterprise , heterogeneous environments.
Cloud is very complex… As it is Windows is vulnerable to various attcks,I personally feel that we need more than AD.
An internal AD with ADFS is sufficient
Only in a MS world
because its not integrated with facebook and linkedin
if done properly, and rule of least access is enforced then yes...
It all depends on what you are trying to protect,
in a more generic environment, a well designed and managed AD is still sufficient for identity management.
cmon... how could something so proprietary close be sufficient?..
AD only gives solutions in a Windows centric world; the world has changed. Broader, cloud ready identity management is required for the future